diff --git a/flake.lock b/flake.lock
index 435f331..7e9b4d2 100644
--- a/flake.lock
+++ b/flake.lock
@@ -303,6 +303,24 @@
         "type": "github"
       }
     },
+    "flake-utils_4": {
+      "inputs": {
+        "systems": "systems_3"
+      },
+      "locked": {
+        "lastModified": 1731533236,
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
     "fromYaml": {
       "flake": false,
       "locked": {
@@ -359,6 +377,27 @@
         "type": "github"
       }
     },
+    "home-manager_2": {
+      "inputs": {
+        "nixpkgs": [
+          "nix-openclaw",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1767909183,
+        "narHash": "sha256-u/bcU0xePi5bgNoRsiqSIwaGBwDilKKFTz3g0hqOBAo=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "cd6e96d56ed4b2a779ac73a1227e0bb1519b3509",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
     "import-tree": {
       "locked": {
         "lastModified": 1771045967,
@@ -449,6 +488,47 @@
         "type": "github"
       }
     },
+    "nix-openclaw": {
+      "inputs": {
+        "flake-utils": "flake-utils_4",
+        "home-manager": "home-manager_2",
+        "nix-steipete-tools": "nix-steipete-tools",
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1771657318,
+        "narHash": "sha256-xFDNFFN5U9wtMcj1iACmoL6W4PWJeg9C0Pk2+BoY09s=",
+        "owner": "openclaw",
+        "repo": "nix-openclaw",
+        "rev": "fbef2087190ccfca375b351cdaad49bcbaea721a",
+        "type": "github"
+      },
+      "original": {
+        "owner": "openclaw",
+        "repo": "nix-openclaw",
+        "type": "github"
+      }
+    },
+    "nix-steipete-tools": {
+      "inputs": {
+        "nixpkgs": "nixpkgs_4"
+      },
+      "locked": {
+        "lastModified": 1771639217,
+        "narHash": "sha256-eidzES1s+0/Ngkw0fmLGdZ+NSN6P7RwKD0lPLYGqZoU=",
+        "owner": "openclaw",
+        "repo": "nix-steipete-tools",
+        "rev": "95ebfa73f4421144173f7060433c510a7d2d014a",
+        "type": "github"
+      },
+      "original": {
+        "owner": "openclaw",
+        "repo": "nix-steipete-tools",
+        "type": "github"
+      }
+    },
     "nixpkgs": {
       "locked": {
         "lastModified": 1748162331,
@@ -528,6 +608,22 @@
       }
     },
     "nixpkgs_4": {
+      "locked": {
+        "lastModified": 1767364772,
+        "narHash": "sha256-fFUnEYMla8b7UKjijLnMe+oVFOz6HjijGGNS1l7dYaQ=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "16c7794d0a28b5a37904d55bcca36003b9109aaa",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixpkgs-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_5": {
       "locked": {
         "lastModified": 1771714954,
         "narHash": "sha256-nhZJPnBavtu40/L2aqpljrfUNb2rxmWTmSjK2c9UKds=",
@@ -543,7 +639,7 @@
         "type": "github"
       }
     },
-    "nixpkgs_5": {
+    "nixpkgs_6": {
       "locked": {
         "lastModified": 1771369470,
         "narHash": "sha256-0NBlEBKkN3lufyvFegY4TYv5mCNHbi5OmBDrzihbBMQ=",
