gortium/infra
1
1
Fork 0
Code Issues 13 Pull Requests 21 Actions Packages Projects 1 Releases Wiki Activity
53 Commits 45 Branches 0 Tags
3e04ccc1e85faf30ce342b62860b5df2d177bfc9
Commit Graph

4 Commits

Author SHA1 Message Date
Hermes Agent
3e04ccc1e8 security: remove deployment commands from ai-worker sudo rules 
ai-worker only needs security audit commands, not deployment access.

Removed:
- nh os switch
- nixos-rebuild switch

Kept:
- Firewall checks (iptables)
- Fail2ban status
- Log inspection (journalctl)
- SSH config (sshd -T)
- Docker service checks
- Network diagnostics
 2026-04-30 17:46:39 +00:00
Hermes Agent
21bd4bb283 security: add restricted sudo for ai-worker with security audit commands 
- Deployment: nh os switch, nixos-rebuild switch (flake path locked)
- Firewall checks: iptables -L, iptables -S
- Fail2ban: status, banned IPs
- Logs: journalctl for kernel and fail2ban
- SSH config: sshd -T for verification
- Docker: ps, inspect (service health)
- Network: ss -tlnp, /proc/net/tcp

All commands are whitelisted with NOPASSWD.
No shell access, no ALL command - principle of least privilege.
 2026-04-30 17:46:39 +00:00
Robert
2e749228bb fix: set correct working directory and create home for ai-worker 2026-04-04 17:07:13 -04:00
Thierry Pouplier
13dbf18f67 Progress dump before ai agent 2026-04-04 04:57:47 -04:00