openclaw/clawdinators
openclaw/clawdinators
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
main
clawdinators/docs/POC.md
joshp123 4a40ae24e2 🤖 config: restrict main clawdinator discord scope to clawdinators-test 
What:
- remove #clawdributors-test and #clawdributors channel IDs from `nix/hosts/clawdinator-common.nix`
- keep only channel `1458426982579830908` (#clawdinators-test) in the main Discord allowlist
- simplify now-unused sendPolicy deny rules tied to removed channels
- align docs/memory/workspace references to #clawdinators-test only

Why:
- enforce single-channel listening surface for main clawdinator instances
- eliminate stale channel references that could cause operator confusion
- keep runtime config and docs aligned

Tests:
- nix shell nixpkgs#shellcheck nixpkgs#shfmt -c bash scripts/lint-shell.sh (pass)
- nix eval --raw .#nixosConfigurations.clawdinator-1.config.system.build.toplevel.drvPath --accept-flake-config >/dev/null (pass)
- nix eval --raw .#nixosConfigurations.clawdinator-2.config.system.build.toplevel.drvPath --accept-flake-config >/dev/null (pass)
2026-02-23 17:20:38 +01:00

1.5 KiB
Raw Permalink Blame History

POC: CLAWDINATOR-1

Acceptance criteria:

  • One AWS host provisioned from an AMI built from this repo.
  • Host created via OpenTofu using infra/opentofu/aws.
  • NixOS config applied via Nix (module or flake).
  • CLAWDINATOR-1 connects to Discord #clawdinators-test.
  • GitHub integration is read-only.
  • Shared memory directory mounted and writable.
  • Discord allowlist configured (guild + channels).

Secrets needed (initially):

  • Discord bot token (per instance).
  • GitHub token (PAT or App installation token).
  • Anthropic API key.
  • AWS credentials (image pipeline + infra).

Secrets wiring:

  • Infra: AWS credentials for OpenTofu and CI.

Image pipeline:

  • Build a bootstrap image with nixos-generators (raw) from nix/hosts/clawdinator-1-image.nix, upload to S3, import as an AMI via snapshot import + register-image.
  • Launch instances from the AMI, then nixos-rebuild applies full config.
  • Runtime: explicit token files via agenix (standard).
  • GitHub token is required. Prefer GitHub App (services.clawdinator.githubApp.*) to mint short-lived tokens.
  • Store PEM and tokens in the local secrets repo (see docs/SECRETS.md) and decrypt to /run/agenix/*.
  • Discord token is required: set services.clawdinator.discordTokenFile to /run/agenix/clawdinator-discord-token-<n>.

Deliverables:

  • Infra code in infra/opentofu/aws.
  • Nix module in nix/.
  • CLAWDINATOR config in clawdinator/.

Nix wiring notes:

  • Apply nix-openclaw overlay (latest upstream).
  • Enable services.clawdinator and provide openclaw.json config.