fix: move filter into jail settings (NixOS submodule doesn't pass string filters)

ai-worker only needs security audit commands, not deployment access.

Removed:
- nh os switch
- nixos-rebuild switch

Kept:
- Firewall checks (iptables)
- Fail2ban status
- Log inspection (journalctl)
- SSH config (sshd -T)
- Docker service checks
- Network diagnostics

AGENTS.md

@@ -5,6 +5,7 @@ This document outlines the development conventions for this NixOS-based infrastr
 ## Build & Deployment
 
 - **Build/Deploy:** Use `nixos-rebuild switch --flake .#<hostname>` to build and deploy the configuration for a specific host.
+- **CRITICAL — Validate before pushing:** Always `nix build --no-link '.#nixosConfigurations.<hostname>.config.system.build.toplevel'` (or `nh os build`) and confirm it succeeds before pushing any changes. Never push untested NixOS configs.
 - **Development Shell:** Activate the development environment with `nix develop`.
 
 ## Linting & Formatting

docker/hermes/Dockerfile.full

@@ -0,0 +1,71 @@
+FROM ghcr.io/astral-sh/uv:0.11.6-python3.13-trixie@sha256:b3c543b6c4f23a5f2df22866bd7857e5d304b67a564f4feab6ac22044dde719b AS uv_source
+FROM tianon/gosu:1.19-trixie@sha256:3b176695959c71e123eb390d427efc665eeb561b1540e82679c15e992006b8b9 AS gosu_source
+FROM debian:13.4
+
+# Disable Python stdout buffering to ensure logs are printed immediately
+ENV PYTHONUNBUFFERED=1
+
+# Store Playwright browsers outside the volume mount so the build-time
+# install survives the /opt/data volume overlay at runtime.
+ENV PLAYWRIGHT_BROWSERS_PATH=/opt/hermes/.playwright
+
+# Install system dependencies in one layer, clear APT cache
+# tini reaps orphaned zombie processes (MCP stdio subprocesses, git, bun, etc.)
+# that would otherwise accumulate when hermes runs as PID 1. See #15012.
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends \
+        build-essential nodejs npm python3 ripgrep ffmpeg gcc python3-dev libffi-dev procps git openssh-client docker-cli tini \
+        curl poppler-utils imagemagick \
+        chromium xvfb fonts-noto-color-emoji fonts-unifont fonts-liberation fonts-ipafont-gothic fonts-wqy-zenhei fonts-tlwg-loma-otf fonts-freefont-ttf \
+        libasound2t64 libatk-bridge2.0-0t64 libatk1.0-0t64 libatspi2.0-0t64 libcairo2 libcups2t64 libdbus-1-3 libdrm2 libgbm1 libglib2.0-0t64 libnspr4 libnss3 libpango-1.0-0 libx11-6 libxcb1 libxcomposite1 libxdamage1 libxext6 libxfixes3 libxkbcommon0 libxrandr2 \
+        texlive-latex-base texlive-latex-extra texlive-fonts-recommended texlive-xetex texlive-science \
+        qemu-user-static binfmt-support qemu-user-binfmt \
+        emacs-nox \
+        libportaudio2 && \
+    rm -rf /var/lib/apt/lists/*
+
+# Non-root user for runtime; UID can be overridden via HERMES_UID at runtime
+RUN useradd -u 10000 -m -d /opt/data hermes
+
+COPY --chmod=0755 --from=gosu_source /gosu /usr/local/bin/
+COPY --chmod=0755 --from=uv_source /usr/local/bin/uv /usr/local/bin/uvx /usr/local/bin/
+
+WORKDIR /opt/hermes
+
+# ---------- Layer-cached dependency install ----------
+# Copy only package manifests first so npm install + Playwright are cached
+# unless the lockfiles themselves change.
+COPY package.json package-lock.json ./
+COPY web/package.json web/package-lock.json web/
+
+RUN npm install --prefer-offline --no-audit && \
+    npx playwright install --with-deps chromium --only-shell && \
+    (cd web && npm install --prefer-offline --no-audit) && \
+    npm cache clean --force
+
+# ---------- Source code ----------
+# .dockerignore excludes node_modules, so the installs above survive.
+COPY --chown=hermes:hermes . .
+
+# Build web dashboard (Vite outputs to hermes_cli/web_dist/)
+RUN cd web && npm run build
+
+# ---------- Permissions ----------
+# Make install dir world-readable so any HERMES_UID can read it at runtime.
+# The venv needs to be traversable too.
+USER root
+RUN chmod -R a+rX /opt/hermes
+# Start as root so the entrypoint can usermod/groupmod + gosu.
+# If HERMES_UID is unset, the entrypoint drops to the default hermes user (10000).
+
+# ---------- Python virtualenv ----------
+RUN uv venv && \
+    uv pip install --no-cache-dir -e ".[all]" && \
+    uv pip install --no-cache-dir sounddevice numpy faster-whisper
+
+# ---------- Runtime ----------
+ENV HERMES_WEB_DIST=/opt/hermes/hermes_cli/web_dist
+ENV HERMES_HOME=/opt/data
+ENV PATH="/opt/data/.local/bin:${PATH}"
+VOLUME [ "/opt/data" ]
+ENTRYPOINT [ "/usr/bin/tini", "-g", "--", "/opt/hermes/docker/entrypoint.sh" ]