@@ -615,7 +711,8 @@
         "import-tree": "import-tree",
         "lazyvim": "lazyvim",
         "niri-flake": "niri-flake",
-        "nixpkgs": "nixpkgs_4",
+        "nix-openclaw": "nix-openclaw",
+        "nixpkgs": "nixpkgs_5",
         "noctalia": "noctalia",
         "sops-nix": "sops-nix",
         "spicetify-nix": "spicetify-nix",
@@ -644,8 +741,8 @@
     },
     "spicetify-nix": {
       "inputs": {
-        "nixpkgs": "nixpkgs_5",
-        "systems": "systems_3"
+        "nixpkgs": "nixpkgs_6",
+        "systems": "systems_4"
       },
       "locked": {
         "lastModified": 1771737804,
@@ -674,7 +771,7 @@
           "nixpkgs"
         ],
         "nur": "nur",
-        "systems": "systems_4",
+        "systems": "systems_5",
         "tinted-foot": "tinted-foot",
         "tinted-kitty": "tinted-kitty",
         "tinted-schemes": "tinted-schemes",
@@ -756,6 +853,21 @@
         "type": "github"
       }
     },
+    "systems_5": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
     "tinted-foot": {
       "flake": false,
       "locked": {
diff --git a/flake.nix b/flake.nix
index e8f0585..f90543d 100644
--- a/flake.nix
+++ b/flake.nix
@@ -45,6 +45,9 @@
 
     ccnix.url = "github:sadjow/claude-code-nix";
     ccnix.inputs.nixpkgs.follows = "nixpkgs";
+
+    nix-openclaw.url = "github:openclaw/nix-openclaw";
+    nix-openclaw.inputs.nixpkgs.follows = "nixpkgs";
   };
 
   outputs = inputs @ {flake-parts, ...}:
diff --git a/modules/hosts/krembo.nix b/modules/hosts/krembo.nix
index ac6bcd9..c549233 100644
--- a/modules/hosts/krembo.nix
+++ b/modules/hosts/krembo.nix
@@ -6,5 +6,6 @@
 
   flake.modules.homeManager.krembo.imports = with config.flake.modules.homeManager; [
     base
+    server
   ];
 }
diff --git a/modules/server/openclaw.nix b/modules/server/openclaw.nix
new file mode 100644
index 0000000..8f860df
--- /dev/null
+++ b/modules/server/openclaw.nix
@@ -0,0 +1,53 @@
+{
+  inputs,
+  config,
+  ...
+}: let
+  flk = config.flake;
+in {
+  flake.modules.nixos.server = {
+    pkgs,
+    config,
+    ...
+  }: {
+    nixpkgs.overlays = [inputs.nix-openclaw.overlays.default];
+
+    sops.secrets."openclaw/telegram_token" = {
+      owner = flk.meta.user.name;
+    };
+    sops.secrets."openclaw/env" = {
+      owner = flk.meta.user.name;
+    };
+  };
+
+  flake.modules.homeManager.server = {
+    imports = [inputs.nix-openclaw.homeManagerModules.openclaw];
+
+    programs.openclaw = {
+      enable = true;
+      config = {
+        channels.telegram = {
+          tokenFile = "/run/secrets/openclaw/telegram_token";
+          allowFrom = [
+            flk.meta.telegram.userId
+          ];
+        };
+
+        gateway = {
+          mode = "local";
+        };
+      };
+    };
+
+    # Pass the ANTHROPIC_API_KEY (and any other env vars) to the gateway service.
+    # The env file at /run/secrets/openclaw/env should contain lines like:
+    #   ANTHROPIC_API_KEY=sk-ant-...
