nixos: add openclaw-gateway module

joshp123 · joshp123 · commit 2a9a3be47b85 · 2026-02-15T14:32:00.000-08:00
Adds services.openclaw-gateway NixOS module:
- systemd service for │
◇  Doctor warnings ──────────────────────────────────────╮
│                                                        │
│  - State dir migration skipped: target already exists  │
│    (/Users/josh/.openclaw). Remove or merge manually.  │
│                                                        │
├────────────────────────────────────────────────────────╯
- deep-merged config attrset -&gt; /etc/openclaw/openclaw.json
- configurable unit name, env, preStart, and PATH

This lets downstream stacks (clawdinators) avoid re-implementing the gateway service.
diff --git a/flake.nix b/flake.nix
@@ -120,6 +120,7 @@
     )
     // {
       overlays.default = overlay;
+      nixosModules.openclaw-gateway = import ./nix/modules/nixos/openclaw-gateway.nix;
       homeManagerModules.openclaw = import ./nix/modules/home-manager/openclaw.nix;
       darwinModules.openclaw = import ./nix/modules/darwin/openclaw.nix;
     };
diff --git a/nix/modules/nixos/openclaw-gateway.nix b/nix/modules/nixos/openclaw-gateway.nix
@@ -0,0 +1,217 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+let
+  cfg = config.services.openclaw-gateway;
+
+  deepConfigType = lib.types.mkOptionType {
+    name = "openclaw-config-attrs";
+    description = "OpenClaw JSON config (attrset), merged deeply via lib.recursiveUpdate.";
+    check = builtins.isAttrs;
+    merge = _loc: defs: lib.foldl' lib.recursiveUpdate { } (map (d: d.value) defs);
+  };
+
+  configJson = builtins.toJSON cfg.config;
+  generatedConfigFile = pkgs.writeText "openclaw.json" configJson;
+  configFile = if cfg.configFile != null then cfg.configFile else generatedConfigFile;
+
+  # `environment.etc` takes a relative path.
+  etcRelPath = lib.removePrefix "/etc/" cfg.configPath;
+
+  execStartCmd =
+    if cfg.execStart != null then
+      cfg.execStart
+    else
+      "${cfg.package}/bin/openclaw gateway --port ${toString cfg.port}";
+
+in
+{
+  options.services.openclaw-gateway = with lib; {
+    enable = mkEnableOption "OpenClaw gateway (openclaw gateway as a systemd service)";
+
+    unitName = mkOption {
+      type = types.str;
+      default = "openclaw-gateway";
+      description = "systemd unit name (service will be <unitName>.service).";
+    };
+
+    package = mkOption {
+      type = types.package;
+      default = if pkgs ? openclaw-gateway then pkgs.openclaw-gateway else pkgs.openclaw;
+      description = "OpenClaw gateway package.";
+    };
+
+    port = mkOption {
+      type = types.port;
+      default = 18789;
+      description = "Gateway listen port.";
+    };
+
+    user = mkOption {
+      type = types.str;
+      default = "openclaw";
+      description = "System user running the gateway.";
+    };
+
+    group = mkOption {
+      type = types.str;
+      default = "openclaw";
+      description = "System group running the gateway.";
+    };
+
+    createUser = mkOption {
+      type = types.bool;
+      default = true;
+      description = "Create the user/group automatically.";
+    };
+
+    stateDir = mkOption {
+      type = types.str;
+      default = "/var/lib/openclaw";
+      description = "State dir (OPENCLAW_STATE_DIR).";
+    };
+
+    workingDirectory = mkOption {
+      type = types.str;
+      default = cfg.stateDir;
+      description = "Working directory for the systemd service.";
+    };
+
+    configPath = mkOption {
+      type = types.str;
+      default = "/etc/openclaw/openclaw.json";
+      description = "Path to the OpenClaw JSON config file (OPENCLAW_CONFIG_PATH). Must be under /etc.";
+    };
+
+    configFile = mkOption {
+      type = types.nullOr types.path;
+      default = null;
+      description = "Optional path to an existing config file. If set, it is copied to configPath (under /etc).";