flake.lock

@@ -23,6 +23,20 @@
         "type": "github"
       }
     },
+    "flake-compat": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1751685974,
+        "narHash": "sha256-NKw96t+BgHIYzHUjkTK95FqYRVKB8DHpVhefWSz/kTw=",
+        "rev": "549f2762aebeff29a2e5ece7a7dc0f955281a1d1",
+        "type": "tarball",
+        "url": "https://git.lix.systems/api/v1/repos/lix-project/flake-compat/archive/549f2762aebeff29a2e5ece7a7dc0f955281a1d1.tar.gz"
+      },
+      "original": {
+        "type": "tarball",
+        "url": "https://git.lix.systems/lix-project/flake-compat/archive/main.tar.gz"
+      }
+    },
     "home-manager": {
       "inputs": {
         "nixpkgs": [
@@ -44,7 +58,125 @@
         "type": "github"
       }
     },
+    "lix": {
+      "inputs": {
+        "flake-compat": "flake-compat",
+        "nix2container": "nix2container",
+        "nix_2_18": "nix_2_18",
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "nixpkgs-regression": "nixpkgs-regression",
+        "pre-commit-hooks": "pre-commit-hooks"
+      },
+      "locked": {
+        "lastModified": 1774721317,
+        "narHash": "sha256-KS0ElyhZKdUFcfaxfwid3yi2Id3EP9i+dGL16/wx1T8=",
+        "ref": "main",
+        "rev": "d0190cff6f2314cc1c727ff113aea20e086f4bcc",
+        "revCount": 19103,
+        "type": "git",
+        "url": "https://git.lix.systems/lix-project/lix"
+      },
+      "original": {
+        "ref": "main",
+        "type": "git",
+        "url": "https://git.lix.systems/lix-project/lix"
+      }
+    },
+    "lowdown-src": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1633514407,
+        "narHash": "sha256-Dw32tiMjdK9t3ETl5fzGrutQTzh2rufgZV4A/BbxuD4=",
+        "owner": "kristapsdz",
+        "repo": "lowdown",
+        "rev": "d2c2b44ff6c27b936ec27358a2653caaef8f73b8",
+        "type": "github"
+      },
+      "original": {
+        "owner": "kristapsdz",
+        "repo": "lowdown",
+        "type": "github"
+      }
+    },
+    "nix2container": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1767195068,
+        "narHash": "sha256-+OMnL79ZjqM/PCz2hoQ12MnXNoSSfBGnsYBOZnA9XbI=",
+        "owner": "nlewo",
+        "repo": "nix2container",
+        "rev": "bb6801be998ba857a62c002cb77ece66b0a57298",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nlewo",
+        "repo": "nix2container",
+        "type": "github"
+      }
+    },
+    "nix_2_18": {
+      "inputs": {
+        "flake-compat": [
+          "lix",
+          "flake-compat"
+        ],
+        "lowdown-src": "lowdown-src",
+        "nixpkgs": "nixpkgs",
+        "nixpkgs-regression": [
+          "lix",
+          "nixpkgs-regression"
+        ]
+      },
+      "locked": {
+        "lastModified": 1730375271,
+        "narHash": "sha256-RrOFlDGmRXcVRV2p2HqHGqvzGNyWoD0Dado/BNlJ1SI=",
+        "owner": "NixOS",
+        "repo": "nix",
+        "rev": "0f665ff6779454f2117dcc32e44380cda7f45523",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "2.18.9",
+        "repo": "nix",
+        "type": "github"
+      }
+    },
     "nixpkgs": {
+      "locked": {
+        "lastModified": 1705033721,
+        "narHash": "sha256-K5eJHmL1/kev6WuqyqqbS1cdNnSidIZ3jeqJ7GbrYnQ=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "a1982c92d8980a0114372973cbdfe0a307f1bdea",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-23.05-small",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs-regression": {
+      "locked": {
+        "lastModified": 1643052045,
+        "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
+        "type": "github"
+      }
+    },
+    "nixpkgs_2": {
       "locked": {
         "lastModified": 1774386573,
         "narHash": "sha256-4hAV26quOxdC6iyG7kYaZcM3VOskcPUrdCQd/nx8obc=",
@@ -60,10 +192,27 @@
         "type": "github"
       }
     },
+    "pre-commit-hooks": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1769939035,
+        "narHash": "sha256-Fok2AmefgVA0+eprw2NDwqKkPGEI5wvR+twiZagBvrg=",
+        "owner": "cachix",
+        "repo": "git-hooks.nix",
+        "rev": "a8ca480175326551d6c4121498316261cbb5b260",
+        "type": "github"
+      },
+      "original": {
+        "owner": "cachix",
+        "repo": "git-hooks.nix",
+        "type": "github"
+      }
+    },
     "root": {
       "inputs": {
         "agenix": "agenix",
-        "nixpkgs": "nixpkgs"
+        "lix": "lix",
+        "nixpkgs": "nixpkgs_2"
       }
     },
     "systems": {

flake.nix

@@ -8,10 +8,14 @@
       inputs.darwin.follows = "";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+    lix = {
+      url = "git+https://git.lix.systems/lix-project/lix?ref=main";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
     self.submodules = true;
   };
 
