feat: add Hyperspace Pods NixOS module and enable on lazyworkhorse

Hyperspace Pods let multiple machines pool their GPUs into one private
P2P mesh AI cluster. Models are split across all connected GPUs —
e.g. two machines with 16GB VRAM each can run Qwen 3.5 32B together.

Changes:
- Add modules/nixos/services/hyperspace.nix — NixOS module that:
  * Fetches the Hyperspace CLI binary (v5.45.30) via fetchurl
  * Sets up systemd service for the agent
  * Opens firewall ports (libp2p 4001, chain 30301, API 8080)
  * Configures GPU passthrough for AMD MI50 (ROCm)
- Register module in flake.nix for lazyworkhorse
- Enable hyperspace service on lazyworkhorse (ai-worker user, port 8080)

Usage after deployment:
  hyperspace pod create "tdnde-lab"   # create pod
  hyperspace pod invite                # share invite with cyt-pi
  curl http://localhost:8080/v1/chat/completions  # OpenAI API

See skill: nixos-hyperspace-pods

.planning/ROADMAP.md

@@ -13,7 +13,9 @@ None
 - ✅ **Phase 1: Foundation Setup** - Establish core NixOS configuration with flakes
 - ✅ **Phase 2: Docker Service Integration** - Integrate Docker Compose services
 - ✅ **Phase 3: AI Assistant Integration** - Enable AI-assisted infrastructure management
-- [ ] **Phase 4: Internet Access & MCP** - MCP server for web access
+- ✅ **Phase 4: Internet Access & MCP** - MCP server for web access
+- 🚨 **Security Hardening** - CRITICAL: Firewall, fail2ban, SSH hardening (PR #28)
+- [ ] **Phase 5: TAK Server** - Research, implementation, and validation
 
 
 ## Phase Details
@@ -133,8 +135,25 @@ Plans:
 
 ## Progress
 
+**Merge Priority Order** (CRITICAL - merge in this order):
+
+| Priority | PR | Description | Status | Notes |
+|----------|-----|-------------|--------|-------|
+| 🚨 1 | #28 | **Security hardening** (firewall, fail2ban, SSH) | Open | **MERGE FIRST** - protects all other services |
+| 2 | #22 | Matrix bridge dependency fix | Open | Blocks Hermes functionality |
+| 3 | #21 | Backup network creation fix | Open | Infrastructure fix |
+| 4 | #25 | Hermes voice GPU support | Open | Feature enhancement |
+| 5 | #24 | uConsole CM5 host | Open | New hardware support |
+| 6 | #23 | NixOS deployment infrastructure | Open | Deployment tooling |
+| 7 | #1 | AI worker restricted access | Open | Legacy PR (superseded by hardening) |
+
 **Execution Order:**
-Phases execute in numeric order: 1 → 2 → 3 → 4 → 5 → 6 → 7
+Phases execute in numeric order: 1 → 2 → 3 → 4 → Security → 5 → 6 → 7
+
+**Merge vs Phase Execution:**
+- PRs can merge independently (no strict phase ordering for merges)
+- **EXCEPTION:** Security hardening (#28) must merge before any new services are exposed
+- After security merge, deploy with: `nh os switch --flake .#lazyworkhorse`
 
 | Phase | Milestone | Plans Complete | Status | Completed |
 |-------|-----------|----------------|--------|-----------|

AGENTS.md

@@ -5,7 +5,6 @@ This document outlines the development conventions for this NixOS-based infrastr
 ## Build & Deployment
 
 - **Build/Deploy:** Use `nixos-rebuild switch --flake .#<hostname>` to build and deploy the configuration for a specific host.
-- **CRITICAL — Validate before pushing:** Always `nix build --no-link '.#nixosConfigurations.<hostname>.config.system.build.toplevel'` (or `nh os build`) and confirm it succeeds before pushing any changes. Never push untested NixOS configs.
 - **Development Shell:** Activate the development environment with `nix develop`.
 
