johno/nixos-configs
1
0
Fork 0
Code Issues 1 Pull Requests 3 Actions Packages Projects Releases Wiki Activity

feat: add QMD v2.1.0 as Nix package, bake into openclaw image
CI / check (push) Failing after 1m41s
Details
CI / build-and-cache (push) Has been skipped
Details
CI / Build & Push OpenClaw Image (push) Has been skipped
Details
CI / Deploy OpenClaw to Cluster (push) Has been skipped
Details

Browse Source 
- packages/qmd: buildNpmPackage with Node.js 22 (not Bun) to avoid
  native module ABI issues with better-sqlite3 and sqlite-vec
- Vendored package-lock.json (QMD ships bun.lock, not npm lockfile)
- packages/openclaw-image: adds qmd + tsx to image contents
- packages/default.nix: rec attrset so openclaw-image can inherit qmd
- flake.nix: expose custom-qmd package output for CI caching
This commit is contained in:
John Ogle
2026-04-19 20:52:26 -07:00
parent af496ce9ca
commit e3348e3319
5 changed files with 5418 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files
packages/openclaw-image/default.nix
+25 -18
View File
@@ -1,6 +1,7 @@
{
pkgs,
lib,
qmd,
}:
let
@@ -38,14 +39,14 @@ let
];
}
''
mkdir -p $out/app
mkdir -p $out/app
# Extract all layers from the Docker image tarball
mkdir workdir
tar xf ${openclawBase} -C workdir
# Extract all layers from the Docker image tarball
mkdir workdir
tar xf ${openclawBase} -C workdir
# Python: parse manifest, generate shell script to extract /app from layers
python3 << 'PYEOF'
# Python: parse manifest, generate shell script to extract /app from layers
python3 << 'PYEOF'
import json
with open("workdir/manifest.json") as f:
@@ -71,14 +72,14 @@ let
""")
PYEOF
OUT_DIR="$out" sh extract.sh
OUT_DIR="$out" sh extract.sh
if [ ! -f "$out/app/openclaw.mjs" ]; then
echo "ERROR: /app/openclaw.mjs not found after extraction"
ls -la $out/app/ 2>/dev/null || true
exit 1
fi
echo "Successfully extracted openclaw app"
if [ ! -f "$out/app/openclaw.mjs" ]; then
echo "ERROR: /app/openclaw.mjs not found after extraction"
ls -la $out/app/ 2>/dev/null || true
exit 1
fi
echo "Successfully extracted openclaw app"
'';
# Python environment with pymupdf
@@ -87,20 +88,20 @@ let
# Custom NSS files that include the "node" user (UID 1000, GID 1000).
# fakeNss only creates root/nobody, so we create our own with all three.
openclawNss = pkgs.runCommand "openclaw-nss" { } ''
mkdir -p $out/etc
cat > $out/etc/passwd << 'EOF'
mkdir -p $out/etc
cat > $out/etc/passwd << 'EOF'
root:x:0:0:root user:/var/empty:/bin/sh
nobody:x:65534:65534:nobody:/var/empty:/bin/sh
node:x:1000:1000::/home/node:/bin/bash
EOF
cat > $out/etc/group << 'EOF'
cat > $out/etc/group << 'EOF'
root:x:0:
nobody:x:65534:
node:x:1000:
EOF
cat > $out/etc/shadow << 'EOF'
cat > $out/etc/shadow << 'EOF'
root:!x:::::::
nobody:!x:::::::
node:!x:::::::
@@ -172,14 +173,20 @@ pkgs.dockerTools.buildLayeredImage {
pkgs.git
pkgs.emacs
# Node.js 22+ (for openclaw runtime, QMD when packaged, matrix-bot-sdk)
# Node.js 22+ (for openclaw runtime, QMD, matrix-bot-sdk)
pkgs.nodejs_22
# TypeScript runtime (for running TypeScript files directly, e.g. via nix run)
pkgs.tsx
# Python with pymupdf (PDF-to-image for Claude vision)
pythonEnv
# Gitea CLI (PR workflow)
pkgs.tea
# QMD — on-device hybrid search for markdown (built with Node.js 22, not Bun)
qmd
];
# NOTE: openclawApp is NOT in contents. It would create /app as a symlink
# to /nix/store/..., which breaks OpenClaw's symlink escape security check