-  outputs = { self, nixpkgs, agenix, ... }@inputs:
+  outputs = { self, nixpkgs, agenix, lix, ... }@inputs:
     let
       system = "x86_64-linux";
       keys = import ./lib/keys.nix;
@@ -26,6 +30,9 @@
       pkgs = import nixpkgs {
         inherit system overlays;
         config.allowUnfree = true;
+        config.permittedInsecurePackages = [
+          "openclaw-2026.3.12"
+        ];
       };
 
       devShell = import ./shells/nix_dev.nix {
@@ -35,12 +42,16 @@
       {
         nixosConfigurations = {
           lazyworkhorse = nixpkgs.lib.nixosSystem {
-            specialArgs = { inherit system self keys paths; };
+            specialArgs = { inherit system self keys paths inputs; };
             modules = [
               {
                 nixpkgs.overlays = overlays;
                 nixpkgs.config.allowUnfree = true;
                 nixpkgs.config.rocmSupport = true;
+                nixpkgs.config.permittedInsecurePackages = [
+                  "openclaw-2026.3.12"
+                ];
+                nix.package = lix.packages.${system}.default;
               }
               agenix.nixosModules.default
               ./hosts/lazyworkhorse/configuration.nix
@@ -49,7 +60,23 @@
               ./modules/nixos/services/docker_manager.nix
               ./modules/nixos/services/open_code_server.nix
               ./modules/nixos/services/ollama_init_custom_models.nix
+              ./modules/nixos/services/openclaw_node.nix
               ./users/gortium.nix
+              ./users/ai-worker.nix
+            ];
+          };
+
+          cyt-pi = nixpkgs.lib.nixosSystem {
+            specialArgs = { inherit self keys paths inputs; };
+            modules = [
+              {
+                nixpkgs.overlays = overlays;
+                nixpkgs.config.allowUnfree = true;
+                nixpkgs.hostPlatform = "aarch64-linux";
+                nix.package = lix.packages."aarch64-linux".default;
+              }
+              ./hosts/cyt-pi/configuration.nix
+              ./hosts/cyt-pi/hardware-configuration.nix
             ];
           };
         };

hosts/cyt-pi/configuration.nix

@@ -0,0 +1,98 @@
+{ config, lib, pkgs, paths, self, ... }:
+
+{
+  # Basic Host Info
+  networking.hostName = "cyt-pi";
+  time.timeZone = "America/Montreal";
+  i18n.defaultLocale = "en_CA.UTF-8";
+
+  # System State
+  system.stateVersion = "25.05";
+
+  # Boot & Hardware (Pi Zero 2 W is ARM64)
+  boot.loader.grub.enable = false;
+  boot.loader.generic-extlinux-compatible.enable = true;
+  boot.kernelPackages = pkgs.linuxPackages_latest;
+
+  # Networking
+  networking.networkmanager.enable = true;
+  services.openssh = {
+    enable = true;
+    settings.PermitRootLogin = "prohibit-password";
+  };
+
+  # User
+  users.users.gortium = {
+    isNormalUser = true;
+    extraGroups = [ "wheel" "networkmanager" "kismet" ];
+    openssh.authorizedKeys.keys = [
+      # Populate with your public key
+    ];
+  };
+
+  # CYT Project Dependencies (Headless)
+  environment.systemPackages = with pkgs; [
+    git
+    python311
+    python311Packages.opencv4
+    python311Packages.numpy
+    python311Packages.pillow
+    autossh # For the reverse tunnel
+    kismet # Wi-Fi monitoring
+  ];
+
+  # Kismet Service
+  systemd.services.kismet = {
+    description = "Kismet Wi-Fi Monitor";
+    after = [ "network-online.target" ];
+    wantedBy = [ "multi-user.target" ];
+    serviceConfig = {
+      User = "gortium";
+      Group = "kismet";
+      ExecStart = ''
+        ${pkgs.kismet}/bin/kismet -c panda --log-base=/home/gortium/kismet_logs --no-nc-ui
+      '';
+      Restart = "always";
+      RestartSec = "10s";
+    };
+  };
+
+  # Reverse SSH Tunnel Service
+  systemd.services.cyt-tunnel = {
+    description = "Reverse SSH Tunnel to lazyworkhorse.net";
+    after = [ "network-online.target" ];
+    wantedBy = [ "multi-user.target" ];
+    serviceConfig = {
+      User = "gortium";
+      ExecStart = ''
+        ${pkgs.autossh}/bin/autossh -M 0 -N \
+          -o "ServerAliveInterval 30" \
+          -o "ServerAliveCountMax 3" \
+          -R 19999:localhost:22 \
+          gortium@lazyworkhorse.net -p 2425 \
+          -i /home/gortium/.ssh/cyt_tunnel_key
+      '';
+      Restart = "always";
+      RestartSec = "10s";
+    };
+  };
+
+  # CYT Application Service
+  systemd.services.cyt-app = {
+    description = "Chasing Your Tail - Target Detector";
+    after = [ "network-online.target" "kismet.service" ];
+    wantedBy = [ "multi-user.target" ];
+    serviceConfig = {
+      User = "gortium";
+      WorkingDirectory = "/home/gortium/Chasing-Your-Tail-NG";
+      ExecStart = ''
+        ${pkgs.python311}/bin/python3 target_detector_cli.py --min-ssids 2
+      '';
+      Restart = "on-failure";
+      RestartSec = "60s";
+      Environment = [
+        "CYT_KISMET_LOGS=/home/gortium/kismet_logs"
+      ];
+    };
+  };
+}

hosts/cyt-pi/hardware-configuration.nix

@@ -0,0 +1,24 @@
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "usbhid" "sdhci_pci" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  # Pi Zero 2 W specific filesystem
+  fileSystems."/" =
+    { device = "/dev/disk/by-label/NIXOS_SD";
+      fsType = "ext4";
+      options = [ "noatime" ];
+    };
+
+  swapDevices = [ ];
+
+  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
+  hardware.enableRedistributableFirmware = true;
+}

hosts/lazyworkhorse/configuration.nix

@@ -9,7 +9,7 @@
   hoardingcow-mount.enable = true;
 
