harivansh-afk/nix
1
1
Fork 0
mirror of https://github.com/harivansh-afk/nix.git synced 2026-04-15 05:02:10 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

feat: hermes frame mog openclaw
Some checks are pending
quality / changes (push) Waiting to run
Details
quality / Flake Check (push) Blocked by required conditions
Details
quality / Nix Format Check (push) Blocked by required conditions
Details
quality / Deploy netty (push) Blocked by required conditions
Details

Browse source
This commit is contained in:
Harivansh Rathi 2026-04-09 03:16:41 +00:00
parent c882f44a0b
commit bad6fc6733
15 changed files with 279 additions and 222 deletions
Download patch file Download diff file Expand all files Collapse all files

2
hosts/netty/configuration.nix
View file

@ -18,7 +18,7 @@ in
./vaultwarden.nix
./forgejo.nix
./betternas.nix
./openclaw-gateway.nix
./hermes-gateway.nix
./forgejo-runner.nix
../../modules/base.nix
(modulesPath + "/profiles/minimal.nix")

5
hosts/netty/forgejo.nix
View file

@ -137,9 +137,11 @@ in
clean_url=$(printf '%s' "$clone_url" | sed 's|https://oauth2:[^@]*@github.com/|https://github.com/|')
local repo_id
repo_id=$(sqlite3 /var/lib/forgejo/data/forgejo.db \
".timeout 5000" \
"SELECT r.id FROM repository r JOIN \"user\" u ON r.owner_id=u.id WHERE u.lower_name=LOWER('$forgejo_owner') AND r.lower_name=LOWER('$repo_name');")
if [ -n "$repo_id" ]; then
sqlite3 /var/lib/forgejo/data/forgejo.db \
".timeout 5000" \
"UPDATE mirror SET remote_address='$clean_url' WHERE repo_id=$repo_id AND remote_address LIKE '%ghp_%';"
fi
}
@ -332,6 +334,7 @@ in
# find the latest commit we already recorded for this repo
latest=$(sqlite3 "$DB" \
".timeout 5000" \
"SELECT COALESCE(MAX(created_unix),0) FROM action WHERE repo_id=$repo_id AND act_user_id=$user_id AND op_type=$OP_TYPE;")
# convert to ISO 8601 "since" param (skip if no prior records -> fetch all)
@ -372,10 +375,12 @@ in
# deduplicate on repo + user + timestamp
exists=$(sqlite3 "$DB" \
".timeout 5000" \
"SELECT COUNT(*) FROM action WHERE user_id=$user_id AND repo_id=$repo_id AND op_type=$OP_TYPE AND created_unix=$created_unix;")
[ "$exists" -gt 0 ] && continue
sqlite3 "$DB" \
".timeout 5000" \
"INSERT INTO action (user_id, op_type, act_user_id, repo_id, ref_name, is_private, content, created_unix) VALUES ($user_id, $OP_TYPE, $user_id, $repo_id, 'refs/heads/$branch', 1, '$content', $created_unix);"
repo_added=$((repo_added + 1))

77
hosts/netty/hermes-gateway.nix Normal file
View file

@ -0,0 +1,77 @@
{
inputs,
pkgs,
username,
...
}:
let
homeDir = "/home/${username}";
stateDir = "${homeDir}/.hermes";
in
{
# The hermes-agent NixOS module orders its activation script after
# "setupSecrets" (sops-nix / agenix). We don't use either, so
# provide a no-op to satisfy the dependency.
system.activationScripts.setupSecrets = "";
services.hermes-agent = {
enable = true;
package = inputs.hermes-agent.packages.${pkgs.stdenv.hostPlatform.system}.default;
user = username;
group = "users";
createUser = false;
stateDir = stateDir;
workingDirectory = "${stateDir}/workspace";
addToSystemPackages = false;
environmentFiles = [ "${stateDir}/.env" ];
environment = {
HERMES_MANAGED = "true";
};
documents = {
"SOUL.md" = ../../config/hermes/SOUL.md;
"TOOLS.md" = ../../config/hermes/TOOLS.md;
"HEARTBEAT.md" = ../../config/hermes/HEARTBEAT.md;
};
settings = {
model = {
provider = "openai-codex";
model = "gpt-5.4";
};
agent = {
max_turns = 100;
verbose = false;
};
terminal = {
backend = "local";
};
compression = {
enabled = true;
};
memory = {
memory_enabled = true;
user_profile_enabled = true;
};
toolsets = [ "coding" ];
channels = {
telegram = {
bot_token = "\${TELEGRAM_BOT_TOKEN}";
dm_policy = "pairing";
};
};
};
mcpServers = {};
extraPackages = with pkgs; [
nodejs_22
git
docker
];
restart = "always";
restartSec = 5;
};
}

4
hosts/netty/nginx.nix
View file

@ -2,7 +2,7 @@
...
}:
let
openClawDomain = "netty.harivan.sh";
hermesDomain = "netty.harivan.sh";
forgejoDomain = "git.harivan.sh";
vaultDomain = "vault.harivan.sh";
betternasDomain = "api.betternas.com";
@ -19,7 +19,7 @@ in
recommendedTlsSettings = true;
clientMaxBodySize = "512m";
virtualHosts.${openClawDomain} = {
virtualHosts.${hermesDomain} = {
enableACME = true;
forceSSL = true;
locations."/" = {

68
hosts/netty/openclaw-gateway.nix
View file

@ -1,68 +0,0 @@
{
inputs,
pkgs,
username,
...
}:
let
homeDir = "/home/${username}";
stateDir = "${homeDir}/.openclaw";
runtimeConfig = "${stateDir}/openclaw.json";
in
{
services.openclaw-gateway = {
enable = true;
package = inputs.openClaw.packages.${pkgs.stdenv.hostPlatform.system}.default;
port = 2470;
user = username;
group = "users";
createUser = false;
stateDir = stateDir;
environmentFiles = [ "${stateDir}/.env" ];
environment = {
OPENCLAW_NIX_MODE = "1";
OPENCLAW_CONFIG_PATH = runtimeConfig;
};
execStart = "${homeDir}/.local/share/npm/bin/openclaw gateway --port 2470";
execStartPre = [
"+${pkgs.coreutils}/bin/install -m 600 -o ${username} -g users /etc/openclaw/openclaw.json ${runtimeConfig}"
];
servicePath = with pkgs; [
pkgs.nodejs_22
git
docker
];
config = {
gateway = {
mode = "local";
bind = "loopback";
port = 2470;
trustedProxies = [ "127.0.0.1" "::1" ];
controlUi.allowedOrigins = [ "https://netty.harivan.sh" ];
auth = {
mode = "token";
token = "\${OPENCLAW_GATEWAY_TOKEN}";
};
};
channels.telegram = {
botToken = "\${TELEGRAM_BOT_TOKEN}";
dmPolicy = "pairing";
};
agents.defaults = {
workspace = "~/.openclaw/workspace";
skipBootstrap = false;
model = {
primary = "opanai-codex/gpt-5.4";
fallbacks = [ "opanai-codex/gpt-5.4-mini" ];
};
sandbox.mode = "off";
};
tools = {
profile = "coding";
fs.workspaceOnly = true;
loopDetection.enabled = true;
deny = [ "sessions_send" "sessions_spawn" ];
};
};
};
}