From b46f06a46260d8a8f17f5d7ee8778add6bcda24d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kier=C3=A1n=20Meinhardt?= Date: Tue, 17 Feb 2026 22:06:37 +0100 Subject: [PATCH] add opencrow Matrix bot on ful Uses upstream NixOS module (systemd-nspawn container with sandboxing). - User: @fable:4d2.org on matrix.4d2.org - Provider: GitHub Copilot (OAuth, one-time interactive login) - Secrets via agenix: matrix token as environmentFile, soul bind-mounted into the container - Sessions + pi-agent state in /var/lib/opencrow, backed up via restic To complete setup: 1. Create secrets/opencrow-matrix-token.age (OPENCROW_MATRIX_ACCESS_TOKEN=...) 2. Create secrets/opencrow-soul.age (SOUL.md content) 3. One-time Copilot login inside the container: sudo nixos-container root-login opencrow PI_CODING_AGENT_DIR=/var/lib/opencrow/pi-agent pi # Run /login, select GitHub Copilot, complete OAuth flow --- flake.nix | 4 ++++ secrets.txt | 2 ++ systems/ful/configuration.nix | 1 + systems/ful/opencrow.nix | 40 +++++++++++++++++++++++++++++++++++ 4 files changed, 47 insertions(+) create mode 100644 systems/ful/opencrow.nix diff --git a/flake.nix b/flake.nix index afd129c..0ead149 100644 --- a/flake.nix +++ b/flake.nix @@ -26,6 +26,7 @@ wetter.url = "github:4z3/wetter"; wrappers.url = "github:lassulus/wrappers"; llm-agents.url = "github:numtide/llm-agents.nix"; + opencrow.url = "github:pinpox/opencrow"; voidrice.flake = false; @@ -62,6 +63,7 @@ wetter.inputs.nixpkgs.follows = "nixpkgs"; niphas.inputs.nixpkgs.follows = "nixpkgs-unstable"; wrappers.inputs.nixpkgs.follows = "nixpkgs"; + opencrow.inputs.nixpkgs.follows = "nixpkgs"; }; outputs = @@ -78,6 +80,7 @@ tinc-graph, nix-topology, llm-agents, + opencrow, nixpkgs-unstable, nixos-hardware, niphas, @@ -443,6 +446,7 @@ self.nixosModules.panoptikon self.nixosModules.go-webring stockholm.nixosModules.reaktor2 + opencrow.nixosModules.default nur.modules.nixos.default { nixpkgs.overlays = [ diff --git a/secrets.txt b/secrets.txt index bb2bd7e..b3b062f 100644 --- a/secrets.txt +++ b/secrets.txt @@ -61,6 +61,8 @@ secrets/nextcloud-password-database.age secrets/nextcloud-password-fysi.age secrets/nextcloud-password-kieran.age secrets/onlyoffice-jwt-key.age +secrets/opencrow-matrix-token.age +secrets/opencrow-soul.age secrets/openweathermap-api-key.age secrets/restic.age secrets/secrets.nix diff --git a/systems/ful/configuration.nix b/systems/ful/configuration.nix index 5f1cb30..6695960 100644 --- a/systems/ful/configuration.nix +++ b/systems/ful/configuration.nix @@ -17,6 +17,7 @@ ./wallabag.nix ./nethack.nix ./openclaw.nix + ./opencrow.nix ]; niveum.passport = { diff --git a/systems/ful/opencrow.nix b/systems/ful/opencrow.nix new file mode 100644 index 0000000..a0ad106 --- /dev/null +++ b/systems/ful/opencrow.nix @@ -0,0 +1,40 @@ +{ + config, + pkgs, + ... +}: +{ + age.secrets = { + opencrow-matrix-token = { + file = ../../secrets/opencrow-matrix-token.age; + }; + opencrow-soul = { + file = ../../secrets/opencrow-soul.age; + }; + }; + + services.opencrow = { + enable = true; + + environmentFiles = [ + config.age.secrets.opencrow-matrix-token.path + ]; + + extraBindMounts."/run/secrets/opencrow-soul" = { + hostPath = config.age.secrets.opencrow-soul.path; + isReadOnly = true; + }; + + environment = { + OPENCROW_MATRIX_HOMESERVER = "https://matrix.4d2.org"; + OPENCROW_MATRIX_USER_ID = "@fable:4d2.org"; + OPENCROW_PI_PROVIDER = "copilot"; + OPENCROW_PI_MODEL = "claude-sonnet-4-20250514"; + OPENCROW_SOUL_FILE = "/run/secrets/opencrow-soul"; + }; + }; + + services.restic.backups.niveum.paths = [ + "/var/lib/opencrow" + ]; +}