openclaw: bring tom to slack in persistent http connection kept

Author: theorderingmachine

CHANGELOG.md

@@ -6,6 +6,7 @@ versioning is done in a continuous fashion without worries of breaking changes.
 
 ## patches
 
+- `openclaw`: bring tom to slack in persistent http connection kept 2026-04-05
 - `systemd`: protect against services finding another other process 2026-04-04
 - `nix`: import language servers and formatted linter from upstream 2026-04-04
 - `vhs`: record terminal demos with tapes that share in caring gifs 2026-03-30

cloud/configuration.nix

@@ -66,6 +66,10 @@
                 email = "zim@o526.net";
                 group = "nginx";
               };
+              "tom.o526.net" = {
+                email = "zim@o526.net";
+                group = "nginx";
+              };
               "o526.net" = {
                 email = "zim@o526.net";
                 group = "nginx";
@@ -124,6 +128,17 @@
                   proxyWebsockets = true;
                 };
               };
+              "tom.o526.net" = {
+                enableACME = true;
+                forceSSL = true;
+                locations."/slack/events" = {
+                  proxyPass = "http://10.100.0.2:18789";
+                  proxyWebsockets = false;
+                  extraConfig = ''
+                    proxy_set_header x-forwarded-user "slack";
+                  '';
+                };
+              };
               "o526.net" = {
                 enableACME = true;
                 forceSSL = true;

flake.lock

@@ -20,6 +20,10 @@
       url = "github:LnL7/nix-darwin";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+    nix-openclaw = {
+      url = "github:openclaw/nix-openclaw";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
     nixos-generators = {
       url = "github:nix-community/nixos-generators";
       inputs.nixpkgs.follows = "nixpkgs";
@@ -166,6 +170,7 @@
             ./machines/tom/configuration.nix
             inputs.home-manager.nixosModules.home-manager
             inputs.impermanence.nixosModules.impermanence
+            inputs.nix-openclaw.nixosModules.openclaw-gateway
             inputs.sops-nix.nixosModules.sops
             {
               home-manager = {

flake.nix

@@ -13,6 +13,11 @@
     };
   };
   nixpkgs.config = {
+    allowInsecurePredicate =
+      pkg:
+      builtins.elem (pkgs.lib.getName pkg) [
+        "openclaw"
+      ];
     allowUnfreePredicate =
       pkg:
       builtins.elem (pkgs.lib.getName pkg) [
@@ -60,6 +65,7 @@
     ./services/interception-tools
     ./services/minecraft-server
     ./services/ollama
+    ./services/openclaw-gateway
     ./services/openssh
     ./services/pipewire
     ./services/plasma6
@@ -93,6 +99,7 @@
       "/etc/ollama/models"
       "/srv/minecraft/world"
       "/var/lib/nixos"
+      "/var/lib/openclaw"
       "/var/lib/slack"
       "/var/lib/soft-serve"
       "/var/lib/systemd/coredump"
@@ -159,6 +166,7 @@
         5000 # Quintus
         8082 # Todo's Guide
         8083 # Endpoints
+        18789 # OpenClaw
         23231 # Soft Serve
         25565 # Minecraft
       ];
@@ -283,6 +291,12 @@
         owner = "slacks";
         group = "slacks";
       };
+      "openclaw" = {
+        format = "dotenv";
+        owner = "openclaw";
+        group = "openclaw";
+        sopsFile = ./services/openclaw-gateway/vault.env;
+      };
       "restic/git" = {
         owner = "git";
         group = "git";

machines/tom/configuration.nix

@@ -0,0 +1,7 @@
+keys:
+  - &tom age1dujf55uzev2nnpq6c2drn0e8pmpxay22qqfsavwaxqakwn9se5hsputgx4
+creation_rules:
+  - path_regex: \.env$
+    key_groups:
+      - age:
+          - *tom