mirror of
https://github.com/kmein/niveum
synced 2026-03-16 10:11:08 +01:00
Kierán Meinhardt
722b1e9d14
Uses upstream NixOS module (systemd-nspawn container with sandboxing). - User: @fable:4d2.org on matrix.4d2.org - Provider: GitHub Copilot (OAuth, one-time interactive login) - pkgs.pi added via extraPackages (available on PATH inside container) - Secrets via agenix: matrix token as environmentFile, soul bind-mounted into the container - Sessions + pi-agent state in /var/lib/opencrow, backed up via restic To complete setup: 1. Create secrets/opencrow-matrix-token.age (OPENCROW_MATRIX_ACCESS_TOKEN=...) 2. Create secrets/opencrow-soul.age (SOUL.md content) 3. One-time Copilot login inside the container: sudo nixos-container root-login opencrow PI_CODING_AGENT_DIR=/var/lib/opencrow/pi-agent pi # Run /login, select GitHub Copilot, complete OAuth flow
43 lines
895 B
Nix
43 lines
895 B
Nix
{
|
|
config,
|
|
pkgs,
|
|
...
|
|
}:
|
|
{
|
|
age.secrets = {
|
|
opencrow-matrix-token = {
|
|
file = ../../secrets/opencrow-matrix-token.age;
|
|
};
|
|
opencrow-soul = {
|
|
file = ../../secrets/opencrow-soul.age;
|
|
};
|
|
};
|
|
|
|
services.opencrow = {
|
|
enable = true;
|
|
|
|
extraPackages = [ pkgs.pi ];
|
|
|
|
environmentFiles = [
|
|
config.age.secrets.opencrow-matrix-token.path
|
|
];
|
|
|
|
extraBindMounts."/run/secrets/opencrow-soul" = {
|
|
hostPath = config.age.secrets.opencrow-soul.path;
|
|
isReadOnly = true;
|
|
};
|
|
|
|
environment = {
|
|
OPENCROW_MATRIX_HOMESERVER = "https://matrix.4d2.org";
|
|
OPENCROW_MATRIX_USER_ID = "@fable:4d2.org";
|
|
OPENCROW_PI_PROVIDER = "copilot";
|
|
OPENCROW_PI_MODEL = "claude-sonnet-4-20250514";
|
|
OPENCROW_SOUL_FILE = "/run/secrets/opencrow-soul";
|
|
};
|
|
};
|
|
|
|
services.restic.backups.niveum.paths = [
|
|
"/var/lib/opencrow"
|
|
];
|
|
}
|