- Add openclaw-superpowers as a flake input.
- Implement superpowers option in openclaw-podman module.
- Automate skill symlinking, state directory creation, and cron registration.
- Ensure PyYAML is installed within the container via a post-startup service.
- Enable superpowers in the main configuration.
- Use 'chown -R 1000:1000' and 'chmod -R u+rwX' in the preStart script.
- This ensures all files in /var/lib/openclaw are accessible by the container's node user.
- Replace read-only bind mount for openclaw.json with a full directory bind mount.
- Use systemd preStart to copy the Nix declarative config file before startup.
- This prevents the EBUSY crash loop when OpenClaw attempts to modify its own config file on launch.
- Drops --network=host from OpenClaw container
- Container now runs on Podman's default bridge network
- Gateway port already mapped via ports config (127.0.0.1:18789:8080)
- Container retains outbound internet access for Discord API, model providers, etc.
- Cannot reach other host services (Forgejo, Vaultwarden, etc.) — principle of least privilege
Note: If OpenClaw needs to reach local services in the future, add explicit
extraOptions like --network=bridge or create a shared Podman network.
- Move openclaw config to separate json file
- Reference file directly in podman module
- Remove problematic builtins.toJSON with nested arrays
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Use official ghcr.io/openclaw/openclaw image
- configure via JSON config file
- containerized for better isolation
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
