Fix OpenClaw gateway launch: binary renamed openclaw, add gateway subcommand

The nix-openclaw package renamed the binary from openclaw-gateway to openclaw, and the gateway now runs as a subcommand. Also adds CLAUDE.md and openclaw-todo.md. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-20 09:36:39 +01:00 · 2026-03-20 09:36:39 +01:00 · 494bc8a5f4
commit 494bc8a5f4
parent dc8011d880
4 changed files with 114 additions and 1 deletions
--- a/CLAUDE.md
+++ b/CLAUDE.md
@ -0,0 +1,63 @@
 # CLAUDE.md
 ## Build commands
 ```bash
 # macOS (from ~/dotfiles/nixos)
 darwin-rebuild switch --flake .
 # NixOS server (SSH from mac, or on server)
 sudo nixos-rebuild switch --flake .#sunken-ship
 # WSL
 sudo nixos-rebuild switch --flake ~/dotfiles/nixos#wsl
 # Update flake + rebuild (fish alias: nixupdate)
 cd ~/dotfiles/nixos && sudo nix flake update && sudo darwin-rebuild switch --flake ~/dotfiles/nixos#Daniel-Macbook-Air
 # Installer ISO (Linux only, cannot build on macOS)
 cd ~/dotfiles/nixos && nix build .#installer-iso
 ```
 ## Rebuild protocol
 **Never run rebuild commands automatically.** When changing Nix config files, always ask the user to rebuild first. Do not assume packages are available until after a successful rebuild.
 ## Flake architecture
 - **Flake:** `nixos/flake.nix` — single flake for all hosts
 - **Inputs:** nixpkgs-unstable, nix-darwin, home-manager, nixos-wsl, disko, zen-browser, nix-openclaw, openclaw-documents
 - **Host configs** in `nixos/hosts/`:
  - `macos.nix` — Apple Silicon MacBook Air (aarch64-darwin, nix-darwin)
  - `sunken-ship.nix` — NixOS home server (x86_64-linux)
  - `wsl.nix` — WSL (x86_64-linux)
  - `macbookair.nix` — old MacBook Air NixOS/WSL config
  - `server-install.nix` — disko-install target (LUKS + WiFi)
 - **Home Manager:** integrated via `home-manager.darwinModules.home-manager` on macOS; user config in `nixos/home/danny/home.nix`
 - **Shared modules:** `nixos/fish.nix` (fish + bash), `nixos/tmux.nix`, `nixos/ollama.nix`
 - **Darwin config name:** `Daniel-Macbook-Air` (must match in rebuild commands)
 ## Repo rules
 - **Public repo** — no keys, tokens, or identifying secrets. Use `scp` or config outside the repo.
 - **SSH keys:** one key per purpose (e.g. `id_ed25519_github`, `id_ed25519_servers`). Use `IdentityFile` + `IdentitiesOnly yes` in `~/.ssh/config`. Keys stay outside the repo.
 - **Commit and push** before testing on sunken-ship — the server clones/pulls from origin.
 ## Server (sunken-ship)
 - SSH: `ssh -i ~/.ssh/id_ed25519_sunken_ship danny@sunken-ship`
 - Remote rebuild: `ssh ... 'cd /etc/dotfiles/nixos && sudo nixos-rebuild switch --flake .#sunken-ship'`
 - Auto-rebuild timer: `dotfiles-rebuild` — only active after flake config switch. Check with `systemctl is-active dotfiles-rebuild.timer`.
 - Server has WiFi; stays reachable when ethernet is unplugged.
 ## OpenClaw
 AI assistant gateway (Telegram), integrated in the flake. Config: `nixos/home/danny/openclaw.nix`. Documents (SOUL.md, TOOLS.md) come from a separate local repo via the `openclaw-documents` flake input (path: `/Users/danny/dotfiles/openclaw-documents-repo`). Secrets (bot token, gateway token, Telegram user ID) live in `~/.secrets/` or the config. One apply: `darwin-rebuild switch --flake .`.
 ## Ollama
 Custom nix-darwin module at `nixos/ollama.nix` (upstream PR not yet merged). Enabled on macOS via `nixos/hosts/macos.nix`. Runs as a launchd user agent with `ollama serve`.
 ## Shell
 Fish is the default shell. Bash auto-execs fish unless the parent process is already fish. Vi keybindings with fzf integration. Zoxide aliased to `cd`.
