Installation Guide

Mac Mini OpenClaw Setup Guide

Complete step-by-step instructions for installing and configuring OpenClaw on Mac Mini

Last updated: March 2026

Why Choose Mac Mini for OpenClaw

The Mac Mini is an ideal choice for running OpenClaw continuously. Here's how it compares to alternatives:

Factor	Mac Mini (M2/M4)	Raspberry Pi 5	Cloud VPS	Old PC/Laptop
Performance	Excellent (8-10 cores)	Moderate (4-8 cores)	Variable (pay for more)	Good but inefficient
Power Consumption	7-15W idle	5-12W	Included in cost	50-150W+
Noise	Nearly silent	Silent (fanless options)	N/A	Often noisy
Initial Cost	$599+	$60-100 + accessories	$5-20/month	Free-$200
Reliability	Very high	High (SD card risks)	Depends on provider	Variable
macOS Native	✓ Yes	✗ Linux only	✗ Usually Linux	✓ If Mac
Best For	Production use	Learning/experiments	Scalability	Testing

✓ For serious OpenClaw operations, the Mac Mini provides the best combination of performance, efficiency, and macOS-native tooling.

Prerequisites

Hardware Requirements

•Mac Mini (M2 or M4 recommended, Intel models work but less efficient)
•At least 8GB RAM (16GB+ recommended for multiple agents)
•256GB+ SSD storage
•Ethernet connection recommended (or stable Wi-Fi)
•Uninterruptible Power Supply (UPS) recommended for 24/7 operation

Software Requirements

•macOS 14.0 (Sonoma) or later
•Apple ID with two-factor authentication enabled
•Admin access to the Mac Mini

Required Accounts

•GitHub account (for OpenClaw CLI)
•AI provider account (OpenAI, Anthropic, or others)
•Telegram account (for agent interaction)
•Tailscale account (for remote access)

Time Allocation

2-3 hours for first-time setup

macOS Configuration20-30 minutes
Dependencies Installation30-45 minutes
OpenClaw Setup45-60 minutes
Integration & Testing30-45 minutes

Phase 1: macOS System Configuration

Proper macOS configuration ensures your Mac Mini runs reliably 24/7 and remains secure.

Prevent Sleep Mode

Ensure your Mac Mini never sleeps so OpenClaw can run continuously.

# Open System Settings
# Navigate to: System Settings → Energy Saver (or Battery)
# Enable "Prevent automatic sleeping when the display is off"

# Or use terminal command (requires admin):
sudo pmset -a sleep 0
sudo pmset -a disablesleep 1

# Verify settings:
pmset -g

Configure Firewall

Enable macOS firewall for basic protection.

# Open System Settings → Network → Firewall
# Turn on Firewall
# Enable "Block all incoming connections" for maximum security
# Or allow specific services as needed

Enable FileVault Encryption

Protect your data with full-disk encryption.

# Open System Settings → Privacy & Security → FileVault
# Click "Turn On FileVault"
# Save your recovery key in a secure location (password manager)
# Wait for encryption to complete (can take several hours)

Enable SSH Remote Access

Allow secure remote command-line access.

# Open System Settings → General → Sharing
# Enable "Remote Login"
# Note the SSH command shown (e.g., ssh [email protected])

# For advanced SSH config:
sudo nano /etc/ssh/sshd_config

# Recommended settings:
# - PermitRootLogin no
# - PasswordAuthentication no (use keys only)
# - PubkeyAuthentication yes

# Restart SSH service:
sudo launchctl stop com.openssh.sshd
sudo launchctl start com.openssh.sshd

Set Static IP Address (Recommended)

Assign a fixed local IP to your Mac Mini.

# Open System Settings → Network
# Select your connection (Wi-Fi or Ethernet)
# Click "Details" → TCP/IP
# Configure IPv4: "Using DHCP with manual address"
# Or set a DHCP reservation in your router

⚠️ After enabling FileVault, do not interrupt the encryption process. Keep your Mac Mini powered on until completion.

Phase 2: Install Dependencies

Install the core dependencies that OpenClaw requires to function.

Install Homebrew

Homebrew is the package manager for macOS.

/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"

# Add Homebrew to your PATH (for Apple Silicon Macs):
echo 'eval "$(/opt/homebrew/bin/brew shellenv)"' >> ~/.zprofile
eval "$(/opt/homebrew/bin/brew shellenv)"

# Verify installation:
brew --version

Install Node.js

OpenClaw requires Node.js 18 or later.

