From b04b53f9c449433b25d6eea60b6baff7b4f08d58 Mon Sep 17 00:00:00 2001 From: DannyDannyDanny Date: Fri, 3 Apr 2026 12:02:02 +0200 Subject: [PATCH] =?UTF-8?q?feat:=20add=20OpenClaw=20gateway=20to=20phantom?= =?UTF-8?q?-ship=20=F0=9F=A4=96?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Telegram bot via nix-openclaw NixOS module. Secrets (API key, bot token) loaded from /etc/openclaw/ at runtime. Telegram user ID read from gitignored openclaw-allow-from.nix. --- .gitignore | 3 + nixos/flake.lock | 126 +++++++++++++++++++++++++++++++++-- nixos/flake.nix | 5 ++ nixos/hosts/phantom-ship.nix | 21 +++++- 4 files changed, 146 insertions(+), 9 deletions(-) diff --git a/.gitignore b/.gitignore index 5eede6d..b2da242 100644 --- a/.gitignore +++ b/.gitignore @@ -15,5 +15,8 @@ nixos/installer-wifi.nix # Nix build output symlink result +# OpenClaw: Telegram user ID (not committed to public repo) +nixos/hosts/openclaw-allow-from.nix + # Archived / local-only directories openclaw-documents-repo/ diff --git a/nixos/flake.lock b/nixos/flake.lock index 75d6555..acb3cba 100644 --- a/nixos/flake.lock +++ b/nixos/flake.lock @@ -40,6 +40,24 @@ "inputs": { "systems": "systems" }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { + "inputs": { + "systems": "systems_2" + }, "locked": { "lastModified": 1681202837, "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", @@ -75,6 +93,27 @@ } }, "home-manager_2": { + "inputs": { + "nixpkgs": [ + "nix-openclaw", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1767909183, + "narHash": "sha256-u/bcU0xePi5bgNoRsiqSIwaGBwDilKKFTz3g0hqOBAo=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "cd6e96d56ed4b2a779ac73a1227e0bb1519b3509", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_3": { "inputs": { "nixpkgs": [ "zen-browser", @@ -116,10 +155,51 @@ "type": "github" } }, + "nix-openclaw": { + "inputs": { + "flake-utils": "flake-utils", + "home-manager": "home-manager_2", + "nix-steipete-tools": "nix-steipete-tools", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1773851886, + "narHash": "sha256-+3ygZuf5K8mtSGMMEZ/h+vxGvXCu1CmiB+531KMagH8=", + "owner": "openclaw", + "repo": "nix-openclaw", + "rev": "64d410666821866c565e048a4d07d6cf5d8e494e", + "type": "github" + }, + "original": { + "owner": "openclaw", + "repo": "nix-openclaw", + "type": "github" + } + }, + "nix-steipete-tools": { + "inputs": { + "nixpkgs": "nixpkgs" + }, + "locked": { + "lastModified": 1773561580, + "narHash": "sha256-wT0bKTp45YnMkc4yXQvk943Zz/rksYiIjEXGdWzxnic=", + "owner": "openclaw", + "repo": "nix-steipete-tools", + "rev": "cd4c429ff3b3aaef9f92e59812cf2baf5704b86f", + "type": "github" + }, + "original": { + "owner": "openclaw", + "repo": "nix-steipete-tools", + "type": "github" + } + }, "nixos-wsl": { "inputs": { "flake-compat": "flake-compat", - "nixpkgs": "nixpkgs" + "nixpkgs": "nixpkgs_2" }, "locked": { "lastModified": 1773603777, @@ -137,6 +217,22 @@ } }, "nixpkgs": { + "locked": { + "lastModified": 1767364772, + "narHash": "sha256-fFUnEYMla8b7UKjijLnMe+oVFOz6HjijGGNS1l7dYaQ=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "16c7794d0a28b5a37904d55bcca36003b9109aaa", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { "locked": { "lastModified": 