 ## Linting & Formatting

assets/ollama/Dockerfile

@@ -1,106 +0,0 @@
-# ollama-gfx906/Dockerfile
-#
-# Custom ollama image with ROCm 6.1 + gfx906 (MI50) support.
-# The official ollama/rocm image ships ROCm 7.2 which dropped gfx906.
-# This uses v0.23.2's native CMake build system with AMDGPU_TARGETS including gfx906.
-#
-# Build: docker build -t ollama/ollama:rocm-gfx906 ai/ollama
-
-FROM rocm/dev-ubuntu-22.04:6.1.2-complete AS builder
-
-# Build dependencies (CMake, Ninja, Go)
-ARG CMAKEVERSION=3.31.2
-ARG NINJAVERSION=1.12.1
-ARG GOLANG_VERSION=1.22.0
-
-RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y \
-    curl git ccache build-essential pkg-config unzip \
-    && rm -rf /var/lib/apt/lists/*
-
-# Install CMake from official binaries
-RUN curl -fsSL https://github.com/Kitware/CMake/releases/download/v${CMAKEVERSION}/cmake-${CMAKEVERSION}-linux-x86_64.tar.gz \
-    | tar xz -C /usr/local --strip-components 1
-
-# Install Ninja
-RUN curl -fsSL -o /tmp/ninja.zip \
-    https://github.com/ninja-build/ninja/releases/download/v${NINJAVERSION}/ninja-linux.zip \
-    && unzip /tmp/ninja.zip -d /usr/local/bin && rm /tmp/ninja.zip
-
-# Install Go
-RUN curl -fsSL https://go.dev/dl/go${GOLANG_VERSION}.linux-amd64.tar.gz \
-    | tar xz -C /usr/local
-ENV PATH=/usr/local/go/bin:$PATH
-
-ARG OLLAMA_VERSION=v0.23.2
-RUN git clone --depth 1 --branch ${OLLAMA_VERSION} https://github.com/ollama/ollama.git /build
-WORKDIR /build
-
-# ROCm paths
-ENV HIP_PATH=/opt/rocm
-ENV ROCM_PATH=/opt/rocm
-ENV CMAKE_GENERATOR=Ninja
-ENV LDFLAGS=-s
-
-# Step 1: Build CPU backends with GCC (no ROCm preset)
-# Pre-set CMAKE_HIP_COMPILER="" to prevent check_language(HIP) from
-# finding a HIP compiler (it searches /opt/rocm even without PATH).
-# Remove /opt/rocm from PATH to prevent find_program from finding hipcc.
-RUN mkdir -p build-cpu && \
-    PATH=/usr/local/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin \
-    cmake -B build-cpu -DCMAKE_BUILD_TYPE=Release \
-      -DCMAKE_HIP_COMPILER="" \
-      -DCMAKE_INSTALL_PREFIX=/build/dist && \
-    cmake --build build-cpu --target ggml-cpu -- -l $(nproc) && \
-    cmake --install build-cpu --component CPU --strip && \
-    echo "=== CPU install ===" && \
-    (find /build/dist/lib/ollama -type f -o -type l 2>&1 | head -20 || echo "empty")
-
-# Step 2: Build HIP backend with ROCm preset + gfx906 target only
-# The ROCm 6 preset enables HIP language detection (enable_language(HIP))
-# which ensures GPU kernels are properly compiled for gfx906.
-# OLLAMA_RUNNER_DIR=rocm from the preset, so HIP goes to lib/ollama/rocm/
-# Need CMAKE_PREFIX_PATH so find_package(hip) finds hip-config.cmake
-# at /opt/rocm/lib/cmake/hip/hip-config.cmake.
-RUN mkdir -p build-hip && \
-    cmake -B build-hip \
-      --preset 'ROCm 6' \
-      -DAMDGPU_TARGETS="gfx906:xnack-" \
-      -DCMAKE_BUILD_TYPE=Release \
-      -DCMAKE_PREFIX_PATH="/opt/rocm" && \
-    cmake --build build-hip --target ggml-hip -- -l $(nproc) && \
-    cmake --install build-hip --component HIP --strip && \
-    echo "=== HIP install ===" && \
-    find /build/dist/lib/ollama -type f -o -type l | head -20
-
-# Step 3: Build Go binary (GCC for CGo linking)
-ENV CGO_ENABLED=1
-RUN go build -trimpath -ldflags="-X=github.com/ollama/ollama/version.Version=${OLLAMA_VERSION}" -o /build/dist/ollama .
-
-# ---------- Runtime image ----------
-FROM ubuntu:24.04
-
-RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y \
-    ca-certificates curl libstdc++6 libgomp1 libvulkan1 libopenblas0 \
-    && rm -rf /var/lib/apt/lists/*
-
-# Copy ROCm 6.1 runtime libraries
-# These are needed at runtime by ggml-hip via LD_LIBRARY_PATH
-COPY --from=builder /opt/rocm/lib/ /opt/rocm/lib/
-COPY --from=builder /opt/rocm/share/ /opt/rocm/share/
-
-# Copy ollama binary + all backends (CPU + HIP)
-# CPU install:  /build/dist/lib/ollama/libggml-*.so
-# HIP install:  /build/dist/lib/ollama/rocm/libggml-hip.so
-COPY --from=builder /build/dist/ollama /usr/bin/ollama
-COPY --from=builder /build/dist/lib/ollama/ /usr/lib/ollama/
-
-RUN ldconfig
-
-ENV LD_LIBRARY_PATH=/opt/rocm/lib:/usr/lib/ollama/rocm:/usr/lib/ollama
-ENV HSA_OVERRIDE_GFX_VERSION=9.0.6
-ENV HCC_AMDGPU_TARGET=gfx906
-ENV HSA_ENABLE_SDMA=0
-
-EXPOSE 11434
-ENTRYPOINT ["/bin/ollama"]
-CMD ["serve"]

