nixos-configs/packages/openclaw-image/default.nix

{
  pkgs,
  lib,
}:

let
  # Pin the upstream openclaw image version
  # Updated by Renovate when new versions appear in flake.lock
  openclawImageTag = "2026.4.14";
  openclawImageDigest = "sha256:7ea070b04d1e70811fe8ba15feaad5890b1646021b24e00f4795bd4587a594ed";

  # Pull the upstream openclaw Docker image (only to extract /app from it)
  openclawBase = pkgs.dockerTools.pullImage {
    imageName = "ghcr.io/openclaw/openclaw";
    imageDigest = openclawImageDigest;
    sha256 = "sha256-mSAa7lmciD6OXd3KHr8pf2VJ0aHPGnjdGbeu+oFhNo8=";
    finalImageTag = openclawImageTag;
    os = "linux";
    arch = "amd64";
  };

  # Extract the openclaw application (/app) from the upstream Docker image.
  #
  # We don't use fromImage because Nix's copyToRoot creates a /lib/ directory
  # that shadows the Debian base image's /lib -> usr/lib symlink, breaking
  # the glibc dynamic linker (/lib64/ld-linux-x86-64.so.2 chain).
  # Instead, we extract only /app from the upstream image layers, then build
  # a pure Nix image where everything runs against Nix's glibc.
  #
  # Docker image tars use the Image Manifest v2 format: each layer is a
  # separate .tar within the outer tar. We extract all layers to find /app.
  openclawApp =
    pkgs.runCommand "openclaw-app"
      {
        nativeBuildInputs = [
          pkgs.python3
          pkgs.gnutar
        ];
      }
      ''
        mkdir -p $out/app

        # Extract all layers from the Docker image tarball
        mkdir workdir
        tar xf ${openclawBase} -C workdir

        # Python: parse manifest, generate shell script to extract /app from layers
        python3 << 'PYEOF'
        import json

        with open("workdir/manifest.json") as f:
            manifest = json.load(f)

        layers = manifest[0]["Layers"]

        with open("extract.sh", "w") as script:
            script.write("#!/bin/sh\nset -e\n")
            for layer in layers:
                if layer.endswith(".tar"):
                    lp = f"workdir/{layer}"
                else:
                    lp = f"workdir/{layer}/layer.tar"

                script.write(f"""
        if [ -f '{lp}' ]; then
          if tar tf '{lp}' 2>/dev/null | grep -q '^app/'; then
            echo "Extracting /app from {layer}..." >&2
            tar xf '{lp}' -C "$OUT_DIR" --strip-components=0 app/ 2>/dev/null || true
          fi
        fi
        """)
        PYEOF

        OUT_DIR="$out" sh extract.sh

        if [ ! -f "$out/app/openclaw.mjs" ]; then
          echo "ERROR: /app/openclaw.mjs not found after extraction"
          ls -la $out/app/ 2>/dev/null || true
          exit 1
        fi
        echo "Successfully extracted openclaw app"
      '';

  # Custom NSS files that include the "node" user (UID 1000, GID 1000).
  # fakeNss only creates root/nobody, so we create our own with all three.
  openclawNss = pkgs.runCommand "openclaw-nss" { } ''
    mkdir -p $out/etc
    cat > $out/etc/passwd << 'EOF'
    root:x:0:0:root user:/var/empty:/bin/sh
    nobody:x:65534:65534:nobody:/var/empty:/bin/sh
    node:x:1000:1000::/home/node:/bin/bash
    EOF

    cat > $out/etc/group << 'EOF'
    root:x:0:
    nobody:x:65534:
    node:x:1000:
    EOF

    cat > $out/etc/shadow << 'EOF'
    root:!x:::::::
    nobody:!x:::::::
    node:!x:::::::
    EOF
  '';

  # Node user home directory
  nodeHome = pkgs.runCommand "node-home" { } ''
    mkdir -p $out/home/node
  '';

  # Docker entrypoint script — equivalent to the upstream docker-entrypoint.sh.
  # We replicate it as a Nix derivation to avoid extracting the Debian binary
  # layer and to avoid filesystem conflicts in the image customization layer.
  dockerEntrypoint = pkgs.writeShellScript "docker-entrypoint.sh" ''
    #!/bin/sh
    set -e