+    };
+
+    config = mkOption {
+      type = deepConfigType;
+      default = { };
+      description = "OpenClaw JSON config (attrset), deep-merged across definitions.";
+    };
+
+    logPath = mkOption {
+      type = types.str;
+      default = "${cfg.stateDir}/logs/gateway.log";
+      description = "Log file path (systemd StandardOutput/StandardError append).";
+    };
+
+    environment = mkOption {
+      type = types.attrsOf types.str;
+      default = { };
+      description = "Additional environment variables for the gateway process.";
+    };
+
+    environmentFiles = mkOption {
+      type = types.listOf types.str;
+      default = [ ];
+      description = "systemd EnvironmentFile= entries (use leading '-' to ignore missing).";
+    };
+
+    execStart = mkOption {
+      type = types.nullOr types.str;
+      default = null;
+      description = "Override ExecStart command. If unset, runs: openclaw gateway --port <port>.";
+    };
+
+    execStartPre = mkOption {
+      type = types.listOf types.str;
+      default = [ ];
+      description = "List of ExecStartPre= commands.";
+    };
+
+    servicePath = mkOption {
+      type = types.listOf types.package;
+      default = [ ];
+      description = "Extra packages added to systemd service PATH.";
+    };
+
+    restart = mkOption {
+      type = types.str;
+      default = "always";
+      description = "systemd Restart=.";
+    };
+
+    restartSec = mkOption {
+      type = types.int;
+      default = 2;
+      description = "systemd RestartSec=.";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    assertions = [
+      {
+        assertion = lib.hasPrefix "/etc/" cfg.configPath;
+        message = "services.openclaw-gateway.configPath must be under /etc (got: ${cfg.configPath}).";
+      }
+    ];
+
+    users.groups.${cfg.group} = lib.mkIf cfg.createUser { };
+    users.users.${cfg.user} = lib.mkIf cfg.createUser {
+      isSystemUser = true;
+      group = cfg.group;
+      home = cfg.stateDir;
+      createHome = true;
+      shell = pkgs.bashInteractive;
+    };
+
+    systemd.tmpfiles.rules = [
+      "d ${cfg.stateDir} 0750 ${cfg.user} ${cfg.group} - -"
+      "d ${builtins.dirOf cfg.logPath} 0750 ${cfg.user} ${cfg.group} - -"
+      "d ${builtins.dirOf cfg.configPath} 0755 root root - -"
+    ];
+
+    environment.etc.${etcRelPath} = {
+      mode = "0644";
+      source = configFile;
+    };
+
+    systemd.services.${cfg.unitName} = {
+      description = "OpenClaw gateway";
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" ];
+
+      environment = {
+        OPENCLAW_CONFIG_PATH = cfg.configPath;
+        OPENCLAW_STATE_DIR = cfg.stateDir;
+
+        # Backward-compatible env names.
+        CLAWDBOT_CONFIG_PATH = cfg.configPath;
+        CLAWDBOT_STATE_DIR = cfg.stateDir;
+      }
+      // cfg.environment;
+
+      serviceConfig = {
+        User = cfg.user;
+        Group = cfg.group;
+        WorkingDirectory = cfg.workingDirectory;
+
+        EnvironmentFile = cfg.environmentFiles;
+        ExecStartPre = cfg.execStartPre;
+        ExecStart = execStartCmd;
+
+        Restart = cfg.restart;
+        RestartSec = cfg.restartSec;
+
+        StandardOutput = "append:${cfg.logPath}";
+        StandardError = "append:${cfg.logPath}";
+      };
+
+      path = [
+        pkgs.bash
+        pkgs.coreutils
+      ]
+      ++ cfg.servicePath;
+    };
+  };
+}

Original file line number	Diff line number	Diff line change
`@@ -120,6 +120,7 @@`
`120`	`120`	`)`
`121`	`121`	`// {`
`122`	`122`	`overlays.default = overlay;`
	`123`	`+ nixosModules.openclaw-gateway = import ./nix/modules/nixos/openclaw-gateway.nix;`
`123`	`124`	`homeManagerModules.openclaw = import ./nix/modules/home-manager/openclaw.nix;`
`124`	`125`	`darwinModules.openclaw = import ./nix/modules/darwin/openclaw.nix;`
`125`	`126`	`};`