Initial commit — OpenClaw VM infrastructure

- ansible/: VM provisioning playbooks and roles - provision-vm.yml: create KVM VM from Ubuntu cloud image - install.yml: install OpenClaw on guest (upstream) - customize.yml: swappiness, virtiofs fstab, linger - roles/vm/: libvirt domain XML, cloud-init templates - inventory.yml + host_vars/zap.yml: zap instance config - backup-openclaw-vm.sh: daily rsync + MinIO upload - restore-openclaw-vm.sh: full redeploy from scratch - README.md: full operational documentation Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-12 12:18:31 -07:00
commit aceeb7b542
71 changed files with 7840 additions and 0 deletions
--- a/ansible/roles/openclaw/tasks/tailscale-linux.yml
+++ b/ansible/roles/openclaw/tasks/tailscale-linux.yml
@@ -0,0 +1,61 @@
+---
+# Linux-specific Tailscale installation (Debian/Ubuntu)
+
+- name: Add Tailscale GPG key
+  ansible.builtin.shell:
+    cmd: |
+      set -o pipefail
+      DIST="{{ ansible_distribution | lower }}"
+      RELEASE="{{ ansible_distribution_release }}"
+      curl -fsSL "https://pkgs.tailscale.com/stable/${DIST}/${RELEASE}.noarmor.gpg" | \
+        tee /usr/share/keyrings/tailscale-archive-keyring.gpg > /dev/null
+    creates: /usr/share/keyrings/tailscale-archive-keyring.gpg
+    executable: /bin/bash
+
+- name: Add Tailscale repository
+  ansible.builtin.shell:
+    cmd: |
+      set -o pipefail
+      DIST="{{ ansible_distribution | lower }}"
+      RELEASE="{{ ansible_distribution_release }}"
+      curl -fsSL "https://pkgs.tailscale.com/stable/${DIST}/${RELEASE}.tailscale-keyring.list" | \
+        tee /etc/apt/sources.list.d/tailscale.list > /dev/null
+    creates: /etc/apt/sources.list.d/tailscale.list
+    executable: /bin/bash
+
+- name: Update apt cache after adding Tailscale repo
+  ansible.builtin.apt:
+    update_cache: true
+
+- name: Install Tailscale
+  ansible.builtin.apt:
+    name: tailscale
+    state: present
+
+- name: Enable Tailscale service (Linux)
+  ansible.builtin.systemd:
+    name: tailscaled
+    enabled: true
+    state: started
+
+- name: Check if Tailscale is already connected (Linux)
+  ansible.builtin.command: tailscale status --json
+  register: tailscale_status_linux
+  changed_when: false
+  failed_when: false
+
+- name: Display Tailscale auth URL if not connected (Linux)
+  ansible.builtin.debug:
+    msg:
+      - "============================================"
+      - "Tailscale installed but not connected yet"
+      - "============================================"
+      - ""
+      - "To connect this machine to your Tailnet:"
+      - "Run: sudo tailscale up"
+      - ""
+      - "For unattended installation, use an auth key:"
+      - "sudo tailscale up --authkey tskey-auth-xxxxx"
+      - ""
+      - "Get auth key from: https://login.tailscale.com/admin/settings/keys"
+  when: tailscale_status_linux.rc != 0