saulutions.ca

// blog post

Part 2: Dependencies & Post-Install Setup

6 min read
#openclaw #proxmox #lxc #setup #homelab

Container created, features enabled. Now we need to prep the environment before installing OpenClaw. This part is mostly about getting dependencies in place and doing some basic security setup.

First things first: system updates

You’re running a fresh Debian container. First thing you should do is update it.

From inside the container (either pct enter <container-id> or SSH):

apt update
apt upgrade -y

This will take a minute or two. Let it finish.

Creating a non-root user

Running OpenClaw as root is a bad idea for a few reasons:

  • If something goes wrong or gets compromised, you don’t want it to have full root access to the container
  • Homebrew refuses to run as root - it’s a hard requirement that you run it as a regular user

Let’s create a dedicated user for OpenClaw:

adduser openclaw

It’ll ask you a bunch of questions:

New password:
Retype new password:
passwd: password updated successfully
Changing the user information for openclaw
Enter the new value, or press ENTER for the default
        Full Name []:
        Room Number []:
        Work Phone []:
        Home Phone []:
        Other []:
Is the information correct? [Y/n] y

Set a password (you probably won’t use it much, but you need one). For everything else, just hit Enter. We don’t need a full name or room number for a system user.

Add the user to sudo:

usermod -aG sudo openclaw

Important: do this as root, not as the openclaw user. I made that mistake the first time and got a very unhelpful error message. You need to be root to modify sudo permissions.

Switch to the openclaw user:

For installing dependencies, you can use:

su - openclaw

You should see a prompt like:

openclaw@openclaw:~$

Important note about SSH vs su:

While su - openclaw works fine for installing dependencies (Homebrew, Docker verification, etc.), you’ll need to use SSH login later for running OpenClaw with systemd.

Systemd user services require an actual SSH login session. When we get to Part 3 and set up the systemd service, you’ll need to login via:

ssh openclaw@localhost

For now, su - openclaw is fine for the installation steps in this part.

From this point on, we’re doing everything as the openclaw user, not root.

Installing Git

Git is required for Homebrew and for OpenClaw itself. Install it first:

sudo apt update
sudo apt install -y git

Configure git:

git config --global user.name "OpenClaw"
git config --global user.email "openclaw@yourdomain.com"

This ensures git commits from the agent have proper attribution.

Installing Homebrew

OpenClaw can use Homebrew to install and manage tools. Even on Linux (via Linuxbrew), this works great.

Make sure you’re the openclaw user:

whoami
# should output: openclaw

Install Homebrew (NO sudo):

/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"

Add Homebrew to your PATH:

echo 'eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"' >> ~/.profile
eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"

Note: We’re using ~/.profile here instead of ~/.bashrc. When we set up OpenClaw as a systemd service later, we’ll need to make sure the service PATH includes /home/linuxbrew/.linuxbrew/bin so brew-installed tools work properly.

Verify:

brew --version

Installing Docker

We’re not running the OpenClaw gateway in Docker, but we will use Docker containers for agent sandboxing. Let’s get it installed.

0️⃣ Confirm you’re the openclaw user:

whoami
# should output: openclaw

1️⃣ Remove any old Docker bits (safe):

sudo apt remove -y docker docker-engine docker.io containerd runc

2️⃣ Install prerequisites:

sudo apt update
sudo apt install -y ca-certificates curl gnupg

3️⃣ Add Docker GPG key:

sudo install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/debian/gpg \
  | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
sudo chmod a+r /etc/apt/keyrings/docker.gpg

4️⃣ Add Docker repository (Debian):

echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] \
  https://download.docker.com/linux/debian \
  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" \
  | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

5️⃣ Update package list:

sudo apt update

6️⃣ Install Docker Engine + Compose:

sudo apt install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

7️⃣ Enable and start Docker:

sudo systemctl enable docker
sudo systemctl start docker

8️⃣ Allow openclaw to run Docker without sudo:

sudo usermod -aG docker openclaw

Important: Log out and log back in for group membership to take effect.

exit  # exit from openclaw user
su - openclaw  # log back in as openclaw

9️⃣ Verify:

docker version
docker run hello-world
docker compose version

If docker run hello-world works, Docker is properly installed and the openclaw user has permission to use it.

SSH access

You’ll want to access this container via SSH. The default SSH setup works fine - you can SSH in as either root or the openclaw user.

If you want to tighten security by disabling root SSH login, you can do that later once you’re confident you won’t need it. For now, keeping both options available is safer while you’re setting everything up.

Quick environment check

Let’s make sure everything is in place before moving to Part 3.

Run these as the openclaw user:

# Git installed?
git --version

# Homebrew installed?
brew --version

# Docker working?
docker ps
docker compose version

If all of those work, you’re good to go.

What’s next

Environment prepped, dependencies installed, basic security configured. The container is ready for OpenClaw.

In Part 3, we’ll actually install OpenClaw, configure it with your API keys, set up the first workspace, and make it run as a systemd service.

Take a break if you need one. When you’re ready, head to Part 3.

Troubleshooting:

Docker permission denied:

  • Verify you added openclaw to docker group: groups openclaw should include docker
  • Make sure you logged out and back in after adding to the group: exit then su - openclaw

Homebrew command not found:

  • Make sure you ran eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"
  • Or log out and back in to reload ~/.profile

brew doctor warnings:

  • Usually safe to ignore on Debian/LXC unless something is actually broken
  • If a brew package install fails, come back and address the warnings

Comments

// related posts

Adding Multi-User Support and OIDC to Shelfmark

How I added OIDC authentication, per-user settings, and multi-user download management to Shelfmark

#shelfmark #oidc #self-hosting #homelab #open-source
Feb 8

Jellyseerr OIDC with Pocket ID on Proxmox

How to build Jellyseerr from source with OIDC support and connect it to Pocket ID for single sign-on

#jellyseerr #oidc #pocket-id #proxmox #homelab
Jan 31

Part 1: Building Jellyseerr from Source with OIDC

Clone the OIDC preview branch, build from source, and run as a systemd service on Proxmox

#jellyseerr #oidc #proxmox #systemd
Jan 31