1773282481, "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=", @@ -152,7 +248,7 @@ "type": "github" } }, - "nixpkgs_2": { + "nixpkgs_3": { "locked": { "lastModified": 1773628058, "narHash": "sha256-hpXH0z3K9xv0fHaje136KY872VT2T5uwxtezlAskQgY=", @@ -168,7 +264,7 @@ "type": "github" } }, - "nixpkgs_3": { + "nixpkgs_4": { "locked": { "lastModified": 1682134069, "narHash": "sha256-TnI/ZXSmRxQDt2sjRYK/8j8iha4B4zP2cnQCZZ3vp7k=", @@ -187,8 +283,9 @@ "disko": "disko", "home-manager": "home-manager", "nix-darwin": "nix-darwin", + "nix-openclaw": "nix-openclaw", "nixos-wsl": "nixos-wsl", - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs_3", "vscode-server": "vscode-server", "zen-browser": "zen-browser" } @@ -208,10 +305,25 @@ "type": "github" } }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "vscode-server": { "inputs": { - "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs_3" + "flake-utils": "flake-utils_2", + "nixpkgs": "nixpkgs_4" }, "locked": { "lastModified": 1770124655, @@ -229,7 +341,7 @@ }, "zen-browser": { "inputs": { - "home-manager": "home-manager_2", + "home-manager": "home-manager_3", "nixpkgs": [ "nixpkgs" ] diff --git a/nixos/flake.nix b/nixos/flake.nix index f74750f..0f757d3 100644 --- a/nixos/flake.nix +++ b/nixos/flake.nix @@ -15,6 +15,9 @@ disko.url = "github:nix-community/disko"; disko.inputs.nixpkgs.follows = "nixpkgs"; + + nix-openclaw.url = "github:openclaw/nix-openclaw"; + nix-openclaw.inputs.nixpkgs.follows = "nixpkgs"; }; outputs = { @@ -26,6 +29,7 @@ home-manager, zen-browser, disko, + nix-openclaw, ... }: { nixosConfigurations = { @@ -75,6 +79,7 @@ phantom-ship = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; modules = [ + nix-openclaw.nixosModules.openclaw-gateway ./hosts/phantom-ship.nix # Home Manager on NixOS diff --git a/nixos/hosts/phantom-ship.nix b/nixos/hosts/phantom-ship.nix index 809ae48..b0eccda 100644 --- a/nixos/hosts/phantom-ship.nix +++ b/nixos/hosts/phantom-ship.nix @@ -1,10 +1,14 @@ -# NixOS server: bare config with SSH, auto-rebuild, Ethernet. -# Services (OpenClaw, etc.) to be added later. +# NixOS server: SSH, auto-rebuild, NAT for rusty-anchor, OpenClaw gateway. { config, lib, pkgs, ... }: let dotfilesDir = "/etc/dotfiles"; flakeRef = "${dotfilesDir}/nixos#phantom-ship"; + + # Telegram user ID(s) — gitignored, not committed to public repo. + # Create openclaw-allow-from.nix with e.g.: [ 12345678 ] + allowFromPath = ./openclaw-allow-from.nix; + openclawAllowFrom = if builtins.pathExists allowFromPath then import allowFromPath else [ ]; in { imports = [ ./phantom-ship-hardware.nix ]; @@ -77,6 +81,19 @@ in git # clone/bootstrap and dotfiles-rebuild timer ]; + # OpenClaw AI gateway — Telegram bot, Anthropic API. + # Secrets (not in repo): /etc/openclaw/telegram-bot-token, /etc/openclaw/env (ANTHROPIC_API_KEY) + services.openclaw-gateway = { + enable = true; + environmentFiles = [ "/etc/openclaw/env" ]; + config = { + channels.telegram = { + tokenFile = "/etc/openclaw/telegram-bot-token"; + allowFrom = openclawAllowFrom; + }; + }; + }; + # Pull dotfiles and rebuild if the repo has new commits. systemd.services.dotfiles-rebuild = { description = "Pull dotfiles and run nixos-rebuild if repo changed";