infra/modules/nixos/security/ai-worker-restricted.nix

{ config, pkgs, lib, ... }:

with lib;

{
  options.services.aiWorkerAccess = mkOption {
    type = types.bool;
    default = false;
    description = "Enable restricted AI worker access to infra repo with deployment capabilities";
  };

  config = mkIf config.services.aiWorkerAccess {
    # Bind mount for infra repo access (read-write for editing)
    fileSystems."/home/ai-worker/infra" = {
      device = "/home/gortium/infra";
      fsType = "none";
      options = [ "bind" ];
    };

    # Restricted sudo access - only specific commands allowed
    security.sudo.extraRules = [
      {
        users = [ "ai-worker" ];
        commands = [
          {
            command = "/run/current-system/sw/bin/nh";
            options = [ "NOPASSWD" ];
          }
          {
            command = "/run/current-system/sw/bin/nixos-rebuild";
            options = [ "NOPASSWD" ];
          }
          {
            command = "/run/current-system/sw/bin/nixpkgs-fmt";
            options = [ "NOPASSWD" ];
          }
          {
            command = "/run/current-system/sw/bin/nix";
            options = [ "NOPASSWD" ];
          }
        ];
      }
    ];

    # Ensure ai-worker has necessary tools available
    environment.systemPackages = with pkgs; [
      nh
      nixpkgs-fmt
    ];

    # Audit logging for ai-worker actions on infra directory
    security.audit.enable = mkDefault true;
    security.audit.rules = [
      "-w /home/gortium/infra -p wa -k infra_changes"
    ];
  };
}
Add restricted AI worker access with deployment capabilities - New module: modules/nixos/security/ai-worker-restricted.nix - Bind mount for infra repo access (RW) - Whitelisted sudo commands: nh, nixos-rebuild, nixpkgs-fmt, nix - Audit logging for infra changes - Documentation in README-ai-worker.md - Updated users/ai-worker.nix: - Enable services.aiWorkerAccess - Lock password (SSH key only) - Security documentation comments - Updated flake.nix: - Include new security module SECURITY: AI must ask for user confirmation before running nh os switch 2026-04-28 15:34:38 +00:00			`{ config, pkgs, lib, ... }:`

			`with lib;`

			`{`
			`options.services.aiWorkerAccess = mkOption {`
			`type = types.bool;`
			`default = false;`
			`description = "Enable restricted AI worker access to infra repo with deployment capabilities";`
			`};`

			`config = mkIf config.services.aiWorkerAccess {`
			`# Bind mount for infra repo access (read-write for editing)`
			`fileSystems."/home/ai-worker/infra" = {`
			`device = "/home/gortium/infra";`
			`fsType = "none";`
			`options = [ "bind" ];`
			`};`

			`# Restricted sudo access - only specific commands allowed`
			`security.sudo.extraRules = [`
			`{`
			`users = [ "ai-worker" ];`
			`commands = [`
			`{`
			`command = "/run/current-system/sw/bin/nh";`
			`options = [ "NOPASSWD" ];`
			`}`
			`{`
			`command = "/run/current-system/sw/bin/nixos-rebuild";`
			`options = [ "NOPASSWD" ];`
			`}`
			`{`
			`command = "/run/current-system/sw/bin/nixpkgs-fmt";`
			`options = [ "NOPASSWD" ];`
			`}`
			`{`
			`command = "/run/current-system/sw/bin/nix";`
			`options = [ "NOPASSWD" ];`
			`}`
			`];`
			`}`
			`];`

			`# Ensure ai-worker has necessary tools available`
			`environment.systemPackages = with pkgs; [`
			`nh`
			`nixpkgs-fmt`
			`];`

			`# Audit logging for ai-worker actions on infra directory`
			`security.audit.enable = mkDefault true;`
			`security.audit.rules = [`
			`"-w /home/gortium/infra -p wa -k infra_changes"`
			`];`
			`};`
			`}`