fix(openclaw): fix ebusy on config file write

- Replace read-only bind mount for openclaw.json with a full directory bind mount.

- Use systemd preStart to copy the Nix declarative config file before startup.

- This prevents the EBUSY crash loop when OpenClaw attempts to modify its own config file on launch.

modules/openclaw-podman.nix

@@ -39,6 +39,11 @@ in
     # Enable podman
     myModules.podman.enable = true;
 
+    # Create directory for OpenClaw data
+    systemd.tmpfiles.rules = [
+      "d /var/lib/openclaw 0755 1000 1000 -" # Assuming node user is uid 1000
+    ];
+
     # OpenClaw container (bridge network — isolated from host services)
     virtualisation.oci-containers.containers."openclaw" = {
       image = "ghcr.io/openclaw/openclaw:latest";
@@ -47,9 +52,16 @@ in
         config.sops.templates."openclaw.env".path
       ];
       volumes = [
-        "${./openclaw-config.json}:/home/node/.openclaw/openclaw.json:ro"
+        "/var/lib/openclaw:/home/node/.openclaw"
-        "openclaw-data:/home/node/.openclaw"
       ];
     };
+
+    # Copy the declarative config before starting the container
+    # This allows OpenClaw to safely write/rename the file at runtime without EBUSY errors
+    systemd.services."podman-openclaw".preStart = lib.mkBefore ''
+      cp -f ${./openclaw-config.json} /var/lib/openclaw/openclaw.json
+      chown 1000:1000 /var/lib/openclaw/openclaw.json
+      chmod 644 /var/lib/openclaw/openclaw.json
+    '';
   };
 }