flake.nix

@@ -61,7 +61,7 @@
               ./modules/nixos/services/open_code_server.nix
               ./modules/nixos/services/ollama_init_custom_models.nix
               ./modules/nixos/services/openclaw_node.nix
-              ./modules/nixos/security/ai-worker-restricted.nix
+              ./modules/nixos/services/hyperspace.nix
               ./users/gortium.nix
               ./users/ai-worker.nix
             ];

hosts/lazyworkhorse/configuration.nix

@@ -36,7 +36,7 @@
     "transparent_hugepage=always" # because mucho ram
   ];
   # 2. Load the specific drivers found by sensors-detect
-  boot.kernelModules = [ "nct6775" "lm96163" "iptable_nat" "iptable_filter" ];
+  boot.kernelModules = [ "nct6775" "lm96163" ];
   # 3. Force the nct6775 driver to recognize the chip if it's stubborn
   boot.extraModprobeConfig = ''
     options nct6775 force_id=0xd280
@@ -49,26 +49,6 @@
   networking.networkmanager.enable = true;  # Easiest to use and most distros use this by default.
   networking.hostId = "deadbeef";
 
-  # WireGuard VPN client -- always up, connects to wg-easy server
-  # Create age-encrypted secrets before deploying (run on the host):
-  #   echo -n "<private_key>" | agenix -e secrets/wireguard_private_key.age
-  #   echo -n "<preshared_key>" | agenix -e secrets/wireguard_preshared_key.age
-  networking.wireguard.interfaces = {
-    wg0 = {
-      ips = [ "10.8.0.3/24" ];
-      privateKeyFile = config.age.secrets.wireguard_private_key.path;
-      peers = [
-        {
-          publicKey = "rY9zII3AOm8rog2rv02PyA3Bq7zdvTOGkZapfCV1DkE=";
-          presharedKeyFile = config.age.secrets.wireguard_preshared_key.path;
-          allowedIPs = [ "10.8.0.0/24" ];
-          endpoint = "vpn.lazyworkhorse.net:51820";
-          persistentKeepalive = 25;
-        }
-      ];
-    };
-  };
-
   # Set your time zone.
   time.timeZone = "America/Montreal";
 
@@ -178,7 +158,7 @@
     settings = {
       PasswordAuthentication = false;
       KbdInteractiveAuthentication = false;
-      # Additional hardening settings below in SERVER HARDENING section
+      PermitRootLogin = "prohibit-password"; 
     };
     hostKeys = [
       {
@@ -207,7 +187,6 @@
     ai = {
       path = self + "/assets/compose/ai";
       envFile = config.age.secrets.containers_env.path;
-      ports = [ 22000 ];  # Syncthing TCP sync
     };
 
     cloudstorage = {
@@ -242,11 +221,6 @@
       path = self + "/assets/compose/homepage";
     };
 
-    vpn = {
-      path = self + "/assets/compose/vpn";
-      envFile = config.age.secrets.containers_env.path;
-    };
-
     # tak = {
     #   path = self + "/assets/compose/tak";
     # };
@@ -290,20 +264,6 @@
         mode = "0440";
         path = "/run/secrets/openclaw_gateway_token";
       };
-      wireguard_private_key = {
-        file = ../../secrets/wireguard_private_key.age;
-        owner = "root";
-        group = "root";
-        mode = "0400";
-        path = "/run/secrets/wireguard_private_key";
-      };
-      wireguard_preshared_key = {
-        file = ../../secrets/wireguard_preshared_key.age;
-        owner = "root";
-        group = "root";
-        mode = "0400";
-        path = "/run/secrets/wireguard_preshared_key";
-      };
     };
   };
 
