Add OpenClaw AI Agent module

- Systemd service running OpenClaw gateway - Configurable via sops secrets - Runs on localhost:18789 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-17 20:55:15 +01:00 · 2026-03-17 20:55:15 +01:00 · 3a885463f0
commit 3a885463f0
parent f013863986
4 changed files with 210 additions and 0 deletions
--- a/modules/openclaw.nix
+++ b/modules/openclaw.nix
@ -0,0 +1,111 @@
+# OpenClaw Module
+# Provides: AI Agent with Discord integration
+#
+# Usage:
+#   myModules.openclaw = {
+#     enable = true;
+#     port = 18789;
+#   };
+
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+let
+  cfg = config.myModules.openclaw;
+  configDir = "/var/lib/openclaw/config";
+  dataDir = "/var/lib/openclaw/data";
+  workspaceDir = "/var/lib/openclaw/workspace";
+in
+{
+  options.myModules.openclaw = {
+    enable = lib.mkEnableOption "OpenClaw AI Agent";
+
+    port = lib.mkOption {
+      type = lib.types.port;
+      default = 18789;
+      description = "Gateway port for OpenClaw";
+    };
+
+    environmentFile = lib.mkOption {
+      type = lib.types.nullOr lib.types.path;
+      default = null;
+      description = "Path to environment file with API keys";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    # Create user for openclaw
+    users.users.openclaw = {
+      isSystemUser = true;
+      group = "openclaw";
+      home = "/var/lib/openclaw";
+      createHome = true;
+    };
+    users.groups.openclaw = { };
+
+    # Create directories
+    systemd.tmpfiles.settings."10-openclaw" = {
+      "${configDir}".d = {
+        user = "openclaw";
+        group = "openclaw";
+        mode = "0700";
+      };
+      "${dataDir}".d = {
+        user = "openclaw";
+        group = "openclaw";
+        mode = "0700";
+      };
+      "${workspaceDir}".d = {
+        user = "openclaw";
+        group = "openclaw";
+        mode = "0700";
+      };
+    };
+
+    # Copy config file
+    environment.etc."openclaw/openclaw.json".source = ./openclaw-config.json;
+
+    # Systemd service
+    systemd.services.openclaw = {
+      description = "OpenClaw AI Agent";
+      after = [ "network.target" ];
+      wantedBy = [ "multi-user.target" ];
+
+      serviceConfig = {
+        Type = "simple";
+        User = "openclaw";
+        Group = "openclaw";
+        WorkingDirectory = dataDir;
+
+        Environment = [
+          "NODE_ENV=production"
+          "OPENCLAW_CONFIG_DIR=${configDir}"
+          "OPENCLAW_DATA_DIR=${dataDir}"
+          "OPENCLAW_WORKSPACE_DIR=${workspaceDir}"
+        ];
+
+        ExecStartPre = [
+          "${pkgs.coreutils}/bin/mkdir -p ${configDir} ${dataDir} ${workspaceDir}"
+          "${pkgs.coreutils}/bin/cp -n /etc/openclaw/openclaw.json ${configDir}/ || true"
+        ];
+
+        ExecStart = "${pkgs.nodejs_22}/bin/npx openclaw gateway start --port ${toString cfg.port}";
+
+        Restart = "on-failure";
+        RestartSec = "10s";
+
+        # Security
+        PrivateTmp = true;
+        ProtectSystem = "strict";
+        ReadWritePaths = [ configDir dataDir workspaceDir ];
+        NoNewPrivileges = true;
+      };
+    } // lib.optionalAttrs (cfg.environmentFile != null) {
+      serviceConfig.EnvironmentFile = cfg.environmentFile;
+    };
+  };
+}