# Install Node.js via Homebrew:
brew install node@20

# Verify installation:
node --version
npm --version

# Add to PATH if needed:
echo 'export PATH="/opt/homebrew/opt/node@20/bin:$PATH"' >> ~/.zshrc
source ~/.zshrc

Install Tailscale

Tailscale provides secure remote access to your Mac Mini.

# Install Tailscale:
brew install --cask tailscale

# Start Tailscale:
tailscale up

# This will open a browser window for authentication
# Log in with your Tailscale account

# Verify connection:
tailscale status

# Note your Tailscale IP address (e.g., 100.x.y.z)

Install Git (if not present)

Git is needed for OpenClaw CLI operations.

# Check if Git is installed:
git --version

# If not installed, install via Homebrew:
brew install git

# Configure Git:
git config --global user.name "Your Name"
git config --global user.email "[email protected]"

Phase 3: Install OpenClaw

Install OpenClaw CLI and configure the Gateway service.

Install OpenClaw CLI

Install the OpenClaw command-line interface globally.

# Install OpenClaw via npm:
npm install -g openclaw

# Verify installation:
openclaw --version

# View available commands:
openclaw --help

Initialize OpenClaw Workspace

Create your OpenClaw workspace directory.

# Create workspace directory:
mkdir -p ~/Documents/openclaw_alpha
cd ~/Documents/openclaw_alpha

# Initialize OpenClaw:
openclaw init

# This will create essential configuration files:
# - SOUL.md (agent personality)
# - USER.md (user information)
# - TOOLS.md (tool configurations)
# - IDENTITY.md (agent identity)

Start OpenClaw Gateway

The Gateway service manages agent connections and communications.

# Start the Gateway daemon:
openclaw gateway start

# Check Gateway status:
openclaw gateway status

# Expected output should show Gateway is running
# Note the displayed connection details

Run Setup Wizard

Complete the interactive setup wizard.

# Run the setup wizard:
openclaw wizard

# Follow the prompts to configure:
# - Your preferred AI models
# - API keys
# - Communication channels
# - Agent personality settings

Phase 4: Configure API Keys and Models

Configure your AI model API keys and select which models your agent can use.

Obtain API Keys

Get API keys from your chosen AI providers.

# Popular AI providers:
# - OpenAI: https://platform.openai.com/api-keys
# - Anthropic: https://console.anthropic.com/settings/keys
# - Google AI: https://makersuite.google.com/app/apikey
# - Groq: https://console.groq.com/keys

# Store your API keys securely (password manager recommended)

Configure API Keys in OpenClaw

Add your API keys to OpenClaw configuration.

# Method 1: Using environment variables (recommended)
# Create or edit .env file in your workspace:
nano ~/Documents/openclaw_alpha/.env

# Add your keys:
OPENAI_API_KEY=sk-...
ANTHROPIC_API_KEY=sk-ant-...
GOOGLE_API_KEY=...

# Method 2: Using OpenClaw's key management:
openclaw keys add openai sk-...
openclaw keys add anthropic sk-ant-...

# Verify keys are set:
openclaw keys list

Configure Model Preferences

Set default and fallback models for your agent.

# Edit your agent configuration:
nano ~/Documents/openclaw_alpha/AGENT.md

# Add model configuration:
```yaml
models:
  default: openai/gpt-4o
  fallback:
    - anthropic/claude-3-5-sonnet
    - google/gemini-2.0-flash
  maxTokens: 4096
  temperature: 0.7
```

# Or use the CLI:
openclaw config set model.default openai/gpt-4o

🔒 Never commit API keys to version control. Add .env to your .gitignore file.

Phase 5: Telegram Channel Pairing

Connect OpenClaw to Telegram for interactive agent communication and notifications.

Create a Telegram Bot

Use BotFather to create a new bot.

# In Telegram:
# 1. Search for @BotFather
# 2. Send /newbot
# 3. Follow prompts to name your bot
# 4. Save the API token provided (e.g., 123456:ABC-DEF1234ghIkl-zyx57W2v1u123ew11)

# Note your bot's username (e.g., @MyOpenClawBot)

Get Your Chat ID

Find your Telegram user or channel ID.

