replace pi with openclaw (#60)

2026-04-15 05:02:10 +00:00 · 2026-04-03 11:16:16 -04:00 · 2026-04-03 11:16:16 -04:00 · 630ec774ce
commit 630ec774ce
parent be2370f406
12 changed files with 160 additions and 114 deletions
--- a/hosts/netty/configuration.nix
+++ b/hosts/netty/configuration.nix
@ -18,7 +18,7 @@ in
    ./vaultwarden.nix
    ./forgejo.nix
    ./betternas.nix
-    ./pi-agent.nix
+    ./openclaw-gateway.nix
    ../../modules/base.nix
    (modulesPath + "/profiles/minimal.nix")
    (modulesPath + "/profiles/headless.nix")
@ -114,7 +114,6 @@ in

  environment.systemPackages = packageSets.extras ++ [
    pkgs.chromium
-    pkgs.dtach
    pkgs.php
  ];

--- a/hosts/netty/nginx.nix
+++ b/hosts/netty/nginx.nix
@ -2,7 +2,7 @@
  ...
 }:
 let
-  sandboxDomain = "netty.harivan.sh";
+  openClawDomain = "netty.harivan.sh";
  forgejoDomain = "git.harivan.sh";
  vaultDomain = "vault.harivan.sh";
  betternasDomain = "api.betternas.com";
@ -19,11 +19,16 @@ in
    recommendedTlsSettings = true;
    clientMaxBodySize = "512m";

-    # Reserved for future use - nothing listening on this port yet
-    virtualHosts.${sandboxDomain} = {
+    virtualHosts.${openClawDomain} = {
      enableACME = true;
      forceSSL = true;
-      locations."/".proxyPass = "http://127.0.0.1:2470";
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:2470";
+        proxyWebsockets = true;
+        extraConfig = ''
+          proxy_set_header X-Forwarded-For $remote_addr;
+        '';
+      };
    };

    virtualHosts.${forgejoDomain} = {
--- a/hosts/netty/openclaw-gateway.nix
+++ b/hosts/netty/openclaw-gateway.nix
@ -0,0 +1,61 @@
+{
+  pkgs,
+  username,
+  ...
+}:
+let
+  homeDir = "/home/${username}";
+  openClawStateDir = "${homeDir}/.openclaw";
+  openClawConfigPath = "${openClawStateDir}/openclaw.json";
+  openClawEnvFile = "${openClawStateDir}/.env";
+  openClawBin = "${homeDir}/.local/share/npm/bin/openclaw";
+  openClawCheck = pkgs.writeShellScript "openclaw-gateway-check" ''
+    [ -x "${openClawBin}" ] && [ -f "${openClawConfigPath}" ] && [ -s "${openClawEnvFile}" ]
+  '';
+in
+{
+  systemd.tmpfiles.rules = [
+    "d ${openClawStateDir} 0700 ${username} users -"
+    "d ${openClawStateDir}/workspace 0700 ${username} users -"
+    "z ${openClawEnvFile} 0600 ${username} users -"
+    "z ${openClawConfigPath} 0600 ${username} users -"
+  ];
+
+  systemd.services.openclaw-gateway = {
+    description = "OpenClaw Gateway";
+    after = [ "network-online.target" ];
+    wants = [ "network-online.target" ];
+    wantedBy = [ "multi-user.target" ];
+    path = with pkgs; [
+      nodejs_22
+      git
+      coreutils
+      findutils
+      gnugrep
+      gawk
+      docker
+    ];
+    environment = {
+      HOME = homeDir;
+      NODE_NO_WARNINGS = "1";
+      OPENCLAW_NIX_MODE = "1";
+      OPENCLAW_STATE_DIR = openClawStateDir;
+      OPENCLAW_CONFIG_PATH = openClawConfigPath;
+      NPM_CONFIG_USERCONFIG = "${homeDir}/.config/npm/npmrc";
+      XDG_CACHE_HOME = "${homeDir}/.cache";
+      XDG_CONFIG_HOME = "${homeDir}/.config";
+      XDG_DATA_HOME = "${homeDir}/.local/share";
+    };
+    serviceConfig = {
+      Type = "simple";
+      User = username;
+      Group = "users";
+      WorkingDirectory = openClawStateDir;
+      ExecCondition = openClawCheck;
+      EnvironmentFile = "-${openClawEnvFile}";
+      ExecStart = "${openClawBin} gateway run";
+      Restart = "on-failure";
+      RestartSec = 5;
+    };
+  };
+}
--- a/hosts/netty/pi-agent.nix
+++ b/hosts/netty/pi-agent.nix
@ -1,50 +0,0 @@
-{
-  pkgs,
-  username,
-  ...
-}:
-let
-  piAgentEnvFile = "/var/lib/pi-agent/pi-agent.env";
-  piBin = "/home/${username}/.local/share/npm/bin/pi";
-
-  # Start pi inside an interactive login shell so it inherits the full user
-  # environment (PATH, XDG dirs, etc). dtach provides the PTY that pi needs.
-  piAgentStart = pkgs.writeShellScript "start-pi-agent" ''
-    exec ${pkgs.dtach}/bin/dtach -N /run/pi-agent/pi-agent.sock \
-      /run/current-system/sw/bin/zsh -lic 'exec ${piBin} --chat-bridge'
-  '';
-in
-{
-  systemd.tmpfiles.rules = [
-    "d /var/lib/pi-agent 0750 ${username} users -"
-    "z ${piAgentEnvFile} 0600 ${username} users -"
-    "d /run/pi-agent 0750 ${username} users -"
-  ];
-
-  # Pi coding agent running as a Telegram bridge gateway.
-  # The main process hosts extensions (pi-channels, pi-schedule-prompt,
-  # pi-subagents) and polls Telegram. Actual prompts run in separate
-  # pi --mode rpc subprocesses spawned on demand.
-  #
-  # Runs as a login shell so the agent has the full user environment
-  #
-  # Config: ~/.pi/agent/settings.json (bot token, bridge settings)
-  # API key: /var/lib/pi-agent/pi-agent.env
-  systemd.services.pi-agent = {
-    description = "Pi Telegram Bridge";
-    after = [ "network-online.target" ];
-    wants = [ "network-online.target" ];
-    wantedBy = [ "multi-user.target" ];
-    path = [ pkgs.dtach ];
-    serviceConfig = {
-      Type = "simple";
-      User = username;
-      Group = "users";
-      WorkingDirectory = "/home/${username}";
-      EnvironmentFile = piAgentEnvFile;
-      ExecStart = piAgentStart;
-      Restart = "on-failure";
-      RestartSec = 10;
-    };
-  };
-}