@@ -317,6 +277,16 @@
     displayName = "lazyworkhorse-host";
   };
 
+  # Hyperspace Pods — P2P mesh AI cluster (combine GPUs across machines)
+  services.hyperspace = {
+    enable = true;
+    user = "ai-worker";
+    apiPort = 8080;
+    profile = "auto";
+    openFirewall = true;
+    extraArgs = [ "--verbose" ];
+  };
+
   # Public host ssh key (kept in sync with the private one)
   environment.etc."ssh/ssh_host_ed25519_key.pub".text =
     "${keys.hosts.lazyworkhorse.main}";
@@ -348,203 +318,6 @@
   # Or disable the firewall altogether.
   # networking.firewall.enable = false;
 
-  # =============================================================================
-  # SERVER HARDENING - Firewall, Fail2ban, SSH, Kernel
-  # =============================================================================
-  
-  # Firewall - default deny, explicit allow
-  networking.firewall = {
-    # Enable firewall with default deny policy (NixOS firewall denies all by default)
-    enable = true;
-    allowPing = true;
-    
-    # Only essential ports exposed to internet
-    allowedTCPPorts = [
-      2424  # SSH (non-standard port)
-      2222  # Gitea (version control)
-      80    # HTTP (Traefik redirect)
-      443   # HTTPS (Traefik)
-      # 8000  # Portainer - REVIEW: internal only?
-      # 4242  # Coms - REVIEW: internal only?
-      # 5000  # TAK API - REVIEW: internal only?
-      # 8087  # TAK Connect - REVIEW: internal only?
-      # 8089  # TAK Management - REVIEW: internal only?
-    ];
-    
-    allowedUDPPorts = [
-      51820 # WireGuard VPN
-    ];
-    
-    # Rate limiting and attack prevention
-    extraCommands = ''
-      # 1. Wipe the INPUT chain clean at the start of every activation
-      iptables -F INPUT
-      
-      # Rate limit SSH connections (max 20 new connections per 60 seconds)
-      iptables -A INPUT -p tcp --dport 2424 -m state --state NEW -m recent --set
-      iptables -A INPUT -p tcp --dport 2424 -m state --state NEW -m recent --update --seconds 60 --hitcount 20 -j DROP
-      
-      # Rate limit HTTP/HTTPS (protects Traefik)
-      iptables -A INPUT -p tcp --dport 80 -m state --state NEW -m limit --limit 25/minute --limit-burst 100 -j ACCEPT
-      iptables -A INPUT -p tcp --dport 443 -m state --state NEW -m limit --limit 25/minute --limit-burst 100 -j ACCEPT
-      
-      # Drop invalid packets
-      iptables -A INPUT -m state --state INVALID -j DROP
-      
-      # Log dropped packets (rate limited)
-      iptables -A INPUT -m limit --limit 5/min -j LOG --log-prefix "IPTables-Dropped: " --log-level 4
-
-      # 3. CRITICAL: Re-link the NixOS default firewall chain
-      # Without this line, the 'allowedTCPPorts' in your Nix config will be ignored!
-      iptables -A INPUT -j nixos-fw
-    '';
-  };
-
-  # Fail2ban - automatic IP banning
-  services.fail2ban = {
-    enable = true;
-    maxretry = 3;
-    bantime = "1h";
-    banaction = "iptables-multiport";
-    
-    jails = {
-      # SSH brute force protection (uses systemd journal backend)
-      sshd = {
-        enabled = true;
-        settings = {
-          filter = "sshd";
-          port = "2424";
-          maxretry = 3;
-          bantime = "1h";
-        };
-      };
-      
-      # Recidive - ban repeat offenders for 1 week
-      recidive = {
-        enabled = true;
-        settings = {
-          filter = "recidive";
-          logpath = "/var/log/fail2ban.log";
-          bantime = "1w";
-          findtime = "1d";
-          maxretry = 3;
-        };
-      };
-      
-      # HTTP authentication failures (Traefik)
