feat: Add Robin OSINT template and enhance OpenClaw with Tailscale

Robin template:
- Complete production-ready Dokploy template for AI-powered dark web OSINT tool
- Streamlit UI with Tor SOCKS5 proxy for dark web search
- Cloudflare R2 integration for investigation storage
- Venice.ai (primary) + OpenRouter.ai (fallback) LLM provider support
- Comprehensive 600-line README with Cloudflare setup guides
- All services validated with health checks and proper networking

OpenClaw enhancements:
- Fix volume configuration: migrate from absolute paths to named volumes
- Add Tailscale v1.72.2 mesh VPN service integration
- Properly configure NET_ADMIN capabilities and IP forwarding sysctls
- Tailscale health checks and persistent state management
- Update index to reflect 2-service architecture

Both templates validated and production-ready.

Author: enuno

blueprints/README.md

@@ -62,7 +62,7 @@ This directory contains custom Dokploy templates for deploying applications in t
 | [onedev](/blueprints/onedev/) | Git server with built-in CI/CD, Kanban boards, and package registry | 6 | Ready |
 | [omni-tools](/blueprints/omni-tools/) | Self-hosted collection of 40+ web utilities for media, PDF, text, and data manipulation with client-side processing | 1 (omni-tools) | Ready |
 | [onionshare-cli](/blueprints/onionshare-cli/) | Secure anonymous file sharing, receiving, website hosting, and chat over Tor network | 1 (onionshare) | Ready |
-| [openclaw](/blueprints/openclaw/) | Personal AI assistant with multi-channel messaging integration and voice capabilities | 1 (openclaw-gateway) | Ready |
+| [openclaw](/blueprints/openclaw/) | Personal AI assistant with multi-channel messaging integration, voice capabilities, and Tailscale mesh VPN | 2 (openclaw-gateway, tailscale) | Ready |
 | [openrag](/blueprints/openrag/) | Comprehensive RAG platform with Langflow, OpenSearch, and Cloudflare R2 for intelligent document search and AI-powered conversations | 5 (opensearch, langflow, backend, frontend, dashboards) | Ready |
 | [opengist](/blueprints/opengist/) | Self-hosted Git-backed pastebin (GitHub Gist alternative) | 2 (opengist, postgres) | Ready |
 | [open-notebook](/blueprints/open-notebook/) | Private multi-model AI knowledge management platform with 16+ AI provider support | 1 (all-in-one) | Ready |
@@ -77,6 +77,7 @@ This directory contains custom Dokploy templates for deploying applications in t
 | [pda-next](/blueprints/pda-next/) | Next-generation PowerDNS Admin with React/FastAPI, OAuth, WebAuthn, and API-first architecture (beta) | 5 (web, api, worker, mysql, redis) | Beta |
 | [paperless-ngx](/blueprints/paperless-ngx/) | Document management system with OCR | 5 (web, postgres, redis, tika, gotenberg) | Ready |
 | [rainbow](/blueprints/rainbow/) | Production-grade IPFS HTTP gateway with Cloudflare DNS-01 wildcard SSL and Zero Trust admin protection | 1 (rainbow) | Ready |
+| [robin](/blueprints/robin/) | AI-powered dark web OSINT tool with Venice.ai/OpenRouter.ai LLM support and Cloudflare R2 investigation storage | 2 (robin, tor) | Ready |
 | [scrt-link](/blueprints/scrt-link/) | End-to-end encrypted ephemeral secret sharing with self-destructing links and Cloudflare R2 storage | 2 (scrt-link, postgres) | Ready |
 | [swarm-bee](/blueprints/swarm-bee/) | Decentralized storage node for Ethereum Swarm network with BZZ token incentives | 1 (bee) | Ready |
 | [tor-relay](/blueprints/tor-relay/) | Tor network relay (middle/bridge/exit) supporting anonymous internet routing infrastructure | 1 (tor-relay) | Ready |

blueprints/openclaw/docker-compose.yml

@@ -2,9 +2,12 @@ services:
   openclaw-gateway:
     image: ghcr.io/openclaw/openclaw:v0.9.0
     restart: always
+    depends_on:
+      tailscale:
+        condition: service_started
     volumes:
-      - /opt/openclaw/workspace:/root/.openclaw/workspace
-      - /opt/openclaw:/root/.openclaw
+      - openclaw-workspace:/root/.openclaw/workspace
+      - openclaw-data:/root/.openclaw
     environment:
       # ===========================================
       # Gateway Configuration
@@ -68,11 +71,46 @@ services:
       retries: 3
       start_period: 30s
 
+  tailscale:
+    image: tailscale/tailscale:v1.72.2
+    restart: always
+    volumes:
+      - tailscale-state:/var/lib/tailscale
+      - tailscale-sockdir:/var/run/tailscale
+    environment:
+      # ===========================================
+      # Tailscale Configuration
+      # Get auth key from: https://login.tailscale.com/admin/settings/keys
+      # ===========================================
+      TS_AUTHKEY: ${TAILSCALE_AUTH_KEY:?Set Tailscale auth key from https://login.tailscale.com/admin/settings/keys}
+      TS_HOSTNAME: ${TAILSCALE_HOSTNAME:-openclaw}
+      TS_ROUTES: ""
+      # Disable exit node (not needed for local mesh VPN)
+      TS_ACCEPT_DNS: "false"
+    networks:
+      - openclaw-net
+    cap_add:
+      - NET_ADMIN
+      - SYS_MODULE
+    sysctls:
+      - net.ipv4.ip_forward=1
+      - net.ipv6.conf.all.forwarding=1
+    healthcheck:
+      test: ["CMD", "tailscale", "status", "--json"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 10s
+
 volumes:
   openclaw-workspace:
     driver: local
   openclaw-data:
     driver: local
+  tailscale-state:
+    driver: local
+  tailscale-sockdir:
+    driver: local
 
 networks:
   openclaw-net: