🧪 Skills
Create New Openclaw Instance on GCP VM
Deploy and configure an OpenClaw instance on a GCP VM with Tailscale networking, Brave Search integration, and secure credential handling.
v1.0.0
Description
OpenClaw Cloud Setup Skill
Deploy OpenClaw to GCP with Tailscale and Brave Search.
Required Environment Variables
export OPENCLAW_PROJECT_ID="your-gcp-project"
export OPENCLAW_USERNAME="your-ssh-username"
export ANTHROPIC_TOKEN="sk-ant-oat01-..." # Keep secret
export BRAVE_API_KEY="..." # Keep secret
Quick Start
chmod +x openclaw-quick-setup.sh
./openclaw-quick-setup.sh
Manual Setup (Copy-Paste)
# Set variables first (see above)
ZONE="us-central1-a"
VM="openclaw"
# Create VM
gcloud compute instances create "$VM" \
--project="$OPENCLAW_PROJECT_ID" --zone="$ZONE" \
--machine-type=e2-medium \
--image-family=debian-12 --image-project=debian-cloud \
--boot-disk-size=10GB \
--metadata=ssh-keys="${OPENCLAW_USERNAME}:$(cat ~/.ssh/id_ed25519.pub)"
IP=$(gcloud compute instances describe "$VM" \
--project="$OPENCLAW_PROJECT_ID" --zone="$ZONE" \
--format='get(networkInterfaces[0].accessConfigs[0].natIP)')
# Wait for SSH, then run setup
sleep 30
ssh -o StrictHostKeyChecking=no "${OPENCLAW_USERNAME}@${IP}" "
set -euo pipefail
sudo apt-get update && sudo apt-get install -y git curl ufw jq
curl -fsSL https://tailscale.com/install.sh | sh
"
# Manual: authorize Tailscale
ssh "${OPENCLAW_USERNAME}@${IP}" "sudo tailscale up"
# Continue setup
ssh "${OPENCLAW_USERNAME}@${IP}" "
set -euo pipefail
sudo ufw allow 22/tcp && sudo ufw allow in on tailscale0 && echo y | sudo ufw enable
echo 'nameserver 8.8.8.8' | sudo tee -a /etc/resolv.conf
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash
source ~/.nvm/nvm.sh && nvm install 22
source ~/.nvm/nvm.sh && npm install -g openclaw@latest
"
# Configure OpenClaw (credentials via stdin)
ssh "${OPENCLAW_USERNAME}@${IP}" '
source ~/.nvm/nvm.sh
openclaw onboard --non-interactive --accept-risk \
--auth-choice token --token-provider anthropic \
--token "$(cat)" --gateway-bind loopback --install-daemon
' <<< "$ANTHROPIC_TOKEN"
# Add Brave key + enable Tailscale auth
ssh "${OPENCLAW_USERNAME}@${IP}" "
set -euo pipefail
mkdir -p ~/.config/systemd/user/openclaw-gateway.service.d
cat > ~/.config/systemd/user/openclaw-gateway.service.d/brave.conf << CONF
[Service]
Environment=\"BRAVE_API_KEY=\$(cat)\"
CONF
chmod 600 ~/.config/systemd/user/openclaw-gateway.service.d/brave.conf
systemctl --user daemon-reload
source ~/.nvm/nvm.sh
jq '.gateway.auth.allowTailscale = true' ~/.openclaw/openclaw.json > /tmp/oc.json
mv /tmp/oc.json ~/.openclaw/openclaw.json
chmod 600 ~/.openclaw/openclaw.json
openclaw gateway restart
sudo tailscale serve --bg 18789
" <<< "$BRAVE_API_KEY"
# Get dashboard URL
ssh "${OPENCLAW_USERNAME}@${IP}" "tailscale serve status"
# After first browser access, approve device
ssh "${OPENCLAW_USERNAME}@${IP}" 'source ~/.nvm/nvm.sh && openclaw devices list'
# Then: openclaw devices approve <REQUEST_ID>
Key Learnings
| Issue | Solution |
|---|---|
| e2-micro OOM | Use e2-medium (4GB minimum) |
| nodesource failures | Use nvm for Node.js 22 |
| DNS broken after Tailscale | Add 8.8.8.8 to /etc/resolv.conf |
| Brave key in config rejected | Use systemd env var drop-in |
| Dashboard "pairing required" | Run openclaw devices approve <id> |
Security Notes
- Credentials passed via stdin (
<<<), not command-line args - Config files set to
chmod 600 - Gateway binds to loopback, exposed only via Tailscale
- UFW blocks all inbound except SSH and Tailscale
Reviews (0)
Sign in to write a review.
No reviews yet. Be the first to review!
Comments (0)
No comments yet. Be the first to share your thoughts!