-      http-auth = {
-        enabled = true;
-        settings = {
-          filter = "traefik-auth";
-          port = "80,443";
-          logpath = "/var/log/traefik/access.log";
-          maxretry = 5;
-          bantime = "1h";
-        };
-      };
-      
-      # HTTP scanning/attacks (Traefik)
-      http-botsearch = {
-        enabled = true;
-        settings = {
-          filter = "traefik-botsearch";
-          port = "80,443";
-          logpath = "/var/log/traefik/access.log";
-          maxretry = 2;
-          bantime = "2h";
-        };
-      };
-    };
-  };
-  
-  # Custom fail2ban filters for Traefik
-  environment.etc."fail2ban/filter.d/traefik-auth.conf".text = ''
-    [Definition]
-    failregex = ^<HOST> -.*"(GET|POST|HEAD|PUT|DELETE).*" (401|403) \d+.*$
-    ignoreregex =
-  '';
-  
-  environment.etc."fail2ban/filter.d/traefik-botsearch.conf".text = ''
-    [Definition]
-    failregex = ^<HOST> -.*"(GET|POST|HEAD|PUT|DELETE).*" 404 \d+.*$
-                ^<HOST> -.*"(GET|POST|HEAD|PUT|DELETE).*/(\.|wp-|php|admin|login|xmlrpc|\.env|\.git|\.aws|\.azure).*" \d+.*$
-    ignoreregex =
-  '';
-
-  # SSH hardening
-  services.openssh.settings = {
-    PermitRootLogin = "no";
-    MaxAuthTries = 3;
-    MaxSessions = 20;
-    LoginGraceTime = 30;
-    ClientAliveInterval = 300;
-    ClientAliveCountMax = 2;
-    PermitEmptyPasswords = "no";
-    ChallengeResponseAuthentication = "no";
-    UsePAM = true;
-    LogLevel = "VERBOSE";
-    X11Forwarding = false;
-    AllowTcpForwarding = "no";
-    AllowAgentForwarding = "no";
-    PermitTunnel = "no";
-  };
-
-  # Kernel network hardening
-  boot.kernel.sysctl = {
-    # IP Spoofing protection
-    "net.ipv4.conf.all.rp_filter" = 1;
-    "net.ipv4.conf.default.rp_filter" = 1;
-    
-    # Ignore ICMP broadcasts
-    "net.ipv4.icmp_echo_ignore_broadcasts" = 1;
-    
-    # Disable source routing
-    "net.ipv4.conf.all.accept_source_route" = 0;
-    "net.ipv4.conf.default.accept_source_route" = 0;
-    "net.ipv6.conf.all.accept_source_route" = 0;
-    "net.ipv6.conf.default.accept_source_route" = 0;
-    
-    # Disable redirects
-    "net.ipv4.conf.all.send_redirects" = 0;
-    "net.ipv4.conf.default.send_redirects" = 0;
-    
-    # SYN flood protection
-    "net.ipv4.tcp_syncookies" = 1;
-    "net.ipv4.tcp_max_syn_backlog" = 2048;
-    "net.ipv4.tcp_synack_retries" = 2;
-    "net.ipv4.tcp_syn_retries" = 5;
-    
-    # Log martian packets
-    "net.ipv4.conf.all.log_martians" = 1;
-    "net.ipv4.conf.default.log_martians" = 1;
-    
-    # Ignore redirects
-    "net.ipv4.conf.all.accept_redirects" = 0;
-    "net.ipv4.conf.default.accept_redirects" = 0;
-    "net.ipv4.conf.all.secure_redirects" = 0;
-    "net.ipv4.conf.default.secure_redirects" = 0;
-    "net.ipv6.conf.all.accept_redirects" = 0;
-    "net.ipv6.conf.default.accept_redirects" = 0;
-    
-    # Connection tuning
-    "net.core.somaxconn" = 4096;
-    "net.core.netdev_max_backlog" = 65536;
-    "net.ipv4.tcp_max_orphans" = 65536;
-    "net.ipv4.tcp_fin_timeout" = 15;
-    "net.ipv4.tcp_keepalive_time" = 300;
-    "net.ipv4.tcp_keepalive_probes" = 5;
-    "net.ipv4.tcp_keepalive_intvl" = 15;
-  };
-
-  # Audit logging
-  security.auditd.enable = true;
-  
-  # Fail2ban log directory
-  systemd.tmpfiles.rules = [
-    "d /var/log/fail2ban 0755 root root -"
-    "d /var/log/traefik 0755 root root -"
-  ];
-
   # Copy the NixOS configuration file and link it from the resulting system
   # (/run/current-system/configuration.nix). This is useful in case you
   # accidentally delete configuration.nix.

