feat: add openclaw sandboxed user, sudo policy, fs restrictions, docker proxy, watchdog

2026-03-14 17:02:37 +02:00
parent 2a16184fba
commit eebf3f6159
6 changed files with 181 additions and 0 deletions
--- a/modules/openclaw-sudo.nix
+++ b/modules/openclaw-sudo.nix
@@ -0,0 +1,17 @@
+{
+  security.sudo.extraRules = [
+    {
+      users = [ "openclaw" ];
+      commands = [
+        {
+          command = "/run/current-system/sw/bin/cat";
+          options = [ "NOPASSWD" ];
+        }
+        {
+          command = "/run/current-system/sw/bin/docker";
+          options = [ "NOPASSWD" ];
+        }
+      ];
+    }
+  ];
+}