kfm/niveum
1
0
Fork 0
mirror of https://github.com/kmein/niveum synced 2026-03-16 10:11:08 +01:00
Code Releases Activity

add opencrow Matrix bot on ful

Browse Source 
Uses upstream NixOS module (systemd-nspawn container with sandboxing).

- User: @fable:4d2.org on matrix.4d2.org
- Provider: GitHub Copilot (OAuth, one-time interactive login)
- Secrets via agenix: matrix token as environmentFile,
  soul bind-mounted into the container
- Sessions + pi-agent state in /var/lib/opencrow, backed up via restic

To complete setup:
1. Create secrets/opencrow-matrix-token.age (OPENCROW_MATRIX_ACCESS_TOKEN=...)
2. Create secrets/opencrow-soul.age (SOUL.md content)
3. One-time Copilot login inside the container:
   sudo nixos-container root-login opencrow
   PI_CODING_AGENT_DIR=/var/lib/opencrow/pi-agent pi
   # Run /login, select GitHub Copilot, complete OAuth flow
This commit is contained in:
Kierán Meinhardt
2026-02-17 22:06:37 +01:00
parent 9041e4cb11
commit b46f06a462
4 changed files with 47 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
flake.nix
View File

@@ -26,6 +26,7 @@
wetter.url = "github:4z3/wetter"; wetter.url = "github:4z3/wetter";
wrappers.url = "github:lassulus/wrappers"; wrappers.url = "github:lassulus/wrappers";
llm-agents.url = "github:numtide/llm-agents.nix"; llm-agents.url = "github:numtide/llm-agents.nix";
opencrow.url = "github:pinpox/opencrow";
voidrice.flake = false; voidrice.flake = false;
@@ -62,6 +63,7 @@
wetter.inputs.nixpkgs.follows = "nixpkgs"; wetter.inputs.nixpkgs.follows = "nixpkgs";
niphas.inputs.nixpkgs.follows = "nixpkgs-unstable"; niphas.inputs.nixpkgs.follows = "nixpkgs-unstable";
wrappers.inputs.nixpkgs.follows = "nixpkgs"; wrappers.inputs.nixpkgs.follows = "nixpkgs";
opencrow.inputs.nixpkgs.follows = "nixpkgs";
}; };
outputs = outputs =
@@ -78,6 +80,7 @@
tinc-graph, tinc-graph,
nix-topology, nix-topology,
llm-agents, llm-agents,
opencrow,
nixpkgs-unstable, nixpkgs-unstable,
nixos-hardware, nixos-hardware,
niphas, niphas,
@@ -443,6 +446,7 @@
self.nixosModules.panoptikon self.nixosModules.panoptikon
self.nixosModules.go-webring self.nixosModules.go-webring
stockholm.nixosModules.reaktor2 stockholm.nixosModules.reaktor2
opencrow.nixosModules.default
nur.modules.nixos.default nur.modules.nixos.default
{ {
nixpkgs.overlays = [ nixpkgs.overlays = [

2
secrets.txt
View File

@@ -61,6 +61,8 @@ secrets/nextcloud-password-database.age
secrets/nextcloud-password-fysi.age secrets/nextcloud-password-fysi.age
secrets/nextcloud-password-kieran.age secrets/nextcloud-password-kieran.age
secrets/onlyoffice-jwt-key.age secrets/onlyoffice-jwt-key.age
secrets/opencrow-matrix-token.age
secrets/opencrow-soul.age
secrets/openweathermap-api-key.age secrets/openweathermap-api-key.age
secrets/restic.age secrets/restic.age
secrets/secrets.nix secrets/secrets.nix

1
systems/ful/configuration.nix
View File

@@ -17,6 +17,7 @@
./wallabag.nix ./wallabag.nix
./nethack.nix ./nethack.nix
./openclaw.nix ./openclaw.nix
./opencrow.nix
]; ];
niveum.passport = { niveum.passport = {

40
systems/ful/opencrow.nix Normal file
View File

@@ -0,0 +1,40 @@
{
config,
pkgs,
...
}:
{
age.secrets = {
opencrow-matrix-token = {
file = ../../secrets/opencrow-matrix-token.age;
};
opencrow-soul = {
file = ../../secrets/opencrow-soul.age;
};
};
services.opencrow = {
enable = true;
environmentFiles = [
config.age.secrets.opencrow-matrix-token.path
];
extraBindMounts."/run/secrets/opencrow-soul" = {
hostPath = config.age.secrets.opencrow-soul.path;
isReadOnly = true;
};
environment = {
OPENCROW_MATRIX_HOMESERVER = "https://matrix.4d2.org";
OPENCROW_MATRIX_USER_ID = "@fable:4d2.org";
OPENCROW_PI_PROVIDER = "copilot";
OPENCROW_PI_MODEL = "claude-sonnet-4-20250514";
OPENCROW_SOUL_FILE = "/run/secrets/opencrow-soul";
};
};
services.restic.backups.niveum.paths = [
"/var/lib/opencrow"
];
}