lib/keys.nix

@@ -9,10 +9,6 @@
     ai-worker = {
       main = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAXeGtPPcsP2IYRQNvII41NVWhJsarEk8c4qxs/a5sXf";
     };
-
-    hermes_agent = {
-      age = "age178ypgaxn3fldh2aeqz37ncpk7jrplaxacrca8kkcycre3ahjef4s2dp3rp";
-    };
   };
 
   hosts = {

modules/nixos/security/README-ai-worker.md

@@ -1,105 +0,0 @@
-# AI Worker Restricted Access
-
-This module provides SSH access for the AI worker (hermes-agent) to run ollama benchmarks on the host.
-
-## Security Model
-
-The `ai-worker` user has:
-
-### Filesystem Access
-- **Home directory**: `/home/ai-worker` (standard user home)
-- **No bind mounts**: Cannot access `/home/gortium/infra` or other host files
-- **Cannot access**: Any files outside standard system paths
-
-### Sudo Access
-- **NONE**: ai-worker has no sudo privileges
-- Cannot run `nh`, `nixos-rebuild`, `nixpkgs-fmt`, or `nix` with elevated permissions
-
-### Docker Access
-- Member of `docker` group - can run `docker` and `docker exec` commands
-- Primary use: `docker exec ollama ollama ...` for benchmarking
-- Can run `docker exec --privileged ollama rocm-smi ...` for VRAM monitoring
-
-## Workflow: SSH + Docker Benchmarking
-
-The AI worker connects from the Hermes container to the host via SSH, runs ollama benchmarks, then returns to save results.
-
-### Example Workflow
-
-```bash
-# From Hermes container, SSH to host
-ssh -i /path/to/ssh/key ai-worker@host.docker.internal
-
-# On host, run ollama benchmarks via docker
-docker exec ollama ollama pull devstral-small-2:24b
-
-# Create test modelfile
-docker exec ollama bash -c 'cat <<EOF > /root/.ollama/test.modelfile
-FROM devstral-small-2:24b
-PARAMETER num_ctx 65536
-PARAMETER num_gpu 99
-PARAMETER flash_attn true
-EOF'
-
-# Create and test model
-docker exec ollama ollama create test-model -f /root/.ollama/test.modelfile
-docker exec ollama ollama run test-model "Write a Python async function"
-
-# Check VRAM usage
-docker exec --privileged ollama rocm-smi --showmeminfo vram
-
-# Cleanup
-docker exec ollama ollama rm test-model
-
-# Exit SSH, return to Hermes container
-exit
-
-# Save results in Hermes container
-# /opt/data/ai-optimizer/state.json
-# /opt/data/ai-optimizer/results.csv
-```
-
-## SSH Access
-
-Connect as:
-```bash
-ssh ai-worker@lazyworkhorse
-```
-
-The working directory will be `/home/ai-worker`. No infra repo access.
-
-## Verification
-
-Check ai-worker permissions:
-```bash
-# On the host, as root or gortium:
-sudo -u ai-worker sudo -l
-# Should show: no sudo access
-
-# Check docker group membership
-groups ai-worker
-# Should show: ai-worker docker
-```
-
-## Troubleshooting
-
-If ai-worker cannot run docker commands:
-```bash
-# Check docker group membership
-groups ai-worker
-
-# Verify ollama container is running
-docker ps | grep ollama
-
-# Test docker access
-sudo -u ai-worker docker exec ollama ollama list
-```
-
-If SSH connection fails:
-```bash
-# Check SSH key is authorized
-cat /home/ai-worker/.ssh/authorized_keys
-
-# Check SSH service
-systemctl status sshd
-```

modules/nixos/security/ai-worker-restricted.nix

@@ -1,17 +0,0 @@
-{ config, pkgs, lib, ... }:
-
-with lib;
-
-{
-  options.services.aiWorkerAccess = mkOption {
-    type = types.bool;
-    default = false;
-    description = "Enable AI worker SSH access with docker group membership for ollama benchmarking";
-  };
-
-  config = mkIf config.services.aiWorkerAccess {
-    # ai-worker is member of docker group - can run docker commands via SSH
-    # No bind mounts, no sudo access - docker-only for ollama benchmarking
-    users.groups.docker.members = [ "ai-worker" ];
-  };
-}