    # Run command with node if the first arg contains a "-" or is not a
    # system command. The last part inside the "{}" is a workaround for
    # the following bug in ash/dash:
    # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264
    if [ "''${1#-}" != "$1" ] || [ -z "$(command -v "''${1}")" ] || { [ -f "''${1}" ] && ! [ -x "''${1}" ]; }; then
      set -- node "$@"
    fi

    exec "$@"
  '';

  # Wrap the entrypoint as a derivation so it can be placed via copyToRoot
  # instead of extraCommands (which can't write to paths that already have
  # Nix store symlinks from other contents)
  entrypointPkg = pkgs.runCommand "docker-entrypoint" { } ''
    mkdir -p $out/usr/local/bin
    cp ${dockerEntrypoint} $out/usr/local/bin/docker-entrypoint.sh
    chmod +x $out/usr/local/bin/docker-entrypoint.sh
  '';

in
pkgs.dockerTools.buildLayeredImage {
  name = "openclaw";
  tag = openclawImageTag;

  # Don't use fromImage — see openclawApp derivation comment
  maxLayers = 120;

  contents = [
    # System basics
    pkgs.bashInteractive
    pkgs.coreutils
    pkgs.cacert

    # Custom NSS with node user
    openclawNss

    # Node user home directory
    nodeHome

    # Docker entrypoint script (in /usr/local/bin)
    entrypointPkg

    # Runtime package manager (agents can `nix run` arbitrary packages)
    # Also needed by init container for `nix copy --from` to populate PVC from Harmonia
    pkgs.nix

    # HTTP client (needed for init container Harmonia health checks and fallback)
    pkgs.curl
  ];
  # NOTE: Runtime packages (nodejs_22, kubectl, jq, git, emacs, tsx, tea,
  # pythonEnv, qmd) are NOT in contents. They live in the
  # `openclaw-runtime-closure` meta-package, which CI pushes to the
  # Harmonia binary cache. The init container pulls them from Harmonia
  # into the PVC at pod startup. This keeps the Docker image thin (~1.5GB
  # vs the previous ~2.7GB) and makes CI pushes fast.
  #
  # NOTE: openclawApp is NOT in contents. It would create /app as a symlink
  # to /nix/store/..., which breaks OpenClaw's symlink escape security check
  # (resolved paths "escape" /app/dist/extensions). Instead, extraCommands
  # copies the real files into /app as a proper directory.

  extraCommands = ''
    # Create /tmp with correct permissions (needed by Node.js and nix)
    mkdir -p tmp
    chmod 1777 tmp

    # Create /run for nix-daemon socket
    mkdir -p run

    # Create /var/empty (referenced by NSS passwd home dirs)
    mkdir -p var/empty

    # Copy OpenClaw app as a REAL directory (not a Nix store symlink).
    # The app has a symlink escape check: resolved paths must stay within
    # /app/dist/extensions/. If /app is a symlink to /nix/store/HASH/app/,
    # realpath resolves to /nix/store/... which "escapes" the boundary.
    rm -rf app
    mkdir -p app
    cp -a ${openclawApp}/app/. app/
  '';

  config = {
    Entrypoint = [ "docker-entrypoint.sh" ];
    Cmd = [
      "node"
      "openclaw.mjs"
      "gateway"
      "--allow-unconfigured"
    ];
    WorkingDir = "/app";
    User = "node";

    Env = [
      # SSL certificates
      "SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
      "NIX_SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"

      # Nix configuration
      "NIX_PATH=nixpkgs=flake:nixpkgs"

      # PATH: standard dirs + Nix store bin dirs appended by buildLayeredImage
      # + runtime closure bin dir (populated from Harmonia by init container into PVC)
      "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:${pkgs.custom.openclaw-runtime-closure}/bin"
      "NODE_ENV=production"

      # Home directory (Docker User directive doesn't set HOME from /etc/passwd)
      "HOME=/home/node"
      # Runtime closure path — init container uses this to `nix copy --from` Harmonia
      # This creates a build dependency (Nix resolves the path) but the closure
      # is NOT in `contents`, so it won't be in the image layers.
      "OPENCLAW_RUNTIME_CLOSURE=${pkgs.custom.openclaw-runtime-closure}"
    ];
  };
}