thegeneralist01/config
1
Fork 0
mirror of https://github.com/thegeneralist01/config.git synced 2026-05-30 08:37:01 +02:00
Code Issues Activity

Compare commits

base: thegeneralist01:6d5689d68a2dc6886db0f78530fbea3a0652c445
Branches Tags
thegeneralist01:master
..
compare: thegeneralist01:b68229b94a68b21c299acc408bc2bb53abb64336
Branches Tags
thegeneralist01:master

No commits in common. "6d5689d68a2dc6886db0f78530fbea3a0652c445" and "b68229b94a68b21c299acc408bc2bb53abb64336" have entirely different histories.
6d5689d68a ... b68229b94a

6 changed files with 37 additions and 55 deletions
Download patch file Download diff file Expand all files Collapse all files

72
hosts/thegeneralist-central/configuration.nix
View file

@ -40,7 +40,6 @@
age.secrets.openclawGatewayEnv.owner = "thegeneralist"; age.secrets.openclawGatewayEnv.owner = "thegeneralist";
age.secrets.openclawGatewayEnv.group = "users"; age.secrets.openclawGatewayEnv.group = "users";
age.secrets.openclawGatewayEnv.mode = "0400"; age.secrets.openclawGatewayEnv.mode = "0400";
users.users = { users.users = {
thegeneralist = { thegeneralist = {
isNormalUser = true; isNormalUser = true;
@ -53,7 +52,7 @@
"scanner" "scanner"
"docker" "docker"
]; ];
shell = pkgs.zsh; shell = pkgs.nushell;
home = "/home/thegeneralist"; home = "/home/thegeneralist";
homeMode = "0750"; homeMode = "0750";
linger = true; linger = true;
@ -92,31 +91,25 @@
... ...
}: }:
let let
# openclaw's packages require fetchPnpmDeps and other tooling that is
# only present in its own pinned nixpkgs input, so we must build from
# there rather than from the host nixpkgs.
openclawPkgs = openclawPkgs =
let let
pkgsAarch64 = import inputs.nix-openclaw.inputs.nixpkgs { system = "aarch64-linux"; }; pkgsAarch64 = import inputs.nix-openclaw.inputs.nixpkgs { system = "aarch64-linux"; };
steipetePkgs =
if inputs.nix-openclaw.inputs.nix-steipete-tools ? packages
&& builtins.hasAttr
"aarch64-linux"
inputs.nix-openclaw.inputs.nix-steipete-tools.packages
then
inputs.nix-openclaw.inputs.nix-steipete-tools.packages.aarch64-linux
else
{ };
in in
import "${inputs.nix-openclaw}/nix/packages" { import "${inputs.nix-openclaw}/nix/packages" {
pkgs = pkgsAarch64; pkgs = pkgsAarch64;
sourceInfo = import "${inputs.nix-openclaw}/nix/sources/openclaw-source.nix"; sourceInfo = import "${inputs.nix-openclaw}/nix/sources/openclaw-source.nix";
inherit steipetePkgs;
}; };
openclawPackage = openclawPkgs.openclaw;
# openclaw bundles common CLI tools (rg, goplaces, …) directly in its
# /bin, which causes pkgs.buildEnv to abort with a "conflicting
# subpath" error when those tools are also in home.packages.
#
# Setting meta.priority = 10 (higher number = lower priority) tells
# buildEnv to silently prefer any other package that provides the same
# binary, instead of erroring out. Priority 5 is the nixpkgs default,
# so any explicitly installed package will win over openclaw's bundled
# copies while openclaw's own binaries (openclaw, openclaw-gateway, …)
# are still linked if nothing else claims them.
openclawPackage = openclawPkgs.openclaw.overrideAttrs (old: {
meta = (old.meta or { }) // { priority = 10; };
});
in in
{ {
home = { home = {
@ -126,39 +119,34 @@
}; };
programs.openclaw = { programs.openclaw = {
instances.default = { documents = ./openclaw-documents;
enable = true; package = openclawPackage;
package = openclawPackage; config = {
gateway = {
mode = "local";
auth.mode = "token";
};
systemd.enable = true; channels.telegram = {
tokenFile = osConfig.age.secrets.openclawTelegramToken.path;
config = { # Replace with your Telegram user ID from @userinfobot.
gateway = { allowFrom = [ 0 ];
mode = "local"; groups."*" = {
auth.mode = "token"; requireMention = true;
};
channels.telegram = {
tokenFile = osConfig.age.secrets.openclawTelegramToken.path;
# Placeholder overwritten at activation time by the script
# below, which reads the real ID from the age secret.
allowFrom = [ 0 ];
groups."*" = {
requireMention = true;
};
}; };
}; };
}; };
instances.default = {
enable = true;
package = openclawPackage;
};
}; };
# Inject gateway credentials (ANTHROPIC_API_KEY, gateway token, …)
# from the age-encrypted env file into the systemd unit at runtime.
systemd.user.services.openclaw-gateway.Service.EnvironmentFile = [ systemd.user.services.openclaw-gateway.Service.EnvironmentFile = [
osConfig.age.secrets.openclawGatewayEnv.path osConfig.age.secrets.openclawGatewayEnv.path
]; ];
# Patch the generated openclaw.json to replace the placeholder 0 above
# with the real Telegram user ID stored in the age secret.
home.activation.openclawTelegramAllowFrom = home.activation.openclawTelegramAllowFrom =
lib.hm.dag.entryAfter [ "openclawConfigFiles" ] '' lib.hm.dag.entryAfter [ "openclawConfigFiles" ] ''
set -euo pipefail set -euo pipefail

