feat: update moltbot to openclaw

2026-02-03 09:45:52 +01:00 · 2026-02-03 09:45:52 +01:00 · a3c7e5993e
commit a3c7e5993e
parent 470f84a4b9
2 changed files with 9 additions and 11 deletions
--- a/hosts/fw/modules/openclaw.nix
+++ b/hosts/fw/modules/openclaw.nix
@ -0,0 +1,56 @@
+{ config, pkgs, lib, ... }:
+
+with lib;
+{
+  # openclaw - AI assistant with WebChat
+  # Container with browser support for web automation
+
+  virtualisation.oci-containers.backend = "podman";
+
+  # Secret for gateway authentication token
+  sops.secrets.moltbot-gateway-token = {
+    key = "moltbot-gateway-token";
+  };
+
+  # Persistent directories on host for backup
+  # UID 1000 is the 'node' user inside the container
+  systemd.tmpfiles.rules = [
+    "d /var/lib/openclaw 0755 1000 1000 - -"
+    "d /var/lib/openclaw/home 0755 1000 1000 - -"
+    "d /var/lib/openclaw/extensions 0755 1000 1000 - -"
+    "d /run/moltbot 0700 root root - -"
+  ];
+
+  virtualisation.oci-containers.containers.openclaw = {
+    image = "ghcr.io/openclaw/openclaw:main";
+
+    # Run gateway mode, bind to all interfaces in container
+    cmd = [ "dist/index.js" "gateway" "--bind" "lan" "--port" "18789" "--allow-unconfigured" ];
+
+    ports = [
+      "${config.networkPrefix}.97.1:18789:18789" # Gateway/WebChat
+      "${config.networkPrefix}.97.1:18790:18790" # Bridge
+    ];
+
+    volumes = [
+      "/var/lib/openclaw/home:/home/node:rw"
+    ];
+
+    environment = {
+      HOME = "/home/node";
+      TERM = "xterm-256color";
+      OPENCLAW_STATE_DIR = "/home/node/.openclaw";
+      PUPPETEER_SKIP_CHROMIUM_DOWNLOAD = "false";
+    };
+
+    extraOptions = [
+      "--pull=newer"
+      "--network=server"
+      "--ip=${config.networkPrefix}.97.60"
+      "--init"
+      # Chrome sandbox capabilities
+      "--cap-add=SYS_ADMIN"
+      "--security-opt=seccomp=unconfined"
+    ];
+  };
+}