116 lines
5.5 KiB
YAML
116 lines
5.5 KiB
YAML
configuration:
|
|
timezone:
|
|
name: Timezone
|
|
description: Timezone for the add-on (e.g., Europe/Sofia, America/New_York)
|
|
|
|
enable_terminal:
|
|
name: Enable Web Terminal
|
|
description: Enable web terminal Button inside Home Assistant (Ingress) via ttyd
|
|
|
|
terminal_port:
|
|
name: Terminal Port
|
|
description: Port number for the web terminal (default - 7681). Change if this port conflicts with another service.
|
|
|
|
gateway_public_url:
|
|
name: Gateway Public URL
|
|
description: Public base URL for opening the Gateway Web UI in a new tab (not embedded). Example - https://example.duckdns.org:12345 or http://192.168.1.10:18789
|
|
|
|
homeassistant_token:
|
|
name: Home Assistant Token
|
|
description: Optional - Home Assistant long-lived token for local HA API scripts/tools
|
|
|
|
http_proxy:
|
|
name: Outbound HTTP Proxy
|
|
description: Optional - Proxy URL for outbound HTTP/HTTPS requests (example - http://192.168.2.1:3128)
|
|
|
|
router_ssh_host:
|
|
name: Router SSH Host
|
|
description: Optional - Router/firewall SSH hostname or IP address
|
|
|
|
router_ssh_user:
|
|
name: Router SSH User
|
|
description: Optional - Router/firewall SSH username
|
|
|
|
router_ssh_key_path:
|
|
name: Router SSH Key Path
|
|
description: Path to SSH private key for router access (default - /data/keys/router_ssh)
|
|
|
|
clean_session_locks_on_start:
|
|
name: Clean Session Locks on Start
|
|
description: Cleanup stale session lock files left after crashes/restarts when add-on starts
|
|
|
|
clean_session_locks_on_exit:
|
|
name: Clean Session Locks on Exit
|
|
description: Cleanup session lock files when add-on stops gracefully
|
|
|
|
gateway_mode:
|
|
name: Gateway Mode
|
|
description: Gateway operation mode - local (run gateway locally, recommended) or remote (connect to a remote gateway)
|
|
options:
|
|
local: "Local (recommended)"
|
|
remote: "Remote"
|
|
|
|
gateway_remote_url:
|
|
name: Remote Gateway URL
|
|
description: Remote gateway WebSocket URL used when Gateway Mode is Remote (example - ws://192.168.1.20:18789 or wss://gateway.example.com:443)
|
|
|
|
gateway_additional_allowed_origins:
|
|
name: Additional Allowed Origins
|
|
description: Comma-separated extra Control UI origins to merge into gateway.controlUi.allowedOrigins in lan_https mode (example - https://ha.example.com:8443,capacitor://localhost)
|
|
|
|
controlui_disable_device_auth:
|
|
name: Disable Control UI Device Pairing (lan_https)
|
|
description: "When ON (recommended), sets gateway.controlUi.dangerouslyDisableDeviceAuth=true to skip per-device approval and avoid error 1008 in LAN HTTPS mode. Keep ON for home/trusted LAN. Turn OFF only when you want strict per-device pairing prompts on every new browser/device."
|
|
|
|
gateway_bind_mode:
|
|
name: Gateway Bind Mode
|
|
description: Network bind mode - loopback (127.0.0.1 only, most secure), lan (all interfaces), or tailnet (Tailscale interface only). Overridden by access_mode presets.
|
|
options:
|
|
loopback: "Loopback (127.0.0.1 only, most secure)"
|
|
lan: "LAN (all interfaces)"
|
|
tailnet: "Tailnet (Tailscale only)"
|
|
|
|
gateway_port:
|
|
name: Gateway Port
|
|
description: Port number for the OpenClaw gateway to listen on (default - 18789)
|
|
|
|
access_mode:
|
|
name: Access Mode
|
|
description: "Simplifies secure access setup. Overrides gateway_bind_mode and gateway_auth_mode when not set to Custom."
|
|
options:
|
|
custom: "Custom (use individual settings)"
|
|
local_only: "Local Only (loopback + token, Ingress only)"
|
|
lan_https: "LAN HTTPS (built-in HTTPS proxy — recommended for phones)"
|
|
lan_reverse_proxy: "LAN Reverse Proxy (external proxy with trusted-proxy auth)"
|
|
tailnet_https: "Tailscale HTTPS (Tailscale bind + token)"
|
|
|
|
gateway_auth_mode:
|
|
name: Gateway Auth Mode
|
|
description: Gateway auth mode - token (default) or trusted-proxy (for HTTPS reverse proxies). Overridden when access_mode is not Custom.
|
|
options:
|
|
token: "Token (default)"
|
|
trusted-proxy: "Trusted Proxy (for reverse proxies)"
|
|
|
|
gateway_trusted_proxies:
|
|
name: Gateway Trusted Proxies
|
|
description: Comma-separated trusted proxy IP/CIDR list for trusted-proxy mode (example - 127.0.0.1,192.168.88.0/24).
|
|
|
|
enable_openai_api:
|
|
name: Enable OpenAI API
|
|
description: Enable OpenAI-compatible Chat Completions endpoint. Allows using OpenClaw as a conversation agent in HA Assist pipeline via Extended OpenAI Conversation (HACS) or any OpenAI-compatible client.
|
|
force_ipv4_dns:
|
|
name: Force IPv4 DNS Order
|
|
description: Force IPv4-first DNS ordering for Node network calls. Most HAOS VMs lack IPv6 egress, causing web_fetch and Telegram timeouts. Recommended ON (default).
|
|
nginx_log_level:
|
|
name: Nginx Log Level
|
|
description: "Access log verbosity for the built-in nginx proxy. 'minimal' (default) suppresses repetitive HA health-check and polling requests. 'full' logs everything."
|
|
options:
|
|
minimal: "Minimal (suppress HA polling noise)"
|
|
full: "Full (log all requests)"
|
|
gateway_env_vars:
|
|
name: Gateway Environment Variables
|
|
description: Environment variables passed to the OpenClaw gateway process at startup (list entries with name/value in Home Assistant UI; max 50 variables, keys up to 255 characters, values up to 10,000 characters).
|
|
auto_configure_mcp:
|
|
name: Auto-Configure MCP for Home Assistant
|
|
description: "When ON and Home Assistant Token is set, automatically registers Home Assistant as an MCP server on each startup. This lets OpenClaw control HA entities, services, and automations via the Model Context Protocol. Disable only if you manage mcporter configuration manually."
|