Fix EnvironmentFile merge with mkMerge

2026-03-17 21:26:51 +01:00 · 2026-03-17 21:26:51 +01:00 · d7c3bd0775
commit d7c3bd0775
parent 2dd8ef2797
1 changed files with 30 additions and 27 deletions
--- a/modules/openclaw.nix
+++ b/modules/openclaw.nix
@ -75,38 +75,41 @@ in
      after = [ "network.target" ];
      wantedBy = [ "multi-user.target" ];
-      serviceConfig = {
+      serviceConfig = lib.mkMerge [
-        Type = "simple";
+        {
-        User = "openclaw";
+          Type = "simple";
-        Group = "openclaw";
+          User = "openclaw";
-        WorkingDirectory = dataDir;
+          Group = "openclaw";
          WorkingDirectory = dataDir;
-        Environment = [
+          Environment = [
-          "NODE_ENV=production"
+            "NODE_ENV=production"
-          "OPENCLAW_CONFIG_DIR=${configDir}"
+            "OPENCLAW_CONFIG_DIR=${configDir}"
-          "OPENCLAW_DATA_DIR=${dataDir}"
+            "OPENCLAW_DATA_DIR=${dataDir}"
-          "OPENCLAW_WORKSPACE_DIR=${workspaceDir}"
+            "OPENCLAW_WORKSPACE_DIR=${workspaceDir}"
-          "PATH=${pkgs.nodejs_22}/bin:${pkgs.git}/bin:${pkgs.bash}/bin:${pkgs.coreutils}/bin"
+            "PATH=${pkgs.nodejs_22}/bin:${pkgs.git}/bin:${pkgs.bash}/bin:${pkgs.coreutils}/bin"
-        ];
+          ];
-        EnvironmentFile = lib.mkIf (cfg.environmentFile != null) cfg.environmentFile;
+          ExecStartPre = [
            "${pkgs.coreutils}/bin/mkdir -p ${configDir} ${dataDir} ${workspaceDir}"
            "${pkgs.bash}/bin/bash -c 'cp -n /etc/openclaw/openclaw.json ${configDir}/ || true'"
          ];
-        ExecStartPre = [
+          ExecStart = "${pkgs.nodejs_22}/bin/npx openclaw gateway --port ${toString cfg.port} --allow-unconfigured";
          "${pkgs.coreutils}/bin/mkdir -p ${configDir} ${dataDir} ${workspaceDir}"
          "${pkgs.bash}/bin/bash -c 'cp -n /etc/openclaw/openclaw.json ${configDir}/ || true'"
        ];
-        ExecStart = "${pkgs.nodejs_22}/bin/npx openclaw gateway --port ${toString cfg.port} --allow-unconfigured";
+          Restart = "on-failure";
          RestartSec = "10s";
-        Restart = "on-failure";
+          # Security
-        RestartSec = "10s";
+          PrivateTmp = true;
-
+          ProtectSystem = "strict";
-        # Security
+          ReadWritePaths = [ "/var/lib/openclaw" configDir dataDir workspaceDir ];
-        PrivateTmp = true;
+          NoNewPrivileges = true;
-        ProtectSystem = "strict";
+        }
-        ReadWritePaths = [ "/var/lib/openclaw" configDir dataDir workspaceDir ];
+        (lib.mkIf (cfg.environmentFile != null) {
-        NoNewPrivileges = true;
+          EnvironmentFile = cfg.environmentFile;
-      };
+        })
      ];
    };
  };
 }