dannydannydanny/dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
dotfiles/nixos/home/danny/openclaw.nix
DannyDannyDanny 0eb9d0e8ed OpenClaw: documents from local path, rebuild workaround, forgejo-cli 
- Documents (SOUL/TOOLS/AGENTS) from path input to openclaw-documents-repo
- Flake: openclaw-documents.url = path to local clone (no SSH under sudo)
- Remove in-repo openclaw-documents; add docs/openclaw-documents.md
- openclaw.nix: activation backup + force for openclaw.json (TODO to remove)
- home.nix: add forgejo-cli
- .gitignore: openclaw-documents-repo; drop SOUL/TOOLS ignores
- AGENTS.md: OpenClaw docs ref
- TODO: remove OpenClaw activation/force bloat

Made-with: Cursor
2026-03-14 11:48:59 +01:00

75 lines
2.8 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# OpenClaw (AI assistant gateway) Telegram, launchd, documents.
# Documents (SOUL.md, TOOLS.md, etc.) come from a separate repo via the flake input
# openclaw-documents (see flake.nix; override with e.g. github:you/openclaw-documents).
# Secrets (not in repo):
# ~/.secrets/telegram-bot-token
# ~/.secrets/openclaw-gateway-token (one line, gateway auth token)
# nixos/home/danny/openclaw-allow-from.nix (gitignored; copy from .example)
# After editing, run: darwin-rebuild switch --flake . (from ~/dotfiles/nixos)
{ config, lib, pkgs, openclaw-documents, ... }:
let
# Telegram user IDs from gitignored file so we don't commit them
allowFromPath = ./. + "/openclaw-allow-from.nix";
allowFrom = if builtins.pathExists allowFromPath then import allowFromPath else [ ];
in
{
programs.openclaw = {
enable = true;
# Flake input: use .source (in-repo and separate-repo flakes expose source = ./.)
documents = openclaw-documents.source or openclaw-documents.outPath or openclaw-documents;
config = { };
instances.default = {
enable = true;
config = {
gateway = {
mode = "local";
auth.token = ""; # loaded from ~/.secrets/openclaw-gateway-token via wrapper
};
channels.telegram = {
tokenFile = "/Users/danny/.secrets/telegram-bot-token";
allowFrom = allowFrom;
groups."*" = { requireMention = true; };
};
};
plugins = [
# e.g. { source = "github:openclaw/nix-steipete-tools?dir=tools/summarize"; }
];
};
};
# Wrapper loads gateway token from file and execs the real gateway (keeps token out of store)
home.file.".local/bin/openclaw-gateway-wrapper" = {
source = ./openclaw-gateway-wrapper.sh;
executable = true;
};
# TODO: Remove this bloat (see dotfiles TODO.md). Back up as target user so HM can overwrite.
home.activation.backupOpenclawBeforeSwitch = lib.hm.dag.entryBefore [ "linkGeneration" ] ''
OPENCLAW="${config.home.homeDirectory}/.openclaw"
USER="${config.home.username}"
if [ -d "$OPENCLAW" ]; then
for f in "$OPENCLAW"/workspace/*.md "$OPENCLAW"/openclaw.json; do
[ -e "$f" ] && [ ! -L "$f" ] && (sudo -u "$USER" mv -n "$f" "$f.backup" 2>/dev/null || true)
done
fi
'';
home.file.".openclaw/openclaw.json".force = true;
# Override launchd agent to run wrapper so OPENCLAW_GATEWAY_TOKEN is set from file at runtime.
# Do not reference config.launchd.agents."..." here (causes infinite recursion).
launchd.agents."com.steipete.openclaw.gateway" = lib.mkForce {
enable = true;
config = {
ProgramArguments = [
(config.home.homeDirectory + "/.local/bin/openclaw-gateway-wrapper")
"${pkgs.openclaw}/bin/openclaw-gateway"
];
RunAtLoad = true;
KeepAlive = true;
};
};
}
Reference in a new issue View git blame Copy permalink