dannydannydanny/dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
dotfiles/nixos/home/danny/openclaw.nix
DannyDannyDanny 703720da96 OpenClaw: integrate in dotfiles flake, secrets from files 
- Add nix-openclaw to flake; OpenClaw config in home/danny/openclaw.nix
- Gateway token from ~/.secrets/openclaw-gateway-token via wrapper script
- Telegram allowFrom from gitignored openclaw-allow-from.nix (example committed)
- openclaw-documents (AGENTS.md, SOUL.md, TOOLS.md) for workspace
- AGENTS.md: note OpenClaw config location and apply command

Made-with: Cursor
2026-03-14 10:51:52 +01:00

57 lines
1.9 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# OpenClaw (AI assistant gateway) Telegram, launchd, documents.
# Secrets (not in repo):
# ~/.secrets/telegram-bot-token
# ~/.secrets/openclaw-gateway-token (one line, gateway auth token)
# nixos/home/danny/openclaw-allow-from.nix (gitignored; copy from .example)
# After editing, run: darwin-rebuild switch --flake . (from ~/dotfiles/nixos)
{ config, lib, ... }:
let
# Telegram user IDs from gitignored file so we don't commit them
allowFromPath = ./. + "/openclaw-allow-from.nix";
allowFrom = if builtins.pathExists allowFromPath then import allowFromPath else [ ];
in
{
programs.openclaw = {
enable = true;
documents = ./openclaw-documents;
config = { };
instances.default = {
enable = true;
config = {
gateway = {
mode = "local";
auth.token = ""; # loaded from ~/.secrets/openclaw-gateway-token via wrapper
};
channels.telegram = {
tokenFile = "/Users/danny/.secrets/telegram-bot-token";
allowFrom = allowFrom;
groups."*" = { requireMention = true; };
};
};
plugins = [
# e.g. { source = "github:openclaw/nix-steipete-tools?dir=tools/summarize"; }
];
};
};
# Wrapper loads gateway token from file and execs the real gateway (keeps token out of store)
home.file.".local/bin/openclaw-gateway-wrapper" = {
source = ./openclaw-gateway-wrapper.sh;
executable = true;
};
# Prepend wrapper to launchd so OPENCLAW_GATEWAY_TOKEN is set from file at runtime
launchd.agents."com.steipete.openclaw.gateway" = lib.mkForce (
(config.launchd.agents."com.steipete.openclaw.gateway" or { }) // {
config = (config.launchd.agents."com.steipete.openclaw.gateway".config or { }) // {
ProgramArguments = [
(config.home.homeDirectory + "/.local/bin/openclaw-gateway-wrapper")
] ++ (config.launchd.agents."com.steipete.openclaw.gateway".config.ProgramArguments or [ ]);
};
}
);
}
Reference in a new issue View git blame Copy permalink