fix: ai-worker docker-only access for ollama benchmarking

Remove infra repo bind mount and sudo access from ai-worker user. Now ai-worker can only: - SSH into host from Hermes container - Run docker commands via docker group membership - Execute ollama benchmarks via docker exec Results saved to /opt/data/ai-optimizer/ in Hermes container.
2026-04-29 19:55:19 +00:00
parent 18df45819d
commit f0e21d95e4
3 changed files with 68 additions and 95 deletions
--- a/users/ai-worker.nix
+++ b/users/ai-worker.nix
@@ -14,12 +14,12 @@
  };
  users.groups.ai-worker = {};

-  # Enable restricted AI worker access with deployment capabilities
+  # Enable restricted AI worker SSH access for ollama benchmarking
  # SECURITY: ai-worker can only:
-  #   - Access /home/ai-worker/infra (bind-mounted to /home/gortium/infra)
-  #   - Run: nh, nixos-rebuild, nixpkgs-fmt, nix (via sudo, no password)
-  #   - Manage docker containers (via docker group)
-  #   - All changes to infra/ are logged via audit subsystem
-  # WORKFLOW: AI must ask for user confirmation before running nh os switch
+  #   - SSH into host from Hermes container
+  #   - Run docker commands (docker exec ollama ...) via docker group
+  #   - NO access to infra repo (no bind mount)
+  #   - NO sudo access (no nh, nixos-rebuild, nixpkgs-fmt, nix)
+  # WORKFLOW: SSH from Hermes container, run docker benchmarks, return and save results to /opt/data/ai-optimizer/
  services.aiWorkerAccess = true;
 }