[ci skip] Pass skill secrets to moltbot container and fix Python env

- Add skill_secrets variable to moltbot module with HA tokens and Uptime Kuma password as container env vars - Install Python packages (requests, caldav, icalendar, uptime-kuma-api) in init container with PYTHONPATH for main container access - Update all skills to use python3 directly instead of ~/.venvs/claude venv path that doesn't exist in the container - Remove hardcoded Uptime Kuma password from skill, use env var
2026-02-17 21:53:32 +00:00 · 2026-02-17 21:53:32 +00:00 · 7e3286e572
commit 7e3286e572
parent 9bcdb9e59f
4 changed files with 55 additions and 23 deletions
--- a/.claude/skills/home-assistant/SKILL.md
+++ b/.claude/skills/home-assistant/SKILL.md
@ -40,8 +40,8 @@ There are **two** Home Assistant instances:
 - **Aliases**: "ha" or "HA" = ha-london. "ha sofia" or "ha-sofia" = ha-sofia.

 ## Prerequisites
- The `~/.venvs/claude` virtualenv must have `requests` package installed
- Environment variables for each instance must be set in the venv activation script:
+- Python 3 with `requests` package available (installed via PYTHONPATH or system packages)
+- Environment variables for each instance:
  - **ha-london**: `HOME_ASSISTANT_URL` and `HOME_ASSISTANT_TOKEN`
  - **ha-sofia**: `HOME_ASSISTANT_SOFIA_URL` and `HOME_ASSISTANT_SOFIA_TOKEN`

@ -55,14 +55,14 @@ There are **two** Home Assistant instances:
 | ha-sofia | `.claude/home-assistant-sofia.py` |

 ### Execution Pattern (CRITICAL)
-Always activate the venv to get environment variables:
+Run the scripts directly with python3 (env vars are set in the environment):

 ```bash
 # ha-london (default)
-source ~/.venvs/claude/bin/activate && cd ~/code/infra && python .claude/home-assistant.py [command] [options]
+python3 .claude/home-assistant.py [command] [options]

 # ha-sofia
-source ~/.venvs/claude/bin/activate && cd ~/code/infra && python .claude/home-assistant-sofia.py [command] [options]
+python3 .claude/home-assistant-sofia.py [command] [options]
 ```

 ### Available Commands
@ -194,7 +194,7 @@ ssh vbarzin@192.168.1.8 "cat /config/secrets.yaml"

 To turn on the living room light on ha-london:
 ```bash
-source ~/.venvs/claude/bin/activate && cd ~/code/infra && python .claude/home-assistant.py on light.living_room
+python3 .claude/home-assistant.py on light.living_room
 ```

 To check ha-sofia configuration:
@ -230,7 +230,7 @@ ssh vbarzin@ha-sofia.viktorbarzin.lan "cat /config/configuration.yaml"

 | Error | Cause | Fix |
 |-------|-------|-----|
-| `HOME_ASSISTANT_URL and HOME_ASSISTANT_TOKEN must be set` | Didn't source venv activation | Use `source ~/.venvs/claude/bin/activate && python ...` |
+| `HOME_ASSISTANT_URL and HOME_ASSISTANT_TOKEN must be set` | Env vars not set | Ensure `HOME_ASSISTANT_URL` and `HOME_ASSISTANT_TOKEN` are in the environment |
 | `404 Not Found` | Entity doesn't exist | Use `search` command to find correct entity ID |
 | `401 Unauthorized` | Token invalid/expired | Generate new long-lived token in HA |
 | `Connection refused` | HA not reachable | Check URL and network connectivity |
--- a/.claude/skills/nextcloud-calendar/SKILL.md
+++ b/.claude/skills/nextcloud-calendar/SKILL.md
@ -23,21 +23,21 @@ Need to create, query, or manage calendar events in the user's Nextcloud calenda
 - Default calendar is always Nextcloud unless otherwise specified

 ## Prerequisites
- The `~/.venvs/claude` virtualenv must have `caldav` and `icalendar` packages installed
- Environment variables `NEXTCLOUD_USER` and `NEXTCLOUD_APP_PASSWORD` must be set in the venv activation script
+- Python 3 with `caldav` and `icalendar` packages available (installed via PYTHONPATH or system packages)
+- Environment variables `NEXTCLOUD_USER` and `NEXTCLOUD_APP_PASSWORD` must be set

 ## Solution

 ### Script Location
 ```
-/home/wizard/code/infra/.claude/calendar-query.py
+.claude/calendar-query.py
 ```

 ### Execution Pattern (CRITICAL)
-Always activate the venv to get environment variables:
+Run the script directly with python3 (env vars are set in the environment):

 ```bash
-source ~/.venvs/claude/bin/activate && cd ~/code/infra && python .claude/calendar-query.py [command] [options]
+python3 .claude/calendar-query.py [command] [options]
 ```

 ### Available Commands
@ -103,16 +103,14 @@ python .claude/calendar-query.py week
 To create an event "Team offsite" from March 20-22, 2026:

 ```bash
-source ~/.venvs/claude/bin/activate && cd ~/code/infra && python .claude/calendar-query.py create --title "Team offsite" --start "2026-03-20" --end "2026-03-23" --all-day
+python3 .claude/calendar-query.py create --title "Team offsite" --start "2026-03-20" --end "2026-03-23" --all-day
 ```

 ## Important Notes

 1. **End dates are exclusive** for all-day events (CalDAV standard). To create an event spanning April 10-13, set end to April 14.