# For personal chat:
# 1. Start a chat with your new bot
# 2. Send any message
# 3. Visit: https://api.telegram.org/bot<YOUR_BOT_TOKEN>/getUpdates
# 4. Find your "chat":{"id": ...} in the response

# For channel:
# 1. Add bot to your channel as admin
# 2. Send a message in the channel
# 3. Check getUpdates for channel ID (negative number)

Configure Telegram in OpenClaw

Add Telegram credentials to OpenClaw.

# Add to your .env file:
TELEGRAM_BOT_TOKEN=123456:ABC-DEF1234ghIkl-zyx57W2v1u123ew11
TELEGRAM_CHAT_ID=123456789

# Or use CLI:
openclaw config set telegram.botToken 123456:ABC-DEF1234ghIkl-zyx57W2v1u123ew11
openclaw config set telegram.chatId 123456789

# Test the connection:
openclaw telegram test

Pair Channel in OpenClaw

Complete the channel pairing process.

# In your workspace:
openclaw channel pair telegram

# Follow the interactive prompts
# The bot will send a confirmation message
# Reply to complete the pairing

Phase 6: Expose via Tailscale Dashboard

Expose your OpenClaw instance through Tailscale for secure remote access.

Enable Tailscale SSH

Allow SSH access via Tailscale network.

# Enable Tailscale SSH:
tailscale set --ssh=true

# Verify SSH is enabled:
tailscale status | grep -i ssh

Configure Tailscale Funnel (Optional)

Make your service publicly accessible via Tailscale Funnel.

# Enable Funnel for a specific port:
tailscale funnel --serve-on 8080

# Or use the dashboard:
# 1. Visit https://login.tailscale.com/admin
# 2. Navigate to your machine
# 3. Enable Funnel for desired ports

Set Up Tailscale Web Server

Serve OpenClaw dashboard via Tailscale.

# Create a simple serve config:
mkdir -p ~/.config/tailscale
nano ~/.config/tailscale/serve.json

# Add configuration:
{
  "TCP": {
    "3005": {
      "HTTPS": true
    }
  },
  "Web": {
    "openclaw.local:3005": {
      "Proxy": "http://localhost:3005"
    }
  }
}

# Apply configuration:
tailscale serve --bg

Access via Tailscale Dashboard

Verify remote access is working.

# From another Tailscale-connected device:
# 1. Find your Mac Mini's Tailscale IP (100.x.y.z)
# 2. Access: https://<tailscale-ip>:3005
# 3. Or use Tailscale DNS name: https://<machine-name>.ts.net:3005

Phase 7: Security Hardening

Apply security hardening to protect your OpenClaw installation from unauthorized access.

Configure Firewall Rules

Set up macOS application firewall rules.

# Enable firewall:
sudo /usr/libexec/ApplicationFirewall/socketfilterfw --setglobalstate on

# Block all incoming connections:
sudo /usr/libexec/ApplicationFirewall/socketfilterfw --setblockall on

# Add specific allow rules if needed:
sudo /usr/libexec/ApplicationFirewall/socketfilterfw --addapp /opt/homebrew/bin/node
sudo /usr/libexec/ApplicationFirewall/socketfilterfw --unblockapp /opt/homebrew/bin/node

Secure SSH Configuration

Harden SSH against common attacks.

# Edit SSH config:
sudo nano /etc/ssh/sshd_config

# Recommended settings:
Port 2222                    # Non-standard port
PermitRootLogin no
PasswordAuthentication no
PubkeyAuthentication yes
MaxAuthTries 3
ClientAliveInterval 300
ClientAliveCountMax 2
AllowUsers yourusername

# Restart SSH:
sudo launchctl stop com.openssh.sshd
sudo launchctl start com.openssh.sshd

# Generate SSH key if you haven't:
ssh-keygen -t ed25519 -C "[email protected]"

# Copy public key to Mac Mini:
ssh-copy-id -p 2222 yourusername@mac-mini-ip

Enable Automatic Updates

Keep your system and packages up to date.

# Enable macOS automatic updates:
# System Settings → General → Software Update
# Enable "Automatically keep my Mac up to date"

# Enable Homebrew auto-update:
brew autoupdate --start

# Set up OpenClaw health checks:
openclaw healthcheck schedule --daily

Configure Security Monitoring

Set up alerts for suspicious activity.