+    #
+    # NOTE (issue #35): gateway.auth.token does not serialize from Nix config into
+    # the on-disk JSON that the gateway reads.  After first activation, run:
+    #   openclaw config set gateway.auth.token <your-token>
+    systemd.user.services.openclaw-gateway = {
+      serviceConfig.EnvironmentFile = "/run/secrets/openclaw/env";
+    };
+  };
+}
diff --git a/modules/settings.nix b/modules/settings.nix
index dba810c..ce2f38c 100644
--- a/modules/settings.nix
+++ b/modules/settings.nix
@@ -25,4 +25,6 @@
 
   flake.meta.location = "/home/${flake.meta.user.name}/dotfiles";
   flake.meta.stateVersion = "25.11";
+
+  flake.meta.telegram.userId = 8561191706;
 }
diff --git a/secrets.yaml b/secrets.yaml
index 23deffb..2abfe03 100644
--- a/secrets.yaml
+++ b/secrets.yaml
@@ -9,6 +9,9 @@ cloudflare:
     git: ENC[AES256_GCM,data:QxpLDjVsPiIxSKq6hWUOBS0wWxZ2ccLmSYQA64U3n+Y42Uuaf92pJHt3CQ2ZSaIXWbgpVotln/vBexRA1RH4ZpF5vwyYX1XUwCisv3qdkS/P4/kZIt8TtdvYV1pVwxZRqm58aA0L4ZuNk0q5a1tscrXtLVJ2+uvF9we6Oloz5uMA+XCBwzkqo6Ucbc/47gbUPTRSzMRpY1n8ma71NiensFn0lGtyWfB7TW26pLbSVg==,iv:mZmufTufxBuRkE0YNBwRNV4Shq1Uq2r+MzsNuzPkzQI=,tag:igtKa2VSLBjY9eKWONoKOg==,type:str]
 forgejo:
     token: ENC[AES256_GCM,data:3bsyRuBeK7+Blph3YUFB92b1pWgLcSUjy5j+2KfigaFubHs6c26zAEuH0bKBZg==,iv:lAJWyZlaV1hP6W6Y2ZkMfFFACcGjnHW/pNuXgPSOLlU=,tag:POmNl8JIidEoHhnjaqqz4A==,type:str]
+openclaw:
+    telegram_token: ENC[AES256_GCM,data:11Zs7rG4kRDD/D3QTGhRWVWt3B07cFXp+tLqcBAr1ndiaaXlREErx+LfvOqTbw==,iv:e0yKbWo/o9Zgfs5TXhcqW5j3eYgOU1fKxC60qOzNc4Q=,tag:JihBeOrv1stFoPLryscsyA==,type:str]
+    env: ENC[AES256_GCM,data:rwh4fwayEedjc11laGeanEHjv7u1JW5t8RhZ8GpE61kX7ZItE2LAGPWHCDC6gbo4WAQn2TIec1j0FWSZ/nb9QWUsNWk4qCPFy5ICcQaLmDVflM1fZ9ytvJJ0lRtHGt6omg/khcb7Wlmb26q+4jN7A1gUbKroEG7oteasL01bA6D4v0HlkHTF2RUc4iVzmSLy2ThqgP72WwLH8OpBGjKUoeKEjbi1iTbj,iv:xsBLCym03VPqzJwFCKTpE1iNezOIfgiCHPWzqXnvhgQ=,tag:5TECYurLuOnsvl6GLPxMYg==,type:str]
 sops:
     age:
         - recipient: age1fdrtfvf3ywarc4sq7jjc5d6elas3fr73cfenkkyyj0ck6z9x2d0qlpn92h
@@ -38,7 +41,7 @@ sops:
             MFp0UW1HSW9MbmppcHlNM25CaFhqOWcKppF0dE4YNh+mN1tyZju4zxM6ZFBSKx9U
             cGYtUemtt4s9ko3hPt8ZM/ysKOeZgnYoeG7QQnwSoF3F+/gurvb0Bg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2026-02-10T14:02:32Z"
-    mac: ENC[AES256_GCM,data:k7Q1vKz+OApin8eUUf6t87JWeXrryG5eK2MMA7uOKVG303aoZ6Th/0LhVq/0uHADZFQDvY3if+CbTcKt1kydVLzHY60zFsRHb1pea7hT0/VQ7LU5PmaNxCkN6YvLfDfHanZ24CcH4dU6RM70VTgy1Dv20rl9EBjv8wIByPFlu9M=,iv:VAAD+AxEOn9akFJZfkwJ7ylbs2PaGspDxvSrXbIXHD0=,tag:xDHbYEgkClGnvsDexs82Yw==,type:str]
+    lastmodified: "2026-02-25T16:56:00Z"
+    mac: ENC[AES256_GCM,data:3spsthx9MLxW+iYt5FgxXxnLqR+ZW1pZKfaMeJ2gP/aADvLIhf1DCl4ZFX6sLpFJu1P2MBWL8tTdPE6rpUE606sOSXsBd9CkGgimGoxu2j+Jp903d9BIFVeHBZ5x9JSunfnrvCDIg9wfuzm98ZLWdFaGv/sfuvzgIS0Mbde+imM=,iv:OqhK+SOZb03KEvLq4Mtm2O9bqicPqm2CDSsHCok08bY=,tag:qXHRdxHcOtWLunkaodw9CA==,type:str]
     unencrypted_suffix: _unencrypted
     version: 3.11.0