thegeneralist01/config
1
Fork 0
mirror of https://github.com/thegeneralist01/config.git synced 2026-05-30 08:37:01 +02:00
Code Issues Activity

Merge branch 'master' of github.com:thegeneralist01/config

Browse source
This commit is contained in:
TheGeneralist 2026-03-16 17:16:46 +01:00
commit 81918e08ef
Signed by: thegeneralist01
SSH key fingerprint: SHA256:pp9qddbCNmVNoSjevdvQvM5z0DHN7LTa8qBMbcMq/R4
3 changed files with 43 additions and 30 deletions
Download patch file Download diff file Expand all files Collapse all files

70
hosts/thegeneralist-central/configuration.nix
View file

@ -40,6 +40,7 @@
age.secrets.openclawGatewayEnv.owner = "thegeneralist"; age.secrets.openclawGatewayEnv.owner = "thegeneralist";
age.secrets.openclawGatewayEnv.group = "users"; age.secrets.openclawGatewayEnv.group = "users";
age.secrets.openclawGatewayEnv.mode = "0400"; age.secrets.openclawGatewayEnv.mode = "0400";
users.users = { users.users = {
thegeneralist = { thegeneralist = {
isNormalUser = true; isNormalUser = true;
@ -91,25 +92,31 @@
... ...
}: }:
let let
# openclaw's packages require fetchPnpmDeps and other tooling that is
# only present in its own pinned nixpkgs input, so we must build from
# there rather than from the host nixpkgs.
openclawPkgs = openclawPkgs =
let let
pkgsAarch64 = import inputs.nix-openclaw.inputs.nixpkgs { system = "aarch64-linux"; }; pkgsAarch64 = import inputs.nix-openclaw.inputs.nixpkgs { system = "aarch64-linux"; };
steipetePkgs =
if inputs.nix-openclaw.inputs.nix-steipete-tools ? packages
&& builtins.hasAttr
"aarch64-linux"
inputs.nix-openclaw.inputs.nix-steipete-tools.packages
then
inputs.nix-openclaw.inputs.nix-steipete-tools.packages.aarch64-linux
else
{ };
in in
import "${inputs.nix-openclaw}/nix/packages" { import "${inputs.nix-openclaw}/nix/packages" {
pkgs = pkgsAarch64; pkgs = pkgsAarch64;
sourceInfo = import "${inputs.nix-openclaw}/nix/sources/openclaw-source.nix"; sourceInfo = import "${inputs.nix-openclaw}/nix/sources/openclaw-source.nix";
inherit steipetePkgs;
}; };
openclawPackage = openclawPkgs.openclaw;
# openclaw bundles common CLI tools (rg, goplaces, …) directly in its
# /bin, which causes pkgs.buildEnv to abort with a "conflicting
# subpath" error when those tools are also in home.packages.
#
# Setting meta.priority = 10 (higher number = lower priority) tells
# buildEnv to silently prefer any other package that provides the same
# binary, instead of erroring out. Priority 5 is the nixpkgs default,
# so any explicitly installed package will win over openclaw's bundled
# copies while openclaw's own binaries (openclaw, openclaw-gateway, …)
# are still linked if nothing else claims them.
openclawPackage = openclawPkgs.openclaw.overrideAttrs (old: {
meta = (old.meta or { }) // { priority = 10; };
});
in in
{ {
home = { home = {
@ -119,34 +126,39 @@
}; };
programs.openclaw = { programs.openclaw = {
documents = ./openclaw-documents;
package = openclawPackage;
config = {
gateway = {
mode = "local";
auth.mode = "token";
};
channels.telegram = {
tokenFile = osConfig.age.secrets.openclawTelegramToken.path;
# Replace with your Telegram user ID from @userinfobot.
allowFrom = [ 0 ];
groups."*" = {
requireMention = true;
};
};
};
instances.default = { instances.default = {
enable = true; enable = true;
package = openclawPackage; package = openclawPackage;
systemd.enable = true;
config = {
gateway = {
mode = "local";
auth.mode = "token";
};
channels.telegram = {
tokenFile = osConfig.age.secrets.openclawTelegramToken.path;
# Placeholder overwritten at activation time by the script
# below, which reads the real ID from the age secret.
allowFrom = [ 0 ];
groups."*" = {
requireMention = true;
};
};
};
}; };
}; };
# Inject gateway credentials (ANTHROPIC_API_KEY, gateway token, …)
# from the age-encrypted env file into the systemd unit at runtime.
systemd.user.services.openclaw-gateway.Service.EnvironmentFile = [ systemd.user.services.openclaw-gateway.Service.EnvironmentFile = [
osConfig.age.secrets.openclawGatewayEnv.path osConfig.age.secrets.openclawGatewayEnv.path
]; ];
# Patch the generated openclaw.json to replace the placeholder 0 above
# with the real Telegram user ID stored in the age secret.
home.activation.openclawTelegramAllowFrom = home.activation.openclawTelegramAllowFrom =
lib.hm.dag.entryAfter [ "openclawConfigFiles" ] '' lib.hm.dag.entryAfter [ "openclawConfigFiles" ] ''
set -euo pipefail set -euo pipefail

1
hosts/thegeneralist-central/hardware-configuration.nix
View file

@ -10,6 +10,7 @@
"sd_mod" "sd_mod"
]; ];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.loader.systemd-boot.graceful = true;
# Wi-Fi stuff # Wi-Fi stuff
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;

2
modules/common/shell/0_nushell.nix
View file

@ -20,7 +20,7 @@ let
unstable = import (builtins.fetchTarball { unstable = import (builtins.fetchTarball {
url = "https://github.com/NixOS/nixpkgs/archive/nixos-unstable.tar.gz"; url = "https://github.com/NixOS/nixpkgs/archive/nixos-unstable.tar.gz";
sha256 = if (config.onLinux) then "sha256:0fgmdh1j6qrx64wq8wk2hry2rjh3rkvz9pch29l8zn49nlndvxy2" else "sha256:16xi1yijq2ccbp8254zc0b5fgz0igxvyf4yn349wj2ggk4cl6dgn"; sha256 = if (config.isServer) then "sha256:0fgmdh1j6qrx64wq8wk2hry2rjh3rkvz9pch29l8zn49nlndvxy2" else (if (config.onLinux) then "sha256:0fgmdh1j6qrx64wq8wk2hry2rjh3rkvz9pch29l8zn49nlndvxy2" else "sha256:16xi1yijq2ccbp8254zc0b5fgz0igxvyf4yn349wj2ggk4cl6dgn");
}) { system = pkgs.system; }; }) { system = pkgs.system; };
package = unstable.nushell; package = unstable.nushell;
in in