Posts and how to...

Many useful articles and instructions!

    Installing and running Zeroclaw on Ubuntu 24.04 or in an LXC container without purchasing macmini computer

    Zeroclaw Installation and Configuration in LXC Container

    Complete guide for deploying Zeroclaw 0.1.7 in an isolated LXC container with Telegram bot, secure settings, and proxy support.

    Table of Contents

    1. Requirements
    2. Creating LXC Container
    3. Container Configuration for Ubuntu 24
    4. Installing Dependencies
    5. Installing Zeroclaw
    6. Configuration (TOML)
    7. Telegram Bot Setup
    8. Security and Restrictions
    9. Proxy Configuration
    10. Setting Up systemd Service
    11. Verification and Testing
    12. Troubleshooting
    13. Commands Cheat Sheet

    Requirements

    Component Version / Value
    Host system Ubuntu 20.04+ with LXC
    Container Ubuntu 24.04 (Noble)
    Zeroclaw v0.1.7-beta.30+
    Node.js 18+ (if building required)
    Network Internet access, proxy (optional)

    Creating LXC Container

    1.1. Create container on host:

    sudo lxc-create -t download -n bulxc_zero_online -- \
  --dist ubuntu \
  --release noble \
  --arch amd64

    1.2. Configure AppArmor and nesting (critical for systemd and browser):

    sudo nano /var/lib/lxc/bulxc_zero_online/config

    Add to the end of the file:

    # Disable AppArmor for new systemd support
lxc.apparmor.profile = unconfined
lxc.apparmor.allow_nesting = 1

# Allow all devices (for systemd)
lxc.cap.drop =
lxc.cgroup.devices.allow = a
lxc.cgroup2.devices.allow = a

# Explicit init
lxc.init.cmd = /sbin/init

    1.3. Start container and connect:

    # Start container
sudo lxc-start -n bulxc_zero_online -d

# Wait for boot (systemd in Ubuntu 24 takes ~10 sec)
sleep 10

# Connect to console
sudo lxc-attach -n bulxc_zero_online

    Installing Dependencies

    Inside the container, run:

    # Update packages
apt update && apt upgrade -y

# Basic utilities
apt install -y curl git wget ca-certificates mc

# Node.js 20 LTS (if needed)
curl -fsSL https://deb.nodesource.com/setup_20.x | bash -
apt install -y nodejs

# Verify
node -v  # v20.x
npm -v

    Installing Zeroclaw

    3.1. Download binary:

    mkdir -p /opt/zeroclaw
cd /opt/zeroclaw

# Download latest version (check GitHub for current release)
wget https://github.com/zeroclaw-labs/zeroclaw/releases/download/v0.1.7-beta.30/zeroclaw-x86_64-unknown-linux-gnu.tar.gz

# Extract
tar xzf zeroclaw-x86_64-unknown-linux-gnu.tar.gz

# Move binary
mv zeroclaw-x86_64-unknown-linux-gnu/zeroclaw /opt/zeroclaw/
chmod +x /opt/zeroclaw/zeroclaw

# Verify version
./zeroclaw --version
# Expected output: zeroclaw 0.1.7

    3.2. Create configuration directory:

    mkdir -p /root/.zeroclaw

    ⚙️ Configuration (TOML)

    Create configuration file:

    mcedit /root/.zeroclaw/config.toml

    Complete config.toml example:

    # =============================================================================
# ZEROCLAW CONFIGURATION (TOML)
# =============================================================================

[meta]
version = "0.1.7"
lastTouchedAt = "2026-03-14T00:00:00Z"

# -----------------------------------------------------------------------------
# AI Provider (OpenRouter)
# -----------------------------------------------------------------------------
[ai]
provider = "openrouter"
api_key = "sk-or-YOUR_KEY"
default_model = "openrouter/free"
# Alternative: "meta-llama/llama-3-8b-instruct:free"

# -----------------------------------------------------------------------------
# Telegram Channel
# -----------------------------------------------------------------------------
[channels.telegram]
bot_token = "YOUR_BOTFATHER_TOKEN"
enabled = true
dm_policy = "pairing"
group_policy = "allowlist"

# Settings for specific group
[channels.telegram.groups."-1002381931123"]
require_mention = true      # Respond only to @mentions
allow_commands = false      #  Disable commands in group
allow_tools = false         #  Disable tools in group

# -----------------------------------------------------------------------------
# Autonomy & Filesystem Security
# -----------------------------------------------------------------------------
[autonomy]
level = "readonly"          #  Read-only file access
workspace = "/root/.zeroclaw/workspace"

# -----------------------------------------------------------------------------
# Browser Settings (LXC-compatible)
# -----------------------------------------------------------------------------
[browser]
enabled = true
headless = true
no_sandbox = true           # ⚠️ Critical for LXC!

