docs: add Workflow section to AGENTS.md + update compose submodule

- Add Workflow conventions section to infra AGENTS.md - Update compose submodule to feat/hermes-workers (adds compose AGENTS.md)
feat: add Hermes worker provisioning for Paperclip employees
2026-05-19 15:27:27 -04:00 · 2026-05-19 14:13:13 -04:00 · 2026-05-13 17:00:16 +00:00 · 2026-05-13 12:59:04 -04:00 · 2026-05-13 16:49:39 +00:00 · 2026-05-13 12:49:14 -04:00
3 changed files with 11 additions and 2 deletions
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -25,3 +25,12 @@ This document outlines the development conventions for this NixOS-based infrastr
 - **Secrets:** Secrets are managed with `agenix`. Edit encrypted files with `agenix -e <file>`.
 - **Modularity:** Structure configurations into logical, reusable modules under `modules/`. New modules should be registered in `modules/nixos/default.nix` to be available to all hosts.
 - **Error Handling:** Ensure Nix expressions are robust and handle potential evaluation errors gracefully.
+
+## Workflow
+
+- New feature → clean branch from `origin/master` → push → PR on Gitea
+- Branch naming: `feat/description` (features), `fix/description` (bugs/docs)
+- Always branch from `origin/master`, never from another feature branch
+- Submodule changes: commit submodule update in parent repo (the parent commit pins the submodule commit)
+- PR title should describe the change; body should explain motivation + summary
+- After PR merge, delete the feature branch
--- a/assets/compose
+++ b/assets/compose
--- a/hosts/lazyworkhorse/configuration.nix
+++ b/hosts/lazyworkhorse/configuration.nix
@@ -474,7 +474,7 @@
  services.openssh.settings = {
    PermitRootLogin = "no";
    MaxAuthTries = 3;
-    MaxSessions = 10;
+    MaxSessions = 20;
    LoginGraceTime = 30;
    ClientAliveInterval = 300;
    ClientAliveCountMax = 2;
Author	SHA1	Message	Date
Hermes	fb16e2a259	docs: add Workflow section to AGENTS.md + update compose submodule - Add Workflow conventions section to infra AGENTS.md - Update compose submodule to feat/hermes-workers (adds compose AGENTS.md)	2026-05-19 15:27:27 -04:00
Hermes	6a2db08a58	feat: add Hermes worker provisioning for Paperclip employees - Update compose submodule to feat/hermes-workers branch - Adds x-hermes-worker anchor template for isolated CPU-only Hermes containers - Adds scripts/provision-hermes-worker.sh for automated worker creation with unique port, API key, and volume setup - Workers connect via Discord only, use OpenCode Go provider	2026-05-19 14:13:13 -04:00
Thierry Pouplier	670ae4f002	Merge pull request 'fix: update compose submodule — use ln -sf for iptables-nft' (#46 ) from fix/vpn-iptables-nft-v3 into master Reviewed-on: #46	2026-05-13 17:00:16 +00:00
Hermes	f785abfd49	fix: update compose submodule — use ln -sf for iptables-nft	2026-05-13 12:59:04 -04:00
Thierry Pouplier	6f44aa7f76	Merge pull request 'fix: update compose submodule — remove apk add iptables-nft' (#45 ) from fix/vpn-iptables-nft-v2 into master Reviewed-on: #45	2026-05-13 16:49:39 +00:00
Hermes	8d40f1691f	fix: update compose submodule — remove apk add iptables-nft	2026-05-13 12:49:14 -04:00
Robert	2dd2e64986	Merge remote-tracking branch 'origin/master'	2026-05-13 12:42:54 -04:00
Robert	23fc5e0597	Give a little more ssh room for tramp	2026-05-13 12:41:09 -04:00
Thierry Pouplier	0c9c33d735	Merge pull request 'fix: update wg-easy to official ghcr image with iptables-nft' (#44 ) from fix/vpn-iptables-nft-upstream into master Reviewed-on: #44	2026-05-13 16:39:56 +00:00
Hermes	0bb6890f1c	chore: merge master into branch	2026-05-13 12:39:05 -04:00
Hermes	9d5434425f	fix: update compose submodule for wg-easy iptables-nft fix Updates the assets/compose submodule to point to the fix/vpn-iptables-nft-upstream branch which contains: - Switch FROM weejewel/wg-easy:latest (Alpine 3.11, stale 4yr) to ghcr.io/wg-easy/wg-easy:latest (actively maintained, Alpine krypton) - Use update-alternatives instead of raw ln -sf to flip iptables from legacy to nftables backend - Fix compose build context: ./vpn -> . (Dockerfile is at same level)	2026-05-13 12:30:47 -04:00
Thierry Pouplier	1fb4320dd1	Merge pull request 'feat: update compose submodule for custom tools startup' (#43 ) from feat/update-compose-submodule-custom-tools into master Reviewed-on: #43	2026-05-13 13:58:27 +00:00
Hermes	51e9f47fd4	feat: update compose submodule for custom tools startup	2026-05-13 09:56:24 -04:00
Hermes	06b3eb840f	fix: update compose submodule for wg-easy iptables-nft fix	2026-05-12 16:29:51 -04:00
Thierry Pouplier	28ab52209c	Merge pull request 'Add restricted AI worker access with deployment capabilities' (#1 ) from ai-worker-restricted-access into master Reviewed-on: #1	2026-05-11 00:48:29 +00:00