Built this because I wanted a reproducible, auditable way to run AI agents on NixOS without the usual “curl | bash” deployment pattern. Everything is declarative and inspectable.
Would love feedback from the NixOS security folks — especially on the systemd hardening and whether the module options make sense.
Running this in production on NixOS 25.05 with multiple agents.
I’m not OP, but from a quick glance one of the obvious differences is that OP’s solution is a NixOS module, whereas nix-openclaw’s solution is home-manager based.
Great question! baduhai nailed the fundamental difference — here’s the full breakdown:
nix-openclaw (official) is a home-manager module designed for personal machines (macOS + Linux desktop). It’s great for “I want OpenClaw on my laptop” — it manages the gateway as a user-level service, handles plugins declaratively, and supports macOS via launchd.
openclaw-nix (ours) is a NixOS system module designed for dedicated server deployments where security is the priority. The key differences:
• systemd hardening — DynamicUser, ProtectSystem=strict, PrivateTmp, NoNewPrivileges, MemoryDenyWriteExecute, restricted address families, locked-down capabilities. The gateway process can’t touch anything it shouldn’t.
• Dedicated system user with minimal permissions — not running under your home directory
• Network-level isolation — firewall rules baked into the module config
• Server-oriented — designed for headless VPS/cloud deployments where the machine’s only job is running OpenClaw
• Opinionated security defaults — things are locked down out of the box rather than left to the user
Think of it as: nix-openclaw = “OpenClaw on your machine” vs openclaw-nix = “hardened OpenClaw is the machine.”
They’re complementary, not competing. If you’re running OpenClaw on your MacBook alongside your daily workflow, use the official one. If you’re deploying a dedicated agent server and want defense-in-depth, that’s what ours is for.
We’re running this in production on a Hetzner VPS — it’s the actual config behind substation.ninja (https://substation.ninja/).
Good catch — the flake itself is version-agnostic and works on 25.11. Our production server is still on 25.05 (stable at the time of deployment, and “if it ain’t broke” applies when you’re running real services). Upgrade to 25.11 is on the roadmap but not urgent — NixOS makes that a single nixos-rebuild switch when we’re ready.
