feat: add openclaw sandboxed user, sudo policy, fs restrictions, docker proxy, watchdog

2026-03-14 17:02:37 +02:00
parent 2a16184fba
commit eebf3f6159
6 changed files with 181 additions and 0 deletions
--- a/modules/openclaw-user.nix
+++ b/modules/openclaw-user.nix
@@ -0,0 +1,15 @@
+{ pkgs, ... }:
+{
+  users.users.openclaw = {
+    isSystemUser = false;
+    isNormalUser = true;
+    home = "/home/openclaw";
+    createHome = true;
+    group = "openclaw";
+    extraGroups = [ "docker" ];
+    shell = pkgs.bash;
+    description = "OpenClaw agent sandboxed user";
+  };
+
+  users.groups.openclaw = { };
+}