HA add-on: configurable gateway bind/port/token (LAN Control UI)

This commit is contained in:
TheLast
2026-01-27 23:08:46 +02:00
parent f84f6f8b18
commit 5fb67b0f19
2 changed files with 33 additions and 1 deletions
+22 -1
View File
@@ -13,6 +13,9 @@ BOT_TOKEN=$(jq -r '.telegram_bot_token // empty' "$OPTIONS_FILE")
TZNAME=$(jq -r '.timezone // "Europe/Sofia"' "$OPTIONS_FILE")
ALLOW_FROM_RAW=$(jq -r '.telegram_allow_from // empty' "$OPTIONS_FILE")
MODEL_PRIMARY=$(jq -r '.model_primary // "openai-codex/gpt-5.2"' "$OPTIONS_FILE")
GW_BIND=$(jq -r '.gateway_bind // "loopback"' "$OPTIONS_FILE")
GW_PORT=$(jq -r '.gateway_port // 18789' "$OPTIONS_FILE")
GW_TOKEN=$(jq -r '.gateway_token // empty' "$OPTIONS_FILE")
HA_TOKEN=$(jq -r '.homeassistant_token // empty' "$OPTIONS_FILE")
MT_HOST=$(jq -r '.mikrotik_host // "192.168.88.1"' "$OPTIONS_FILE")
MT_USER=$(jq -r '.mikrotik_ssh_user // "papur"' "$OPTIONS_FILE")
@@ -48,9 +51,26 @@ if [ -n "$ALLOW_FROM_RAW" ]; then
fi
# Write Clawdbot gateway config (JSON5) into the expected location.
# Validate gateway exposure settings
if [ "$GW_BIND" = "lan" ] && [ -z "$GW_TOKEN" ]; then
echo "ERROR: gateway_bind=lan requires gateway_token to be set (do not expose an unauthenticated gateway)."
exit 1
fi
GW_AUTH_BLOCK="auth: { mode: \"token\", token: \"${GW_TOKEN}\" }"
if [ -z "$GW_TOKEN" ]; then
# Let doctor generate one (loopback-only is still protected by local access)
GW_AUTH_BLOCK="auth: { mode: \"token\" }"
fi
cat > /data/.clawdbot/clawdbot.json <<EOF
{
gateway: { mode: "local" },
gateway: {
mode: "local",
bind: "${GW_BIND}",
port: ${GW_PORT},
${GW_AUTH_BLOCK}
},
agents: {
defaults: {
workspace: "/data/clawd",
@@ -75,6 +95,7 @@ cat > /data/.clawdbot/clawdbot.json <<EOF
EOF
echo "Model primary=${MODEL_PRIMARY}"
echo "Gateway bind=${GW_BIND} port=${GW_PORT} token=${GW_TOKEN:+(set)}${GW_TOKEN:-(auto)}"
echo "Telegram dmPolicy=${DM_POLICY}${ALLOW_FROM_RAW:+ (allowFrom=${ALLOW_FROM_RAW})}"
echo "Telegram allowFrom JSON: ${ALLOW_FROM_JSON:-<none>}"