--- a/nixos/home/danny/home.nix
+++ b/nixos/home/danny/home.nix
@ -189,6 +189,7 @@
    wget          # downloader
    # azure-cli   # TODO: remove this Azure cli tool
    gh            # github cli tool
    claude-code   # Anthropic agentic coding CLI
    forgejo-cli   # forgejo/codeberg cli (provides fj)
    git           # version control
    jujutsu       # Git alternative
--- a/nixos/home/danny/openclaw.nix
+++ b/nixos/home/danny/openclaw.nix
@ -66,7 +66,8 @@ in
    config = {
      ProgramArguments = [
        (config.home.homeDirectory + "/.local/bin/openclaw-gateway-wrapper")
-        "${pkgs.openclaw}/bin/openclaw-gateway"
+        "${pkgs.openclaw}/bin/openclaw"
        "gateway"
      ];
      RunAtLoad = true;
      KeepAlive = true;
--- a/openclaw-todo.md
+++ b/openclaw-todo.md
@ -0,0 +1,48 @@
 # OpenClaw Setup TODO
 ## Current state
 OpenClaw is **already fully wired** into the macOS (Daniel-Macbook-Air) darwin config:
 - **Keep:** `nix-openclaw` flake input, overlay, home-manager module import — all correct
 - **Keep:** `nixos/home/danny/openclaw.nix` — working config with launchd agent, wrapper, documents integration
 - **Keep:** `openclaw-gateway-wrapper.sh` — loads gateway token from `~/.secrets/` at runtime
 - **Keep:** `openclaw-allow-from.nix` (gitignored) — Telegram user ID allowlist
 - **Scrap/fix:** `home.activation.backupOpenclawBeforeSwitch` — marked as bloat in a TODO; remove once confirmed unnecessary
 - **Not wired:** `sunken-ship` and `macbookair` NixOS configs have zero OpenClaw references
 ## Phase 1: Get OpenClaw running on macOS (Daniel-Macbook-Air)
 - [ ] Ensure `openclaw-documents-repo` exists at `~/dotfiles/openclaw-documents-repo` (or clone it)
 - [ ] Create secrets:
  - `~/.secrets/telegram-bot-token` (from @BotFather)
  - `~/.secrets/openclaw-gateway-token` (gateway auth token)
 - [ ] Copy `openclaw-allow-from.nix.example` → `openclaw-allow-from.nix`, fill in Telegram user ID(s)
 - [ ] Rebuild: `cd ~/dotfiles/nixos && darwin-rebuild switch --flake .`
 - [ ] Verify launchd agent: `launchctl list | grep openclaw`
 - [ ] Test: message bot on Telegram
 - [ ] Verify Ollama integration: `ollama list` (already enabled via `macos.nix` → `ollama.nix`)
 ## Phase 2: Move to dedicated server (sunken-ship or new host)
 - [ ] **Decide:** run OpenClaw on sunken-ship (existing) or a new host (phantom-ship)?
 - [ ] Add `nix-openclaw` + `openclaw-documents` to the NixOS config's `specialArgs` (currently only passed to darwinConfigurations)
 - [ ] Port `openclaw.nix` from home-manager launchd agent → systemd user service (or system service)
  - Replace `launchd.agents` block with `systemd.user.services` equivalent
  - Update wrapper to use systemd `EnvironmentFile=` instead of bash wrapper
 - [ ] Handle secrets on server:
  - `scp` token files to server `~/.secrets/` (don't commit)
  - Or use `agenix`/`sops-nix` for encrypted secrets in repo
 - [ ] Decide on documents: clone `openclaw-documents-repo` on server, or use GitHub flake input instead of local path
 - [ ] If Ollama needed on server: port `ollama.nix` (launchd → systemd) or use nixpkgs `services.ollama` (available in NixOS, not nix-darwin)
 - [ ] Rebuild on server: `sudo nixos-rebuild switch --flake .#sunken-ship`
 ## Packaging decisions
 | Decision | Current | Options |
 |---|---|---|
 | OpenClaw binary | `nix-openclaw` flake input | **Keep** — gives overlay + HM module |
 | Documents | Local path flake input | Local path for dev, switch to `github:` for server |
 | Ollama on macOS | Custom `ollama.nix` (PR #972) | **Keep** until nix-darwin merges upstream |
 | Ollama on NixOS | Not configured | Use `services.ollama` from nixpkgs (built-in on NixOS) |
 | Secrets | Files in `~/.secrets/` | Fine for now; consider `sops-nix` if adding more |