1
hosts/thegeneralist-central/hardware-configuration.nix
View file

@ -10,7 +10,6 @@
"sd_mod" "sd_mod"
]; ];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.loader.systemd-boot.graceful = true;
# Wi-Fi stuff # Wi-Fi stuff
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;

2
modules/common/custom-options.nix
View file

@ -16,7 +16,7 @@ in {
isServer = mkOption { isServer = mkOption {
type = types.bool; type = types.bool;
default = config.nixpkgs.hostPlatform.isAarch64 && config.nixpkgs.hostPlatform.system == "aarch64-linux"; default = config.nixpkgs.hostPlatform.isAarch64;
description = "Whether the system is a server. Determined by the processor architecture."; description = "Whether the system is a server. Determined by the processor architecture.";
}; };

1
modules/common/ghostty.nix
View file

@ -25,7 +25,6 @@
gtk-titlebar = false; gtk-titlebar = false;
mouse-hide-while-typing = true; mouse-hide-while-typing = true;
custom-shader = "~/.config/ghostty-shaders/shader.glsl";
}; };
}; };
}]; }];

2
modules/common/shell/0_nushell.nix
View file

@ -20,7 +20,7 @@ let
unstable = import (builtins.fetchTarball { unstable = import (builtins.fetchTarball {
url = "https://github.com/NixOS/nixpkgs/archive/nixos-unstable.tar.gz"; url = "https://github.com/NixOS/nixpkgs/archive/nixos-unstable.tar.gz";
sha256 = if (config.isServer) then "sha256:0fgmdh1j6qrx64wq8wk2hry2rjh3rkvz9pch29l8zn49nlndvxy2" else (if (config.onLinux) then "sha256:0fgmdh1j6qrx64wq8wk2hry2rjh3rkvz9pch29l8zn49nlndvxy2" else "sha256:16xi1yijq2ccbp8254zc0b5fgz0igxvyf4yn349wj2ggk4cl6dgn"); sha256 = if (config.onLinux) then "sha256:0fgmdh1j6qrx64wq8wk2hry2rjh3rkvz9pch29l8zn49nlndvxy2" else "sha256:16xi1yijq2ccbp8254zc0b5fgz0igxvyf4yn349wj2ggk4cl6dgn";
}) { system = pkgs.system; }; }) { system = pkgs.system; };
package = unstable.nushell; package = unstable.nushell;
in in

14
modules/common/shell/default.nix
View file

@ -11,6 +11,7 @@ let
flatten flatten
getAttr getAttr
mapAttrsToList mapAttrsToList
mkIf
mkOption mkOption
sortOn sortOn
toInt toInt
@ -63,28 +64,23 @@ in
} }
) )
( (mkIf config.isDarwin (
homeArgs: homeArgs:
let let
config' = homeArgs.config; config' = homeArgs.config;
nuExecCondition =
if config.isDarwin then
''[ -z "$INTELLIJ_ENVIRONMENT_READER" ] && [ -z "$skip" ]''
else
''[ -z "$INTELLIJ_ENVIRONMENT_READER" ] && [ -z "$skip" ] && [ -n "$SSH_TTY" ]'';
in in
{ {
home.file.".zshrc".text = # zsh home.file.".zshrc".text = # zsh
'' ''
export PATH="$HOME/.local/bin:/run/current-system/sw/bin:/nix/var/nix/profiles/default/bin:/etc/profiles/per-user/$USER/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin''${PATH:+:}''${PATH}" export PATH="/run/current-system/sw/bin:/nix/var/nix/profiles/default/bin:/etc/profiles/per-user/$USER/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin''${PATH:+:}''${PATH}"
source ${config'.home.sessionVariablesPackage}/etc/profile.d/hm-session-vars.sh source ${config'.home.sessionVariablesPackage}/etc/profile.d/hm-session-vars.sh
if ${nuExecCondition}; then if [ -z "$INTELLIJ_ENVIRONMENT_READER" ] && [ -z "$skip" ]; then
SHELL='${lib.getExe <| lib.head config'.shellsByPriority}' exec "$SHELL" SHELL='${lib.getExe <| lib.head config'.shellsByPriority}' exec "$SHELL"
fi fi
''; '';
} }
) ))
]; ];
} }