# -----------------------------------------------------------------------------
# Gateway (Web UI & API)
# -----------------------------------------------------------------------------
[gateway]
port = 3001
mode = "local"
bind = "127.0.0.1"          # localhost only (secure)

[gateway.auth]
mode = "token"
token = "YOUR_SECRET_TOKEN"

# -----------------------------------------------------------------------------
# Proxy Settings (optional)
# -----------------------------------------------------------------------------
[proxy]
all_proxy = "socks5://192.168.0.32:20170"
scope = "services"          # "environment" | "zeroclaw" | "services"
services = ["channel.telegram"]  # Apply only to Telegram

# -----------------------------------------------------------------------------
# Logging
# -----------------------------------------------------------------------------
[logging]
enabled = true
level = "info"              # "debug" for troubleshooting

    Important: Set strict permissions on config if it contains secrets:

    chmod 600 /root/.zeroclaw/config.toml

    Telegram Bot Setup

    4.1. Create bot via @BotFather:

    1. Open Telegram → @BotFather
    2. Send command /newbot
    3. Enter bot name (display name)
    4. Enter username (must end with bot)
    5. Copy the provided API Token
    6. Paste token into config: bot_token = "..."

    4.2. Add bot to group:

    1. Find your bot by username in Telegram
    2. Add it to group -1002381931123 as a member
    3. (Recommended) Promote to admin to read all messages
    4. Test: Send @YourBot hello — bot should respond

    4.3. Interactive setup (alternative to manual editing):

    cd /opt/zeroclaw
./zeroclaw onboard --interactive

    Recommended answers in wizard:

    Question Answer
    Bot platform Telegram
    Bot token YOUR_TOKEN
    Enable group chats Yes
    Group policy allowlist
    Group ID -1002381931123
    Require mention Yes
    Allow commands in groups No ⚠️
    Allow tools in groups No ⚠️
    AI Provider OpenRouter
    API Key YOUR_KEY
    Default model openrouter/free
    Enable browser Yes
    Use sandbox No ⚠️ (for LXC)

    Security and Restrictions

    Access rights matrix:

    Channel Read files Write files Commands Tools
    DM (you)
    Group -100... readonly allow_commands: false allow_tools: false

    Additional measures:

    # Disable shell commands at exec level
[tools.exec]
security = "allowlist"
allowed_commands = []  # Empty list = full deny

# Restrict readable paths (optional)
[autonomy]
level = "readonly"
allowed_paths = ["/root/.zeroclaw/workspace"]

    Proxy Configuration

    5.1. [proxy] parameters:

    [proxy]
all_proxy = "socks5://192.168.0.32:20170"
scope = "services"
services = ["channel.telegram"]
    Parameter Values Description
    all_proxy socks5://, http://, https:// Proxy server address
    scope environment, zeroclaw, services Application scope
    services ["channel.telegram"], ["*"] List of services for proxy

    5.2. Available service names:

    Service Value
    Telegram "channel.telegram"
    Gateway "gateway"
    AI provider "ai.openrouter"
    Browser "browser"
    All services "*"

    5.3. Proxy with authentication:

    [proxy]
all_proxy = "socks5://username:password@192.168.0.32:20170"
scope = "services"
services = ["channel.telegram"]

    ⚙️ Setting Up systemd Service

    6.1. Generate service via zeroclaw:

    cd /opt/zeroclaw
./zeroclaw service install

    6.2. Move to system scope:

    # Copy from user to system
cp /root/.config/systemd/user/zeroclaw.service /etc/systemd/system/

# Reload systemd
systemctl daemon-reload

    6.3. Verify and edit service (optional):

    mcedit /etc/systemd/system/zeroclaw.service

    Ensure ExecStart runs daemon:

    [Service]
Type=simple
User=root
WorkingDirectory=/opt/zeroclaw
ExecStart=/opt/zeroclaw/zeroclaw daemon
Restart=on-failure
RestartSec=5
# For browser in LXC:
Environment=CHROMIUM_FLAGS="--no-sandbox --disable-setuid-sandbox"

