feat: change openclaw to a vm and give read access to a db

hosts/fw/configuration.nix

@@ -38,7 +38,8 @@
 
     ./modules/ai-mailer.nix
     # ./modules/wazuh.nix
-    ./modules/openclaw.nix
+    # ./modules/openclaw.nix # Container: gateway/webchat on .97.60
+    ./modules/openclaw-vm.nix # VM: daemon/onboarding on .97.61
 
     # web
     ./modules/web
@@ -71,8 +72,8 @@
     ./modules/setupnetwork.nix
     ./modules/set-nix-channel.nix # Automatically manage nix-channel from /var/bento/channel
     ./modules/grafana-monitor.nix # Grafana online status monitor
- 
- 
+
+
     ./hardware-configuration.nix
   ];
 
@@ -100,8 +101,8 @@
   hardware.graphics = {
     enable = true;
     extraPackages = with pkgs; [
-      intel-media-driver    # VAAPI driver (iHD) for modern Intel GPUs
-      vpl-gpu-rt           # Intel VPL/QSV runtime for Gen 12+ (N100)
+      intel-media-driver # VAAPI driver (iHD) for modern Intel GPUs
+      vpl-gpu-rt # Intel VPL/QSV runtime for Gen 12+ (N100)
       intel-compute-runtime # OpenCL support for tone-mapping
     ];
   };
@@ -114,15 +115,15 @@
 
   sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
   sops.defaultSopsFile = ./secrets.yaml;
-  
+
   environment.systemPackages = with pkgs; [
     bento
-    conntrack-tools     # view network connection states
-    ethtool             # manage NIC settings (offload, NIC feeatures, ...)
+    conntrack-tools # view network connection states
+    ethtool # manage NIC settings (offload, NIC feeatures, ...)
     git
-    htop                # to see the system load
-    tcpdump             # view network traffic
-    vim                 # my preferred editor
+    htop # to see the system load
+    tcpdump # view network traffic
+    vim # my preferred editor
     wol
     inotify-tools
   ];