Run a Mac Mini M4 as an always-on headless server for OpenClaw and other services, managed entirely via SSH. No monitor, no keyboard, no mouse.
System Settings → General → Sharing → Remote Login → ON
sudo systemsetup -setremotelogin on sudo systemsetup -getremotelogin
sudo lsof -i :22
# On your client machine
ssh-keygen -t ed25519 -C "mac-mini"
ssh-copy-id user@mac-mini-ip
# /etc/ssh/sshd_config
PubkeyAuthentication yes
PasswordAuthentication no
KbdInteractiveAuthentication no
# Restart sshd
sudo launchctl unload \
/System/Library/LaunchDaemons/ssh.plist
sudo launchctl load \
/System/Library/LaunchDaemons/ssh.plist
chmod 700 ~/.ssh and chmod 600 ~/.ssh/authorized_keys.
Wrong permissions = key auth silently fails.
The most critical section for headless operation.
# All-in-one headless server profile
sudo pmset -a \
sleep 0 \
displaysleep 0 \
disksleep 0 \
womp 1 \
tcpkeepalive 1 \
powernap 0
sleep 0 | Never sleep |
displaysleep 0 | Never display sleep |
disksleep 0 | Never disk sleep |
womp 1 | Wake for network |
tcpkeepalive 1 | Keep TCP alive |
powernap 0 | Predictable behavior |
sudo systemsetup -setcomputersleep Never sudo systemsetup -setdisplaysleep Never sudo systemsetup -setharddisksleep Never
# Background wake assertion caffeinate -dimsu & # -d display -i idle -m disk # -s system -u user activity
| NewerTech HDMI 4K | ~$15 | OWC/MacSales |
| DTECH Dummy Plug | ~$10 (2-pack) | Amazon |
| Any "HDMI display emulator" | ~$8-15 | Anywhere |
Get 4K minimum. Plug in before removing real monitor.
BetterDisplay creates virtual displays on Apple Silicon.
Up to 3200x1800 retina for VNC. Free/paid. github.com/waydabber/BetterDisplay
System Settings → General → Sharing → Screen Sharing → ON
sudo /System/Library/CoreServices/\
RemoteManagement/ARDAgent.app/\
Contents/Resources/kickstart \
-activate -configure -access -on \
-clientopts -setvnclegacy \
-vnclegacy yes \
-clientopts -setvncpw \
-vncpw yourpassword \
-restart -agent -privs -all
# Create tunnel ssh -L 5901:localhost:5900 \ user@mac-mini-ip -N & # Connect via tunnel open vnc://localhost:5901
open vnc://mac-mini-ip
All new Apple Silicon Macs ship with FileVault enabled by default.
FileVault requires a password at boot to decrypt the disk — this blocks auto-login entirely.
Without auto-login, reboots require physical keyboard input. This defeats the purpose of headless operation.
System Settings → Privacy & Security → FileVault → Turn Off
System Settings → Users & Groups → Automatically log in as → [your user]
defaults write method for auto-login
no longer works in Sequoia. Use System Settings.
The M4-specific nightmare. Apply ALL of these together.
# 1. Insert HDMI dummy plug (hardware) # 2. Set pmset to never sleep sudo pmset -a sleep 0 displaysleep 0 \ disksleep 0 # 3. Disable Power Nap sudo pmset -a powernap 0 # 4. Check assertions pmset -g assertions # 5. Safety net caffeinate -dimsu & # 6. Verify pmset -g log | tail -20
sleep 0 — never rely on wake-from-sleep.
pmset -g # All power settings pmset -g assertions # What's preventing sleep pmset -g log | grep "Sleep|Wake" # Sleep/wake history pmset -g ps # Power source
sudo scutil --set ComputerName \
"mac-mini-server"
sudo scutil --set LocalHostName \
"mac-mini-server"
sudo scutil --set HostName \
"mac-mini-server"
systemsetup -getremotelogin
# Check SSH status
# Disable screen saver defaults -currentHost write \ com.apple.screensaver \ idleTime 0 # Disable notifications defaults write \ com.apple.notificationcenterui \ doNotDisturb -bool true
sudo pmset -a womp 1 # Enable networksetup -getmacaddress Ethernet # Get MAC brew install wakeonlan # Install tool wakeonlan AA:BB:CC:DD:EE:FF # Send packet
Only works from sleep (not powered off). Ethernet only. If sleep 0, mostly irrelevant.
sudo shutdown -r now # Restart now sudo shutdown -h now # Shutdown sudo shutdown -r +5 # In 5 minutes sudo shutdown -r 23:00 # At 11pm sudo killall shutdown # Cancel
Recovery Mode requires physical access on Apple Silicon.
| Issue | Detail | Fix |
|---|---|---|
| FileVault on by default | Blocks auto-login at boot | Disable in System Settings |
| No display = no GPU init | 800x600 VNC, partial framebuffer | HDMI dummy plug ($10) |
| Sequoia 15.3 regression | Display wake failures after sleep | pmset sleep 0 (never sleep) |
| Wi-Fi disconnects | Drops when idle, even with sleep disabled | Use Ethernet (built-in Gigabit) |
| SSH before login | sshd works, but no WindowServer for GUI apps | CLI-only is fine; enable auto-login for GUI |
| Spotlight on first boot | Pegs CPU for 10-30 min, sluggish SSH | Wait it out or mdutil -i off / |
| Recovery Mode | Requires physical presence (hold power button) | Keep Apple Configurator 2 + USB-C cable handy |
| Bonjour / mDNS | Advertises as hostname.local |
ssh [email protected] |
| Type | Runs As | When |
|---|---|---|
| LaunchDaemon | root | System boot |
| LaunchAgent | user | User login |
| User Agent | current user | User login |
RunAtLoad | Start at boot/login |
KeepAlive | Auto-restart on crash |
ThrottleInterval | Min seconds between restarts |
StartInterval | Run every N seconds |
StartCalendarInterval | Specific time (crontab-like) |
EnvironmentVariables | Inject env vars |
# /Library/LaunchDaemons/com.ocasia.openclaw.plist <plist version="1.0"> <dict> <key>Label</key> <string>com.ocasia.openclaw</string> <key>ProgramArguments</key> <array> <string>/usr/local/bin/openclaw</string> <string>--config</string> <string>/etc/openclaw/config.yaml</string> </array> <key>RunAtLoad</key><true/> <key>KeepAlive</key><true/> <key>StandardOutPath</key> <string>/var/log/openclaw/stdout.log</string> </dict> </plist>
# Manage
sudo chown root:wheel *.plist
sudo chmod 644 *.plist
sudo launchctl bootstrap system *.plist
sudo launchctl list | grep openclaw
sudo launchctl kickstart -k \
system/com.ocasia.openclaw
Run through in order with a display attached.
sudo systemsetup -setremotelogin onsudo scutil --set ComputerName/LocalHostName/HostNamesudo pmset -a sleep 0 displaysleep 0 ...ssh-copy-id [email protected]PasswordAuthentication no in sshd_configssh [email protected] "uptime"