modules/nixos/services/hyperspace.nix

@@ -0,0 +1,235 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.services.hyperspace;
+
+  # Hyperspace CLI release from github.com/hyperspaceai/aios-cli
+  # The binary bundles Node.js runtime + llama.cpp + sidecars (~914MB)
+  # It auto-updates via `hyperspace update` post-install
+  hyperspacePkg = pkgs.stdenv.mkDerivation rec {
+    pname = "hyperspace";
+    version = cfg.release;
+
+    src = pkgs.fetchurl {
+      url = "https://github.com/hyperspaceai/aios-cli/releases/download/v${version}/aios-cli-x86_64-unknown-linux-gnu.tar.gz";
+      hash = "sha256-f6fJ8t3exqtYwUD5j+WvD+Hm0oN/Eef0X+R9Rj23dE0=";
+    };
+
+    sourceRoot = ".";
+
+    installPhase = ''
+      mkdir -p $out/bin $out/lib/hyperspace
+
+      # Main CLI binary
+      cp aios-cli $out/bin/hyperspace
+      chmod +x $out/bin/hyperspace
+
+      # Sidecar binaries
+      for f in _aios-cli pod-raft hyperspace-*; do
+        [ -f "$f" ] && install -m755 "$f" $out/lib/hyperspace/ || true
+      done
+
+      # WASM, native modules, Python shards
+      cp -r *.wasm $out/lib/hyperspace/ 2>/dev/null || true
+      cp -r *.node $out/lib/hyperspace/ 2>/dev/null || true
+      mkdir -p $out/lib/hyperspace/python
+      cp -r python/* $out/lib/hyperspace/python/ 2>/dev/null || true
+
+      # Skills directory
+      mkdir -p $out/share/hyperspace
+      cp -r skills $out/share/hyperspace/ 2>/dev/null || true
+
+      # Set HYPERSPACE_PATH so the binary finds sidecars
+      wrapProgram $out/bin/hyperspace \
+        --set HYPERSPACE_PATH "$out/lib/hyperspace" \
+        --set HYPERSPACE_SKILLS_DIR "$out/share/hyperspace/skills"
+    '';
+
+    nativeBuildInputs = with pkgs; [ makeWrapper ];
+
+    meta = {
+      description = "Hyperspace CLI — P2P mesh AI inference network (Pods)";
+      longDescription = ''
+        Hyperspace Pods let multiple machines pool their GPUs into one private
+        AI cluster. Install the CLI, create a pod, share an invite link — your
+        machines form a P2P mesh and can run models split across all connected
+        GPUs. Exposes an OpenAI-compatible API for use with Cursor, Claude Code,
+        Aider, etc.
+      '';
+      homepage = "https://hyperspace.sh";
+      sourceProvenance = with lib; [ sourceTypes.binaryNativeCode ];
+      license = lib.licenses.unfree;
+      platforms = [ "x86_64-linux" ];
+      maintainers = [ ];
+    };
+  };
+
+in {
+  options.services.hyperspace = {
+    enable = mkEnableOption "Hyperspace P2P AI agent (Pods)";
+
+    release = mkOption {
+      type = types.str;
+      default = "5.45.30";
+      description = "Hyperspace CLI release version (from GitHub releases).";
+    };
+
+    user = mkOption {
+      type = types.str;
+      default = "ai-worker";
+      description = "System user to run the Hyperspace agent.";
+    };
+
+    apiPort = mkOption {
+      type = types.port;
+      default = 8080;
+      description = "Port for the OpenAI-compatible API server.";
+    };
+
+    autoStart = mkOption {
+      type = types.bool;
+      default = true;
+      description = "Auto-start the Hyperspace agent on boot.";
+    };
+
+    openFirewall = mkOption {
+      type = types.bool;
+      default = true;
+      description = "Open firewall ports for P2P traffic (libp2p 4001, chain 30301, API).";
+    };
+
+    profile = mkOption {
+      type = types.enum [ "auto" "full" "inference" "embedding" "relay" "storage" ];
+      default = "auto";
+      description = ''
+        Agent profile:
+        - auto: auto-detect hardware
+        - full: all 9 capabilities
+        - inference: GPU inference only
+        - embedding: CPU embedding only
+        - relay: lightweight relay
+        - storage: storage + memory
+      '';
+    };
+
+    extraArgs = mkOption {
