# Ansible Installation Documentation

## Overview
The documentation describes OpenClaw's Ansible-based deployment system, emphasizing "firewall-first security" with a 4-layer defense architecture combining UFW, Tailscale VPN, Docker isolation, and systemd hardening.

## Key Installation Details

**One-command deployment:**
```bash
curl -fsSL https://raw.githubusercontent.com/openclaw/openclaw-ansible/main/install.sh | bash
```

**System requirements:** Debian 11+ or Ubuntu 20.04+ with root/sudo access and internet connectivity.

**Components installed:**
- Tailscale mesh VPN for encrypted remote access
- UFW firewall (SSH and Tailscale ports only)
- Docker and Node.js 22.x runtime
- OpenClaw gateway (host-based, not containerized)
- Systemd service for auto-start functionality

## Security Architecture

The installation implements layered protection: firewall rules restrict external exposure to SSH only, VPN mesh gates gateway access, Docker prevents container port leakage, and systemd applies privilege restrictions. Users can verify the attack surface using nmap, expecting only port 22 visibility.

## Post-Installation

After setup completes, switch to the openclaw user and run the onboarding wizard to configure provider connections (WhatsApp, Telegram, Discord, Signal) and verify gateway functionality through Tailscale.

## Maintenance

The Ansible playbook remains idempotent for rerunning during configuration changes. Manual installation is available via cloning the GitHub repository and executing the playbook directly.