{"skill":{"slug":"create-new-openclaw-in-gcp","displayName":"Create New Openclaw Instance on GCP VM","summary":"Deploy and configure an OpenClaw instance on a GCP VM with Tailscale networking, Brave Search integration, and secure credential handling.","description":"# OpenClaw Cloud Setup Skill\n\nDeploy OpenClaw to GCP with Tailscale and Brave Search.\n\n## Required Environment Variables\n\n```bash\nexport OPENCLAW_PROJECT_ID=\"your-gcp-project\"\nexport OPENCLAW_USERNAME=\"your-ssh-username\"\nexport ANTHROPIC_TOKEN=\"sk-ant-oat01-...\"   # Keep secret\nexport BRAVE_API_KEY=\"...\"                   # Keep secret\n```\n\n## Quick Start\n\n```bash\nchmod +x openclaw-quick-setup.sh\n./openclaw-quick-setup.sh\n```\n\n## Manual Setup (Copy-Paste)\n\n```bash\n# Set variables first (see above)\nZONE=\"us-central1-a\"\nVM=\"openclaw\"\n\n# Create VM\ngcloud compute instances create \"$VM\" \\\n  --project=\"$OPENCLAW_PROJECT_ID\" --zone=\"$ZONE\" \\\n  --machine-type=e2-medium \\\n  --image-family=debian-12 --image-project=debian-cloud \\\n  --boot-disk-size=10GB \\\n  --metadata=ssh-keys=\"${OPENCLAW_USERNAME}:$(cat ~/.ssh/id_ed25519.pub)\"\n\nIP=$(gcloud compute instances describe \"$VM\" \\\n  --project=\"$OPENCLAW_PROJECT_ID\" --zone=\"$ZONE\" \\\n  --format='get(networkInterfaces[0].accessConfigs[0].natIP)')\n\n# Wait for SSH, then run setup\nsleep 30\nssh -o StrictHostKeyChecking=no \"${OPENCLAW_USERNAME}@${IP}\" \"\nset -euo pipefail\nsudo apt-get update && sudo apt-get install -y git curl ufw jq\ncurl -fsSL https://tailscale.com/install.sh | sh\n\"\n\n# Manual: authorize Tailscale\nssh \"${OPENCLAW_USERNAME}@${IP}\" \"sudo tailscale up\"\n\n# Continue setup\nssh \"${OPENCLAW_USERNAME}@${IP}\" \"\nset -euo pipefail\nsudo ufw allow 22/tcp && sudo ufw allow in on tailscale0 && echo y | sudo ufw enable\necho 'nameserver 8.8.8.8' | sudo tee -a /etc/resolv.conf\ncurl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash\nsource ~/.nvm/nvm.sh && nvm install 22\nsource ~/.nvm/nvm.sh && npm install -g openclaw@latest\n\"\n\n# Configure OpenClaw (credentials via stdin)\nssh \"${OPENCLAW_USERNAME}@${IP}\" '\nsource ~/.nvm/nvm.sh\nopenclaw onboard --non-interactive --accept-risk \\\n  --auth-choice token --token-provider anthropic \\\n  --token \"$(cat)\" --gateway-bind loopback --install-daemon\n' <<< \"$ANTHROPIC_TOKEN\"\n\n# Add Brave key + enable Tailscale auth\nssh \"${OPENCLAW_USERNAME}@${IP}\" \"\nset -euo pipefail\nmkdir -p ~/.config/systemd/user/openclaw-gateway.service.d\ncat > ~/.config/systemd/user/openclaw-gateway.service.d/brave.conf << CONF\n[Service]\nEnvironment=\\\"BRAVE_API_KEY=\\$(cat)\\\"\nCONF\nchmod 600 ~/.config/systemd/user/openclaw-gateway.service.d/brave.conf\nsystemctl --user daemon-reload\nsource ~/.nvm/nvm.sh\njq '.gateway.auth.allowTailscale = true' ~/.openclaw/openclaw.json > /tmp/oc.json\nmv /tmp/oc.json ~/.openclaw/openclaw.json\nchmod 600 ~/.openclaw/openclaw.json\nopenclaw gateway restart\nsudo tailscale serve --bg 18789\n\" <<< \"$BRAVE_API_KEY\"\n\n# Get dashboard URL\nssh \"${OPENCLAW_USERNAME}@${IP}\" \"tailscale serve status\"\n\n# After first browser access, approve device\nssh \"${OPENCLAW_USERNAME}@${IP}\" 'source ~/.nvm/nvm.sh && openclaw devices list'\n# Then: openclaw devices approve <REQUEST_ID>\n```\n\n## Key Learnings\n\n| Issue | Solution |\n|-------|----------|\n| e2-micro OOM | Use e2-medium (4GB minimum) |\n| nodesource failures | Use nvm for Node.js 22 |\n| DNS broken after Tailscale | Add `8.8.8.8` to /etc/resolv.conf |\n| Brave key in config rejected | Use systemd env var drop-in |\n| Dashboard \"pairing required\" | Run `openclaw devices approve <id>` |\n\n## Security Notes\n\n- Credentials passed via stdin (`<<<`), not command-line args\n- Config files set to `chmod 600`\n- Gateway binds to loopback, exposed only via Tailscale\n- UFW blocks all inbound except SSH and Tailscale\n","topics":["Deploy"],"tags":{"latest":"1.0.0"},"stats":{"comments":0,"downloads":2827,"installsAllTime":107,"installsCurrent":6,"stars":1,"versions":1},"createdAt":1770172719376,"updatedAt":1779076568656},"latestVersion":{"version":"1.0.0","createdAt":1770172719376,"changelog":"Initial release: Deploy OpenClaw to Google Cloud Platform with integrated Tailscale access and Brave Search.\n\n- Provides quick-setup script and full manual setup instructions.\n- Securely handles credentials and configuration using stdin and restricted file permissions.\n- Installs and configures all required software including Tailscale and OpenClaw gateway.\n- Enables Tailscale network access and Brave API integration via systemd environment.\n- Guides for troubleshooting known setup issues and enforcing secure access.","license":null},"metadata":null,"owner":{"handle":"divide-by-0","userId":"s17fjs3618k5x6wftrvr59xb5d884vvp","displayName":"Divide-By-0","image":"https://avatars.githubusercontent.com/u/4804438?v=4"},"moderation":null}