docs: add merge priority order with security hardening as #1 priority

- Updated roadmap phase status (Phase 4 complete)
- Added merge priority table with PR #28 (security) at top
- Documented that security must merge before new services exposed
- Added deployment command reference

.planning/ROADMAP.md

@@ -13,7 +13,9 @@ None
 - ✅ **Phase 1: Foundation Setup** - Establish core NixOS configuration with flakes
 - ✅ **Phase 2: Docker Service Integration** - Integrate Docker Compose services
 - ✅ **Phase 3: AI Assistant Integration** - Enable AI-assisted infrastructure management
-- [ ] **Phase 4: Internet Access & MCP** - MCP server for web access
+- ✅ **Phase 4: Internet Access & MCP** - MCP server for web access
+- 🚨 **Security Hardening** - CRITICAL: Firewall, fail2ban, SSH hardening (PR #28)
+- [ ] **Phase 5: TAK Server** - Research, implementation, and validation
 
 
 ## Phase Details
@@ -133,8 +135,25 @@ Plans:
 
 ## Progress
 
+**Merge Priority Order** (CRITICAL - merge in this order):
+
+| Priority | PR | Description | Status | Notes |
+|----------|-----|-------------|--------|-------|
+| 🚨 1 | #28 | **Security hardening** (firewall, fail2ban, SSH) | Open | **MERGE FIRST** - protects all other services |
+| 2 | #22 | Matrix bridge dependency fix | Open | Blocks Hermes functionality |
+| 3 | #21 | Backup network creation fix | Open | Infrastructure fix |
+| 4 | #25 | Hermes voice GPU support | Open | Feature enhancement |
+| 5 | #24 | uConsole CM5 host | Open | New hardware support |
+| 6 | #23 | NixOS deployment infrastructure | Open | Deployment tooling |
+| 7 | #1 | AI worker restricted access | Open | Legacy PR (superseded by hardening) |
+
 **Execution Order:**
-Phases execute in numeric order: 1 → 2 → 3 → 4 → 5 → 6 → 7
+Phases execute in numeric order: 1 → 2 → 3 → 4 → Security → 5 → 6 → 7
+
+**Merge vs Phase Execution:**
+- PRs can merge independently (no strict phase ordering for merges)
+- **EXCEPTION:** Security hardening (#28) must merge before any new services are exposed
+- After security merge, deploy with: `nh os switch --flake .#lazyworkhorse`
 
 | Phase | Milestone | Plans Complete | Status | Completed |
 |-------|-----------|----------------|--------|-----------|

flake.nix

@@ -61,7 +61,6 @@
               ./modules/nixos/services/open_code_server.nix
               ./modules/nixos/services/ollama_init_custom_models.nix
               ./modules/nixos/services/openclaw_node.nix
-              ./modules/nixos/security/ai-worker-restricted.nix
               ./users/gortium.nix
               ./users/ai-worker.nix
             ];

modules/nixos/security/README-ai-worker.md

@@ -1,105 +0,0 @@
-# AI Worker Restricted Access
-
-This module provides SSH access for the AI worker (hermes-agent) to run ollama benchmarks on the host.
-
-## Security Model
-
-The `ai-worker` user has:
-
-### Filesystem Access
-- **Home directory**: `/home/ai-worker` (standard user home)
-- **No bind mounts**: Cannot access `/home/gortium/infra` or other host files
-- **Cannot access**: Any files outside standard system paths
-
-### Sudo Access
-- **NONE**: ai-worker has no sudo privileges
-- Cannot run `nh`, `nixos-rebuild`, `nixpkgs-fmt`, or `nix` with elevated permissions
-
-### Docker Access
-- Member of `docker` group - can run `docker` and `docker exec` commands
-- Primary use: `docker exec ollama ollama ...` for benchmarking
-- Can run `docker exec --privileged ollama rocm-smi ...` for VRAM monitoring
-
-## Workflow: SSH + Docker Benchmarking
-
-The AI worker connects from the Hermes container to the host via SSH, runs ollama benchmarks, then returns to save results.
-
-### Example Workflow
-
-```bash
-# From Hermes container, SSH to host
-ssh -i /path/to/ssh/key ai-worker@host.docker.internal
-
-# On host, run ollama benchmarks via docker
-docker exec ollama ollama pull devstral-small-2:24b
-
-# Create test modelfile
-docker exec ollama bash -c 'cat <<EOF > /root/.ollama/test.modelfile
-FROM devstral-small-2:24b
-PARAMETER num_ctx 65536
-PARAMETER num_gpu 99
-PARAMETER flash_attn true
-EOF'
-
-# Create and test model
-docker exec ollama ollama create test-model -f /root/.ollama/test.modelfile
-docker exec ollama ollama run test-model "Write a Python async function"
-
-# Check VRAM usage
-docker exec --privileged ollama rocm-smi --showmeminfo vram
-
-# Cleanup
-docker exec ollama ollama rm test-model
-
-# Exit SSH, return to Hermes container
-exit
-
-# Save results in Hermes container
-# /opt/data/ai-optimizer/state.json
-# /opt/data/ai-optimizer/results.csv
-```
-
-## SSH Access
-
-Connect as:
-```bash
-ssh ai-worker@lazyworkhorse
-```
-
-The working directory will be `/home/ai-worker`. No infra repo access.
-
-## Verification
-
-Check ai-worker permissions:
-```bash
-# On the host, as root or gortium:
-sudo -u ai-worker sudo -l
-# Should show: no sudo access
-
-# Check docker group membership
-groups ai-worker
-# Should show: ai-worker docker
-```
-
-## Troubleshooting
-
-If ai-worker cannot run docker commands:
-```bash
-# Check docker group membership
-groups ai-worker
-
-# Verify ollama container is running
-docker ps | grep ollama
-
-# Test docker access
-sudo -u ai-worker docker exec ollama ollama list
-```
-
-If SSH connection fails:
-```bash
-# Check SSH key is authorized
-cat /home/ai-worker/.ssh/authorized_keys
-
-# Check SSH service
-systemctl status sshd
-```

modules/nixos/security/ai-worker-restricted.nix

@@ -1,17 +0,0 @@
-{ config, pkgs, lib, ... }:
-
-with lib;
-
-{
-  options.services.aiWorkerAccess = mkOption {
-    type = types.bool;
-    default = false;
-    description = "Enable AI worker SSH access with docker group membership for ollama benchmarking";
-  };
-
-  config = mkIf config.services.aiWorkerAccess {
-    # ai-worker is member of docker group - can run docker commands via SSH
-    # No bind mounts, no sudo access - docker-only for ollama benchmarking
-    users.groups.docker.members = [ "ai-worker" ];
-  };
-}

users/ai-worker.nix

@@ -9,17 +9,6 @@
     openssh.authorizedKeys.keys = [
       keys.users.ai-worker.main
     ];
-    # No password login - SSH key only
-    hashedPassword = "!";
   };
   users.groups.ai-worker = {};
-
-  # Enable restricted AI worker SSH access for ollama benchmarking
-  # SECURITY: ai-worker can only:
-  #   - SSH into host from Hermes container
-  #   - Run docker commands (docker exec ollama ...) via docker group
-  #   - NO access to infra repo (no bind mount)
-  #   - NO sudo access (no nh, nixos-rebuild, nixpkgs-fmt, nix)
-  # WORKFLOW: SSH from Hermes container, run docker benchmarks, return and save results to /opt/data/ai-optimizer/
-  services.aiWorkerAccess = true;
 }