   # Flakesss
-  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+  nix.settings.experimental-features = [ "nix-command" "flakes" "flake-self-attrs" ];
   nix.settings.trusted-users = [ "root" "gortium" ];
 
   # Garbage collection
@@ -135,6 +135,7 @@
     kitty.terminfo
     nodejs_22
     uv
+    openclaw
     (python3.withPackages (ps: with ps; [
       openai-whisper
     ]))
@@ -157,7 +158,7 @@
     settings = {
       PasswordAuthentication = false;
       KbdInteractiveAuthentication = false;
-      PermitRootLogin = "prohibit-password"; 
+      # Additional hardening settings below in SERVER HARDENING section
     };
     hostKeys = [
       {
@@ -209,6 +210,7 @@
 
     coms = {
       path = self + "/assets/compose/coms";
+      envFile = config.age.secrets.containers_env.path;
     };
 
     finance = {
@@ -248,14 +250,31 @@
         mode = "0600";
         path = "/etc/ssh/ssh_host_ed25519_key";
       };
-      # n8n_ssh_key = {
+      ai_ssh_key = {
-      #   file = ../../secrets/n8n_ssh_key.age;
+        file = ../../secrets/ai_ssh_key.age;
-      #   owner = "root";
+        owner = "root";
-      #   group = "root";
+        group = "root";
-      #   mode = "0600";
+        mode = "0600";
-      #   path = "/home/n8n-worker/.ssh/n8n_ssh_key";
+        path = "/home/ai-worker/.ssh/ai_ssh_key";
-      # };
       };
+      openclaw_gateway_token = {
+        file = ../../secrets/openclaw_gateway_token.age;
+        owner = "root";
+        group = "ai-worker";
+        mode = "0440";
+        path = "/run/secrets/openclaw_gateway_token";
+      };
+    };
+  };
+
+  # OpenClaw Node service (host-side execution for Docker gateway)
+  services.openclaw-node = {
+    enable = true;
+    user = "ai-worker";
+    gatewayHost = "127.0.0.1";
+    gatewayPort = 18789;
+    gatewayTokenFile = "/run/secrets/openclaw_gateway_token";
+    displayName = "lazyworkhorse-host";
   };
 
   # Public host ssh key (kept in sync with the private one)
@@ -289,6 +308,196 @@
   # Or disable the firewall altogether.
   # networking.firewall.enable = false;
 