# Enable macOS logging:
# System Settings → Privacy & Security → Analytics & Improvements
# Enable relevant logging options

# Monitor login attempts:
last -t tty

# Check for failed SSH attempts:
grep "Failed password" /var/log/auth.log

# Set up OpenClaw security alerts:
openclaw config set security.alerts.enabled true
openclaw config set security.alerts.channel telegram

⚠️ Test SSH access from another device before disabling password authentication. Lock yourself out otherwise.

Phase 8: Agent Identity Configuration

Customize your agent's identity, personality, and behavior patterns.

Edit IDENTITY.md

Define your agent's core identity.

# Open the identity file:
nano ~/Documents/openclaw_alpha/IDENTITY.md

# Fill in:
- Name: Your agent's name
- Creature: AI, robot, familiar, etc.
- Vibe: Personality traits (warm, sharp, calm, etc.)
- Emoji: Signature emoji
- Avatar: Image path or URL

Configure SOUL.md

Define your agent's personality and behavioral guidelines.

# Edit the soul file:
nano ~/Documents/openclaw_alpha/SOUL.md

# Key sections to customize:
- Core Truths: Fundamental principles
- Boundaries: What the agent should/shouldn't do
- Vibe: Communication style
- Continuity: How the agent remembers and learns

Set Up USER.md

Provide context about who the agent is helping.

# Edit user information:
nano ~/Documents/openclaw_alpha/USER.md

# Include:
- Name and preferred address
- Timezone
- Core mission and goals
- Daily operating directions
- Tool preferences
- Important constraints

Configure Agent Capabilities

Define what tools and skills your agent can use.

# Edit TOOLS.md:
nano ~/Documents/openclaw_alpha/TOOLS.md

# List available tools:
- Browser profiles
- SSH hosts
- API endpoints
- Custom scripts

# Enable/disable specific skills:
openclaw skills enable github
openclaw skills enable browser
openclaw skills disable experimental-feature

Phase 9: Final Verification Checklist

Verify all components are working correctly before considering setup complete.

Checklist Item	Verify Command
Mac Mini stays awake (no sleep)	`pmset -g \| grep sleep`
FileVault encryption active	`fdesetup status`
SSH remote access working	`ssh yourusername@mac-mini-ip`
Homebrew installed	`brew --version`
Node.js installed (v18+)	`node --version`
Tailscale connected	`tailscale status`
OpenClaw CLI installed	`openclaw --version`
Gateway running	`openclaw gateway status`
API keys configured	`openclaw keys list`
Telegram bot responding	`Send message to bot`
Tailscale remote access working	`Access from another device`
Firewall enabled	`System Settings → Network → Firewall`
Agent identity configured	`Check IDENTITY.md exists`
Test agent interaction	`Send command via Telegram`

✓ Once all items are verified, your Mac Mini OpenClaw setup is complete!

Troubleshooting Quick Reference

Common issues and their solutions.

Problem: Mac Mini goes to sleep unexpectedly

Solution: Run: sudo pmset -a sleep 0 && sudo pmset -a disablesleep 1. Check for any scheduled tasks that might trigger sleep.

Problem: OpenClaw Gateway won't start

Solution: Check logs: openclaw gateway logs. Ensure ports 3005 and 8080 are not in use. Try: openclaw gateway restart.

Problem: Telegram bot not responding

Solution: Verify bot token and chat ID in .env. Test with: openclaw telegram test. Ensure bot is not blocked.

Problem: Tailscale connection drops

Solution: Run: tailscale up --force-reauth. Check network connectivity. Restart Tailscale: brew services restart tailscale.

Problem: API key authentication fails

Solution: Verify key format. Check for extra spaces or quotes. Test with: curl -H "Authorization: Bearer $OPENAI_API_KEY" https://api.openai.com/v1/models

Problem: SSH connection refused

Solution: Ensure Remote Login is enabled in System Settings. Check firewall settings. Verify SSH service: sudo launchctl list | grep ssh.

Problem: Node.js version too old

Solution: Update: brew upgrade node@20. Verify: node --version should show v18 or higher.

Problem: Permission denied errors

Solution: Check file permissions: ls -la ~/Documents/openclaw_alpha. Fix with: chmod -R u+rw ~/Documents/openclaw_alpha.

For additional help, visit the OpenClaw documentation or community forums.

Back to Home Explore Playbooks