-2. **Must source venv activation** - Using `~/.venvs/claude/bin/python` directly won't work because environment variables (`NEXTCLOUD_USER`, `NEXTCLOUD_APP_PASSWORD`) are set in the activation script.
-
-3. **No delete/update commands** - The script currently only supports create and query. To modify events, user must do it manually in Nextcloud.
+2. **No delete/update commands** - The script currently only supports create and query. To modify events, user must do it manually in Nextcloud.

 4. **Default calendar** is "Personal" - use `--calendar` flag for others.

@ -125,6 +123,6 @@ source ~/.venvs/claude/bin/activate && cd ~/code/infra && python .claude/calenda

 | Error | Cause | Fix |
 |-------|-------|-----|
-| `NEXTCLOUD_USER and NEXTCLOUD_APP_PASSWORD must be set` | Didn't source venv activation | Use `source ~/.venvs/claude/bin/activate && python ...` |
-| `Required packages not installed` | caldav/icalendar missing | Run `~/.venvs/claude/bin/pip install caldav icalendar` |
+| `NEXTCLOUD_USER and NEXTCLOUD_APP_PASSWORD must be set` | Env vars not set | Ensure `NEXTCLOUD_USER` and `NEXTCLOUD_APP_PASSWORD` are in the environment |
+| `Required packages not installed` | caldav/icalendar missing | Ensure PYTHONPATH includes the installed packages |
 | `Calendar 'X' not found` | Wrong calendar name | Run `list` command to see available calendars |
--- a/.claude/skills/uptime-kuma/SKILL.md
+++ b/.claude/skills/uptime-kuma/SKILL.md
@ -20,17 +20,18 @@ date: 2026-02-14
 - **Internal**: `uptime-kuma.uptime-kuma.svc.cluster.local:80`
 - **Image**: `louislam/uptime-kuma:2`
 - **Storage**: NFS at `/mnt/main/uptime-kuma` -> `/app/data`
- **API Library**: `uptime-kuma-api` (pip, installed in `~/.venvs/claude/`)
- **Credentials**: admin / EUxhLr4w4NFsGehy
+- **API Library**: `uptime-kuma-api` (pip, available via PYTHONPATH)
+- **Credentials**: admin / (from `UPTIME_KUMA_PASSWORD` env var)

 ## Python API Access

 ### Connection Pattern
 ```python
+import os
 from uptime_kuma_api import UptimeKumaApi, MonitorType

 api = UptimeKumaApi('https://uptime.viktorbarzin.me')
-api.login('admin', 'EUxhLr4w4NFsGehy')
+api.login('admin', os.environ.get('UPTIME_KUMA_PASSWORD', ''))

 # ... operations ...

@ -39,10 +40,11 @@ api.disconnect()

 ### Execution
 ```bash
-~/.venvs/claude/bin/python3 -c "
+python3 -c "
+import os
 from uptime_kuma_api import UptimeKumaApi, MonitorType
 api = UptimeKumaApi('https://uptime.viktorbarzin.me')
-api.login('admin', 'EUxhLr4w4NFsGehy')
+api.login('admin', os.environ.get('UPTIME_KUMA_PASSWORD', ''))
 # ... your code ...
 api.disconnect()
 "
--- a/modules/kubernetes/moltbot/main.tf
+++ b/modules/kubernetes/moltbot/main.tf
@ -4,6 +4,7 @@ variable "ssh_key" {}
 variable "gemini_api_key" { type = string }
 variable "llama_api_key" { type = string }
 variable "brave_api_key" { type = string }
+variable "skill_secrets" { type = map(string) }

 resource "kubernetes_namespace" "moltbot" {
  metadata {
@ -188,6 +189,10 @@ resource "kubernetes_deployment" "moltbot" {
            set -e
            apk add --no-cache curl unzip git-crypt openssh-client git bash

+            # Install pip and Python packages for skills
+            python3 -m ensurepip 2>/dev/null || apk add --no-cache py3-pip
+            pip3 install --break-system-packages --target=/tools/python-libs requests caldav icalendar uptime-kuma-api
+
            # Copy OpenClaw config to writable home dir
            cp /openclaw-config-src/openclaw.json /openclaw-home/openclaw.json

@ -326,6 +331,33 @@ resource "kubernetes_deployment" "moltbot" {
            name  = "GEMINI_API_KEY"
            value = var.gemini_api_key
          }
+          # Skill secrets - Home Assistant
+          env {
+            name  = "HOME_ASSISTANT_URL"
+            value = "https://ha-london.viktorbarzin.me"
+          }
+          env {
+            name  = "HOME_ASSISTANT_TOKEN"
+            value = var.skill_secrets["home_assistant_token"]
+          }
+          env {
+            name  = "HOME_ASSISTANT_SOFIA_URL"
+            value = "https://ha-sofia.viktorbarzin.me"
+          }
+          env {
+            name  = "HOME_ASSISTANT_SOFIA_TOKEN"
+            value = var.skill_secrets["home_assistant_sofia_token"]
+          }
+          # Skill secrets - Uptime Kuma
+          env {
+            name  = "UPTIME_KUMA_PASSWORD"
+            value = var.skill_secrets["uptime_kuma_password"]
+          }
+          # Python packages path for skills
+          env {
+            name  = "PYTHONPATH"
+            value = "/tools/python-libs"
+          }
          volume_mount {
            name       = "tools"
            mount_path = "/tools"