+  # =============================================================================
+  # SERVER HARDENING - Firewall, Fail2ban, SSH, Kernel
+  # =============================================================================
+  
+  # Firewall - default deny, explicit allow
+  networking.firewall = {
+    # Enable firewall with default deny policy (NixOS firewall denies all by default)
+    enable = true;
+    allowPing = true;
+    
+    # Only essential ports exposed to internet
+    allowedTCPPorts = [
+      2424  # SSH (non-standard port)
+      2222  # Gitea (version control)
+      80    # HTTP (Traefik redirect)
+      443   # HTTPS (Traefik)
+      # 8000  # Portainer - REVIEW: internal only?
+      # 4242  # Coms - REVIEW: internal only?
+      # 5000  # TAK API - REVIEW: internal only?
+      # 8087  # TAK Connect - REVIEW: internal only?
+      # 8089  # TAK Management - REVIEW: internal only?
+    ];
+    
+    allowedUDPPorts = [
+      # Add UDP ports if required
+    ];
+    
+    # Rate limiting and attack prevention
+    extraCommands = ''
+      # Rate limit SSH connections (max 4 new connections per 60 seconds)
+      iptables -A INPUT -p tcp --dport 2424 -m state --state NEW -m recent --set
+      iptables -A INPUT -p tcp --dport 2424 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 -j DROP
+      
+      # Rate limit HTTP/HTTPS (protects Traefik)
+      iptables -A INPUT -p tcp --dport 80 -m state --state NEW -m limit --limit 25/minute --limit-burst 100 -j ACCEPT
+      iptables -A INPUT -p tcp --dport 443 -m state --state NEW -m limit --limit 25/minute --limit-burst 100 -j ACCEPT
+      
+      # Drop invalid packets
+      iptables -A INPUT -m state --state INVALID -j DROP
+      
+      # Log dropped packets (rate limited)
+      iptables -A INPUT -m limit --limit 5/min -j LOG --log-prefix "IPTables-Dropped: " --log-level 4
+    '';
+  };
+
+  # Fail2ban - automatic IP banning
+  services.fail2ban = {
+    enable = true;
+    maxretry = 3;
+    bantime = "1h";
+    banaction = "iptables-multiport";
+    
+    jails = {
+      # SSH brute force protection (uses systemd journal backend)
+      sshd = {
+        enabled = true;
+        settings = {
+          filter = "sshd";
+          port = "2424";
+          maxretry = 3;
+          bantime = "1h";
+        };
+      };
+      
+      # Recidive - ban repeat offenders for 1 week
+      recidive = {
+        enabled = true;
+        settings = {
+          filter = "recidive";
+          logpath = "/var/log/fail2ban.log";
+          bantime = "1w";
+          findtime = "1d";
+          maxretry = 3;
+        };
+      };
+      
+      # HTTP authentication failures (Traefik)
+      http-auth = {
+        enabled = true;
+        settings = {
+          filter = "traefik-auth";
+          port = "80,443";
+          logpath = "/var/log/traefik/access.log";
+          maxretry = 5;
+          bantime = "1h";
+        };
+      };
+      
+      # HTTP scanning/attacks (Traefik)
+      http-botsearch = {
+        enabled = true;
+        settings = {
+          filter = "traefik-botsearch";
+          port = "80,443";
+          logpath = "/var/log/traefik/access.log";
+          maxretry = 2;
+          bantime = "2h";
+        };
+      };
+    };
+  };
+  
+  # Custom fail2ban filters for Traefik
+  environment.etc."fail2ban/filter.d/traefik-auth.conf".text = ''
+    [Definition]
+    failregex = ^<HOST> -.*"(GET|POST|HEAD|PUT|DELETE).*" (401|403) \d+.*$
+    ignoreregex =
+  '';
+  
+  environment.etc."fail2ban/filter.d/traefik-botsearch.conf".text = ''
+    [Definition]
+    failregex = ^<HOST> -.*"(GET|POST|HEAD|PUT|DELETE).*" 404 \d+.*$
+                ^<HOST> -.*"(GET|POST|HEAD|PUT|DELETE).*/(\.|wp-|php|admin|login|xmlrpc|\.env|\.git|\.aws|\.azure).*" \d+.*$
+    ignoreregex =
+  '';
+
+  # SSH hardening
+  services.openssh.settings = {
+    PermitRootLogin = "no";
+    MaxAuthTries = 3;
+    MaxSessions = 5;
+    LoginGraceTime = 30;
+    ClientAliveInterval = 300;
+    ClientAliveCountMax = 2;
+    PermitEmptyPasswords = "no";
+    ChallengeResponseAuthentication = "no";
+    UsePAM = true;
+    LogLevel = "VERBOSE";
+    X11Forwarding = false;
+    AllowTcpForwarding = "no";
+    AllowAgentForwarding = "no";
+    PermitTunnel = "no";
+  };
+
+  # Kernel network hardening
+  boot.kernel.sysctl = {
+    # IP Spoofing protection
+    "net.ipv4.conf.all.rp_filter" = 1;
+    "net.ipv4.conf.default.rp_filter" = 1;
+    
+    # Ignore ICMP broadcasts
+    "net.ipv4.icmp_echo_ignore_broadcasts" = 1;
+    
+    # Disable source routing
+    "net.ipv4.conf.all.accept_source_route" = 0;
+    "net.ipv4.conf.default.accept_source_route" = 0;
+    "net.ipv6.conf.all.accept_source_route" = 0;
+    "net.ipv6.conf.default.accept_source_route" = 0;
+    
+    # Disable redirects
+    "net.ipv4.conf.all.send_redirects" = 0;
+    "net.ipv4.conf.default.send_redirects" = 0;
+    
+    # SYN flood protection
+    "net.ipv4.tcp_syncookies" = 1;
+    "net.ipv4.tcp_max_syn_backlog" = 2048;
+    "net.ipv4.tcp_synack_retries" = 2;
+    "net.ipv4.tcp_syn_retries" = 5;
+    
+    # Log martian packets
+    "net.ipv4.conf.all.log_martians" = 1;
+    "net.ipv4.conf.default.log_martians" = 1;
+    
+    # Ignore redirects
+    "net.ipv4.conf.all.accept_redirects" = 0;
+    "net.ipv4.conf.default.accept_redirects" = 0;
+    "net.ipv4.conf.all.secure_redirects" = 0;
+    "net.ipv4.conf.default.secure_redirects" = 0;
+    "net.ipv6.conf.all.accept_redirects" = 0;
+    "net.ipv6.conf.default.accept_redirects" = 0;
+    
+    # Connection tuning
+    "net.core.somaxconn" = 4096;
+    "net.core.netdev_max_backlog" = 65536;
+    "net.ipv4.tcp_max_orphans" = 65536;
+    "net.ipv4.tcp_fin_timeout" = 15;
+    "net.ipv4.tcp_keepalive_time" = 300;
+    "net.ipv4.tcp_keepalive_probes" = 5;
+    "net.ipv4.tcp_keepalive_intvl" = 15;
+  };
+
+  # Audit logging
+  security.auditd.enable = true;
+  
+  # Fail2ban log directory
+  systemd.tmpfiles.rules = [
+    "d /var/log/fail2ban 0755 root root -"
+    "d /var/log/traefik 0755 root root -"
+  ];
+
   # Copy the NixOS configuration file and link it from the resulting system
   # (/run/current-system/configuration.nix). This is useful in case you
   # accidentally delete configuration.nix.

lib/keys.nix

@@ -6,7 +6,7 @@
       gitea = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN9tKezYidZglWBRI9/2I/cBGUUHj2dHY8rHXppYmf7F";
     };
     
-    n8n-worker = {
+    ai-worker = {
       main = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAXeGtPPcsP2IYRQNvII41NVWhJsarEk8c4qxs/a5sXf";
     };
   };

modules/nixos/services/docker_manager.nix

@@ -29,6 +29,11 @@ with lib;
     systemd.services = mapAttrs' (name: value: nameValuePair "${name}_stack" {
       description = "Docker Compose stack: ${name}";
       
