From b505d2a327d3c7e6c32c221a150e5bf26519b03f Mon Sep 17 00:00:00 2001
From: ashisgreat22 <dev@ashisgreat.xyz>
Date: Thu, 19 Mar 2026 23:04:50 +0100
Subject: [PATCH] fix(openclaw): fix ebusy on config file write

- Replace read-only bind mount for openclaw.json with a full directory bind mount.

- Use systemd preStart to copy the Nix declarative config file before startup.

- This prevents the EBUSY crash loop when OpenClaw attempts to modify its own config file on launch.
---
 modules/openclaw-podman.nix | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/modules/openclaw-podman.nix b/modules/openclaw-podman.nix
index 080ef0d..22aa609 100644
--- a/modules/openclaw-podman.nix
+++ b/modules/openclaw-podman.nix
@@ -39,6 +39,11 @@ in
     # Enable podman
     myModules.podman.enable = true;
 
+    # Create directory for OpenClaw data
+    systemd.tmpfiles.rules = [
+      "d /var/lib/openclaw 0755 1000 1000 -" # Assuming node user is uid 1000
+    ];
+
     # OpenClaw container (bridge network — isolated from host services)
     virtualisation.oci-containers.containers."openclaw" = {
       image = "ghcr.io/openclaw/openclaw:latest";
@@ -47,9 +52,16 @@ in
         config.sops.templates."openclaw.env".path
       ];
       volumes = [
-        "${./openclaw-config.json}:/home/node/.openclaw/openclaw.json:ro"
-        "openclaw-data:/home/node/.openclaw"
+        "/var/lib/openclaw:/home/node/.openclaw"
       ];
     };
+
+    # Copy the declarative config before starting the container
+    # This allows OpenClaw to safely write/rename the file at runtime without EBUSY errors
+    systemd.services."podman-openclaw".preStart = lib.mkBefore ''
+      cp -f ${./openclaw-config.json} /var/lib/openclaw/openclaw.json
+      chown 1000:1000 /var/lib/openclaw/openclaw.json
+      chmod 644 /var/lib/openclaw/openclaw.json
+    '';
   };
 }