    6.4. Enable and start:

    systemctl enable zeroclaw
systemctl start zeroclaw
systemctl status zeroclaw

    6.5. View logs:

    journalctl -u zeroclaw -f

    Verification and Testing

    7.1. Quick checks:

    # Service status
systemctl status zeroclaw

# Check port 3001
ss -tlnp | grep 3001

# Test Telegram API connection (if using proxy)
curl --proxy socks5://192.168.0.32:20170 https://api.telegram.org/botYOUR_TOKEN/getMe

    7.2. Telegram tests:

    Test Expected Result
    DM: "hello" Bot responds
    DM: "read /etc/passwd" Reads (if accessible)
    DM: "write to test.txt" Denied (readonly)
    Group: "hello" Ignored (no @mention)
    Group: "@bot hello" Text response
    Group: "@bot run code" Denied (allow_tools: false)

    7.3. Check logs for errors:

    journalctl -u zeroclaw -n 100 --no-pager | grep -iE "error|fail|denied"

    ️ Troubleshooting

    Issue Possible Cause Solution
    Bot won't connect Wrong token / no network / proxy Check bot_token, ping api.telegram.org, proxy settings
    Permission denied No execute permission on binary chmod +x /opt/zeroclaw/zeroclaw
    libssl.so not found Missing libraries apt install -y libssl3 libcurl4
    Browser won't start Sandbox in LXC Ensure: no_sandbox = true + Environment=CHROMIUM_FLAGS="--no-sandbox"
    systemd can't find service File in wrong location Copy to /etc/systemd/system/ + daemon-reload
    Config not reading TOML syntax error Check via python3 -c "import toml; toml.load('/root/.zeroclaw/config.toml')"
    Proxy not working Host unreachable / auth nc -zv 192.168.0.32 20170, check username:password in URL

    Recreate service:

    ./zeroclaw service uninstall
./zeroclaw service install
cp /root/.config/systemd/user/zeroclaw.service /etc/systemd/system/
systemctl daemon-reload
systemctl restart zeroclaw

    Commands Cheat Sheet

    Managing zeroclaw:

    # Version
./zeroclaw --version

# Interactive setup
./zeroclaw onboard --interactive

# Run gateway only (web UI)
./zeroclaw gateway

# Run bot + gateway (all together)
./zeroclaw daemon

# Run with config path
./zeroclaw --config /root/.zeroclaw/config.toml

# Install systemd service
./zeroclaw service install

# Uninstall service
./zeroclaw service uninstall

    Managing systemd:

    # Status / start / stop / restart
systemctl status zeroclaw
systemctl start zeroclaw
systemctl stop zeroclaw
systemctl restart zeroclaw

# Enable/disable autostart
systemctl enable zeroclaw
systemctl disable zeroclaw

# Live logs
journalctl -u zeroclaw -f

# Last 50 log lines
journalctl -u zeroclaw -n 50 --no-pager

    Managing container (on host):

    # Start / stop / reboot
sudo lxc-start -n bulxc_zero_online
sudo lxc-stop -n bulxc_zero_online
sudo lxc-reboot -n bulxc_zero_online

# Connect to console
sudo lxc-attach -n bulxc_zero_online

# Backup container (Proxmox)
sudo pct backup bulxc_zero_online

    Final Checklist

    • [ ] Container created with nesting=1 and apparmor.profile=unconfined
    • [ ] Zeroclaw downloaded and executable
    • [ ] Config /root/.zeroclaw/config.toml created and valid
    • [ ] Specified: bot_token, api_key, group_id
    • [ ] Security: autonomy.level = "readonly", allow_commands = false
    • [ ] Browser: no_sandbox = true (for LXC)
    • [ ] Proxy: configured if needed
    • [ ] systemd service installed and enabled
    • [ ] Bot responds in DM and group (only to @mentions)
    • [ ] Logs clean, no errors

    Useful Links

    Tip: Regularly backup your config:

    cp /root/.zeroclaw/config.toml /root/.zeroclaw/config.toml.backup.$(date +%Y%m%d)

    Good luck with your deployment! If you have questions — feel free to ask.


Yenten

Uranium-X

MicroBitcoin

Sugarchain

Goldcash

Adventurecoin

Minersworldcoin

Crionic