+      # Forces systemd to restart when the files change
+      reloadTriggers = [
+        "${builtins.hashFile "sha256" (toString value.path + "/compose.yml")}"
+      ] ++ (lib.optional (value.envFile != null) "${value.envFile}");
+
       after = [ "network.target" "docker.service" "docker.socket" "agenix.service" ];
       wants = [ "docker.socket" "agenix.service" ];
       requires = [ "docker.service" ];

modules/nixos/services/openclaw_node.nix

@@ -0,0 +1,64 @@
+{ config, lib, pkgs, ... }:
+
+let
+  cfg = config.services.openclaw-node;
+  openclawPkg = pkgs.openclaw;
+in {
+  options.services.openclaw-node = {
+    enable = lib.mkEnableOption "OpenClaw Node service";
+
+    user = lib.mkOption {
+      type = lib.types.str;
+      default = "ai-worker";
+      description = "User to run the OpenClaw headless node as.";
+    };
+
+    gatewayHost = lib.mkOption {
+      type = lib.types.str;
+      default = "127.0.0.1";
+      description = "Gateway host (IP or hostname).";
+    };
+
+    gatewayPort = lib.mkOption {
+      type = lib.types.int;
+      default = 18789;
+      description = "Gateway WebSocket port.";
+    };
+
+    gatewayTokenFile = lib.mkOption {
+      type = lib.types.str;
+      default = "";
+      description = "Path to file containing the gateway auth token.";
+    };
+
+    displayName = lib.mkOption {
+      type = lib.types.str;
+      default = "lazyworkhorse-host";
+      description = "Display name for this node (shown in pairing).";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    systemd.services.openclaw-node = {
+      description = "OpenClaw Headless Node Service";
+      after = [ "network.target" ];
+      wantedBy = [ "multi-user.target" ];
+
+      serviceConfig = {
+        Type = "exec";
+        User = cfg.user;
+        Group = cfg.user;
+        WorkingDirectory = "/home/${cfg.user}";
+        ExecStart = ''
+          ${pkgs.bash}/bin/bash -c 'export OPENCLAW_GATEWAY_TOKEN=$(cat ${cfg.gatewayTokenFile}) && exec ${openclawPkg}/bin/openclaw node run --host ${cfg.gatewayHost} --port ${toString cfg.gatewayPort} --display-name "${cfg.displayName}"'
+        '';
+        Restart = "always";
+        RestartSec = 5;
+      };
+
+      environment = {
+        NODE_ENV = "production";
+      };
+    };
+  };
+}

secrets/containers.env.age

@@ -1,32 +1,34 @@
 -----BEGIN AGE ENCRYPTED FILE-----
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEdoTUQ4QSBmeWR3
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEdoTUQ4QSBOL29w
-UzRxRGlkU2h2cjVjQlJrcjhYcm5oRWt3SFdSb0t4Wjd2ZTFKNTJjCjNIVmRtRmoz
+eGk1N2xxTHJtaUEvWWZmbkh1bk11Tjk3anNnMDB1cCtPYUMzdTNJCkdhQ08vblNG
-RTMyTDB5a1NJMU56RnFJRVFLSW1oMERGZ2RRSFgxQ0ZuSzgKLT4gVkAtZ3JlYXNl
+UlV1K2xVTGZVTzFWYXAzcjZaMWs0RTFWdStKSmlSTURvK1EKLT4gLC1zKU8zVkgt
-ICw+WDxrIFIsCk9MRDQ2ZWlPN2JUWDVyZWlQUGN3Ci0tLSB4WGhCdWdkN3M2THJZ
+Z3JlYXNlIFUiXFcpS302IHByVn5jOy0gRDMKQjV3SHpDWUIybGFyQUg3ZlR0R2hV
-VnB2SFFqa1NTcUh0bG9qTWNzT3BBUW5qQ0M4aUFzCsFpZE1btvUR1BwkUNC8qy3m
+eWM3SFlCVW5mdlpBVUF3a0xpNlZCeGNUd1oxTTlkc1RkTXdZS0lFTmN3Ci0tLSA3
-0SwXk/gUS1519LuEnvZg7Mc+EB23e6nmz8rK34ycR+stTbVNv1xV2xCLxLoTg9wf
+VlBqM1VLWllZc0JnOTMvUFRjMU13OTdzMmhsdGJubkk5eGpERVVLYUk4Cnzh5UbU
-+ThXsVrf18kv0N92X3d5v7clMVC4eMr9CcyfBY+HaMgNa72aRyVyyxKgg/v6oks+
+FlgqpM8jkJ6XlsaIDCw/G3D6uJ/GRJW4gIekuhAUxpZJrc8eOA8ZuHfGrBbH3acV
-QEHssNw8+TKxjfeoxdCmsYVDEQME4id8vqoDOkyAg2IAXPCVVhN9G9fuMPyT1TWk
+tVafX5F0Kr2oOblqZ6gduZOUS52KmWH8stiBJM+e5ZZ7zRQVE4PJUKUPCzi+WdcH
-yJD1RgpyzBkR0yBEQkxgY1GJ76TI0h85hveNbXQXZTuU2yj0KJbdj2gXDGdrqbu7
+zr295T//FOdicrYHdsjfziKEHzBtUCFiATW05+O2zMjYjO6cPzePcCzPWinwiID6
-r/6ZlRGlC2tSqtRBot6BatVIhtGZNVQnXbiVlQCmO1mh4XyxF7rKsCa7r3yVuvFN
+V+f6ngfkkQaj3wBGkzaieQJzRcdSwky21aVhGCCX/bvqx61iW2d5QAKxGbtQ2RcG
-XybugrWSdG7dJF6ne/dMMsnwhvrKZFwUosjMnoH/x/LF2bOLAcA6i2WA6ivWzo9c
+X1okr+xunAM94nzDMv46vyN97KxY7cZd4pAaOxoICc2Tfhtw6F+iS6QkQh1odJzO
-6NmND6sLkQJWyychbLu4AmRg4MgVTlTGwTCizOe3xEo9qRrQBX7PmvuXSs+IE1o4
+7ZH+sSQCvndG+8z9shXGiHalASF5tdguM+JlEvAGljcaiAUtsQWxr9CoWiEkC6c6
-l7pb0DSzIa80BT0Otj9tFlei1nwRh8wzEVECV0FUjilUvUp19mJ6Cn+/RnHTSOp9
+NCaECSYO8Il+SXBQnSZSGJSNDhuPYCYrsjXGSAONFixuyeslAkq9x2WUaUS4H063
-1UGrOFxbamx4L4yFWL3rWoqBpbO4CBSCGM7moDEhAQn/OsZgeUhKeIDvrEBtCeZ3
+1QvRF7XO2tBPtgCLsSjdiGp0h+ImUaGdu6fDR7zrDsGsaAFCSFeH/rGNNXRQ2vP2
-vC/v0lVgfXZDd+aRSLPbGaRNwifyc5UeBWF1WvkJXi3jDUK7qFOT/RInVQDDF3u9
+CSfPfDDCqpUSCn0WuA30BtaPLxGmZT6OjFevKzYMNDmdeq9ia/q8K0hmjLUBdN3k
-YbvnHPler1UfbbPihHTFbCJu8lJHMLHfpe07j2cx4hCPMv/4Yx+xBAstPXwtaOuw
+tdYWbwoaf4gYbUWxSleD768b0Jgxss9Vod+sFQ+NYRksdGIeyND+aQIc312XehfA
-/9PCvPvvGvygdzljKTksnsMVN11cQzmU3l1dKHvr5sNk1n+U+uW0xDrT9Nv1ZETg
+qHFBS8nlj7eUF5bdvCYQ64z741mH4cNlGxyjPBH1x8FHnEOocJXYt1l2AZSRJmJA
-IY64EtzsqH48YAJ6SV6h4dZ8D9R5qTg4T5yP7D4PLuFtNGeqd7++zhBCZLZ3HEQ6
+c3z0QGXyuCbsrLBXWK1EKa/Juo4PGGsEVoLRhwJAQy9+i1JN0yrfRvSPyzvD4px6
-M1SlHzWk59xBN4agrLKX0VjPYBwmg8wkpRfU5A4Rg36H4mZLHEUKqFVx6BaHfDZ2
+wRPzlZ80MQdb2lv84WS/zcOEZmZzlLntszTRRdIfAsuaavP2Rquh4rEXABYeTZwp
-5P3o7GbZB39Zs9mZb70ZZJ5TFUsCEISfJHz/u5u4/duSBLeyHXah2dmXrQ1eUWT4
+5dem79s8bdW2nFsGMNz1OQKQwocyjYu1jJMHu6Gp7Ngdl1xyW7xfg0dezE1c0cIh
-MNNcJ6+53Us4LTe96ttYNa/v5RQVoarTwNM7x7ux5j59QHozVOK1NO8Z4+oHD/ZD
+xt1aLER9YJp4n5to5cOH16l3mjDHnAvABx38xE9loNL3399J/evw7LxpTYQ4v2Xv
-rJQlXAeAUrhkZLluzzy1JL45tBpPm3oAfU3xB178c+fMoWtZxyWrBfu1iRzwyDWC
+x8xnDHcqJ+deFSwyuUnMS5DkUeYuHmUl0Q2WYcfY+ibCmcgCb2ObTtuN1/ZxNYrL
-MKgK29h9HeGwQc9dB8exQr2cj5NhqUOiaWP8dH1N/g+KYIPVNRgKjdDucsxTcbDN
+OKrnmfuSvBgyuIOj5e6uWW0+Zs8dHKXu2TgV8WignxOhl5zQgCpCBlqVfO0t+NCu
-bIIz2qus6jQkOfmbtdoHWMp+kwXSHRF7MwECKxkAIcNdxnLI1DecNhjbiItnPlgI
+Gi26hU/fhGWQ/1oQa3VkpGsypZbJpgQvfWxfcGHP/MMhnl01zzlP8/aexSY3pAxf
-1uy0fERRc12BLg3dLV3YkBL358SRww+pxho87IQuS9x9aQeExksk0Y10QR8J/1g0
+fz9v0IVh6xxtu3zbiiVzUsXbfG7t+xY98jMphf4AS2mWva3GWVmhhu0lS3J3P+go
-cEXUhDNfeI+mKyuISxV6Zs4Fp7+6P6bd5Bs2Xyxw3A3PTdWn12brb62O1N81LiAv
+YEEP4rOFHeU0Y1/6kLydTXvz4jMH0H92XQIzshd7vzQnEJPUPAzqRmw3LKYGgCI+
-yccIDR24lb0VDD+aIq28FBUPQ62tVdtZgRfJhkVxelgzHuGATOTluDZH+6GE3rEj
+wZEnxJ6ckqTkGBFnxTpy9LLllwmnz2Ky87nY3XAmqxlhb2Ap1XFAlfgszmGjc+Il
-z1OoormFX/2TovCNnTVJRs1ifWUe+a2QHcAFFfL0Y1RBbIPYDMykfjCPNaWqarlX
+KkIgoWQHTUm6QM9ta++oUTIDneOvxGd0zZsqoEhiC/7E01BNNZ6E58TeJU3fDlA3
-Z50QIWv6Ov1oDBZY59fjx5Bfm+Es+edMC4b2GibRKS5wwpOzGDEKDXVoTEv3NX+B
+mX6n05XjwPRpgXZfayPoAgBlZc2H4KeiynxwNZ/dWu7qz7L6Ppk6Nvtly8giTbFx
-NV4p3oDKEE8anYffrB+v
+CA+tto7vq+D+CAEJ4bgyq4BCH4GL4APrhPcWp98Mko1WCiRTIKgkZxQCYvlg/LZq
+LNhMacP9T1qTvNC+yR1NEMiegE3APzk6CkDpVaO9+5f/sqifNPINCMothenI9ePw
+zjQLI3Mo1m73bkomytUZ7i1VstP5sEZ5LF72Sq7BpR3oQ3Gp0CAN9w==
 -----END AGE ENCRYPTED FILE-----

secrets/openclaw_gateway_token.age

@@ -0,0 +1,11 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEdoTUQ4QSBCWEpO
+cG9yNnFpcHFqTkNzTngxU1MxN0NYK0hrZFhUTjVORWFrK3JNd2tZCmtMTGpwQk1E
+WlUwL3N6SGRWblpnNEkrWkkyU2hQMkRIK0M3R0pOVEREV3MKLT4gY2osLWdyZWFz
+ZSBacSozVVQgUCAxRS1OQSAuKXxDPCoKbStWNW1BZjBZQzNDaTlDbU5EZkxsRWxM
+cXJ3dDU1RDNpOXRlV0tzdEp2NUo3S1lhRG5Md0RHTGlJdkFSYmt5YQo4R1hiQWRG
+V2VxekJKZwotLS0geG1XSi9VbkhXZHQzcEFVS3hKNzVueXFLa2xnZTc3Q2tJTVZ5
+eXJabWk5Ywp6bJCP3s0xxzjE+eTR+cv7ZUnkoliT/n7uIprq1BTn/LIRLkUTUqs3
+NiDwrXcoq4/QKd0Dt+8ap3vFAuusjGxRlnYMaRrZie2AGtTV8U7Q7durm9o2K+/4
+QzRQ/MtumIQm
+-----END AGE ENCRYPTED FILE-----

secrets/secrets.nix

@@ -10,4 +10,5 @@ in
   "containers.env.age".publicKeys = authorizedKeys;
   "lazyworkhorse_host_ssh_key.age".publicKeys = authorizedKeys;
   "n8n_ssh_key.age".publicKeys = authorizedKeys;
+  "openclaw_gateway_token.age".publicKeys = authorizedKeys;
 }

users/ai-worker.nix

@@ -2,6 +2,8 @@
   users.users.ai-worker = {
     isSystemUser = true;
     group = "ai-worker";
+    home = "/home/ai-worker";
+    createHome = true;
     extraGroups = [ "docker" ];
     shell = pkgs.bashInteractive;
     openssh.authorizedKeys.keys = [
@@ -9,4 +11,71 @@
     ];
   };
   users.groups.ai-worker = {};
+  
+  # Restricted sudo for ai-worker - security checks only
+  security.sudo.extraRules = [
+    {
+      users = [ "ai-worker" ];
+      commands = [
+        # Firewall checks
+        {
+          command = "/run/wrappers/bin/sudo iptables -L -n -v";
+          options = [ "NOPASSWD" ];
+        }
+        {
+          command = "/run/wrappers/bin/sudo iptables -S";
+          options = [ "NOPASSWD" ];
+        }
+        # Fail2ban status
+        {
+          command = "/run/current-system/sw/bin/fail2ban-client status";
+          options = [ "NOPASSWD" ];
+        }
+        {
+          command = "/run/current-system/sw/bin/fail2ban-client status *";
+          options = [ "NOPASSWD" ];
+        }
+        {
+          command = "/run/current-system/sw/bin/fail2ban-client get * banned";
+          options = [ "NOPASSWD" ];
+        }
+        # Log inspection
+        {
+          command = "/run/current-system/sw/bin/journalctl -t kernel -n 100";
+          options = [ "NOPASSWD" ];
+        }
+        {
+          command = "/run/current-system/sw/bin/journalctl -u fail2ban -n 50";
+          options = [ "NOPASSWD" ];
+        }
+        {
+          command = "/run/current-system/sw/bin/journalctl -u firewall -n 50";
+          options = [ "NOPASSWD" ];
+        }
+        # SSH config verification
+        {
+          command = "/run/current-system/sw/bin/sshd -T";
+          options = [ "NOPASSWD" ];
+        }
+        # Docker service checks
+        {
+          command = "/run/current-system/sw/bin/docker ps";
+          options = [ "NOPASSWD" ];
+        }
+        {
+          command = "/run/current-system/sw/bin/docker inspect *";
+          options = [ "NOPASSWD" ];
+        }
+        # Network diagnostics
+        {
+          command = "/run/current-system/sw/bin/ss -tlnp";
+          options = [ "NOPASSWD" ];
+        }
+        {
+          command = "/run/current-system/sw/bin/cat /proc/net/tcp";
+          options = [ "NOPASSWD" ];
+        }
+      ];
+    }
+  ];
 }