+      type = types.listOf types.str;
+      default = [ ];
+      description = "Extra arguments passed to `hyperspace start`.";
+    };
+
+    dataDir = mkOption {
+      type = types.str;
+      default = "/var/lib/hyperspace";
+      description = "Data directory for agent state (models, config, logs).";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    # Ensure the service user exists
+    users.users.${cfg.user} = {
+      isSystemUser = true;
+      group = cfg.user;
+      home = "/home/${cfg.user}";
+      createHome = true;
+      shell = pkgs.bash;
+    };
+    users.groups.${cfg.user} = { };
+
+    # Install the hyperspace binary
+    environment.systemPackages = [ hyperspacePkg ];
+
+    # Data directories
+    systemd.tmpfiles.rules = [
+      "d ${cfg.dataDir} 0755 ${cfg.user} ${cfg.user} -"
+      "d ${cfg.dataDir}/models 0755 ${cfg.user} ${cfg.user} -"
+      "d ${cfg.dataDir}/data 0755 ${cfg.user} ${cfg.user} -"
+    ];
+
+    # Systemd service: runs the Hyperspace agent as a system daemon
+    systemd.services.hyperspace = {
+      description = "Hyperspace P2P AI Agent — Pods mesh cluster";
+      documentation = [ "https://hyperspace.sh" "https://github.com/hyperspaceai/aios-cli" ];
+      after = [ "network-online.target" ];
+      wants = [ "network-online.target" ];
+      wantedBy = mkIf cfg.autoStart [ "multi-user.target" ];
+
+      environment = {
+        HYPERSPACE_HOME = cfg.dataDir;
+        HYPERSPACE_API_PORT = toString cfg.apiPort;
+        HYPERSPACE_PATH = "${hyperspacePkg}/lib/hyperspace";
+      };
+
+      path = with pkgs; [ bash curl nodejs ];
+
+      script = ''
+        # Wait for network connectivity before starting
+        ${pkgs.bash}/bin/bash -c '
+          for i in $(seq 1 30); do
+            ping -c 1 -W 1 8.8.8.8 >/dev/null 2>&1 && break
+            sleep 2
+          done
+        ' || true
+
+        exec ${hyperspacePkg}/bin/hyperspace start \
+          --profile ${cfg.profile} \
+          --api-port ${toString cfg.apiPort} \
+          ${lib.escapeShellArgs cfg.extraArgs}
+      '';
+
+      serviceConfig = {
+        Type = "exec";
+        User = cfg.user;
+        Group = cfg.user;
+        WorkingDirectory = cfg.dataDir;
+        Restart = "always";
+        RestartSec = 10;
+        TimeoutStartSec = 180;
+        TimeoutStopSec = 30;
+        KillMode = "mixed";
+
+        # File limits for network-heavy P2P agent
+        LimitNOFILE = 65536;
+        LimitNPROC = 4096;
+
+        # GPU access — AMD MI50 (ROCm) through /dev/kfd and /dev/dri
+        DeviceAllow = [
+          "/dev/kfd" "rw"
+          "/dev/dri" "rw"
+        ];
+        SupplementaryGroups = [ "video" "render" ];
+
+        # Security hardening
+        NoNewPrivileges = true;
+        ProtectSystem = "strict";
+        ProtectHome = true;
+        PrivateTmp = true;
+        PrivateDevices = false;  # needs GPU access
+        ReadWritePaths = [
+          cfg.dataDir
+          "/tmp"
+        ];
+        BindPaths = [
+          # GPU devices for AMD MI50
+          "/dev/kfd"
+          "/dev/dri"
+        ];
+      };
+    };
+
+    # Firewall: open P2P ports for the mesh network
+    networking.firewall = mkIf cfg.openFirewall {
+      allowedTCPPorts = [
+        4001    # libp2p P2P (agent gossip, DHT, circuits)
+        30301   # Chain P2P (blockchain consensus)
+        cfg.apiPort  # OpenAI-compatible API
+      ];
+      allowedUDPPorts = [
+        4001    # libp2p QUIC transport
+        30301   # Chain UDP discovery
+      ];
+    };
+  };
+}

modules/nixos/services/ollama_init_custom_models.nix

@@ -1,87 +1,67 @@
 { pkgs, ... }: {
   systemd.services.init-ollama-model = {
     description = "Initialize LLM models with extra context in Ollama Docker";
-    
-    # On s'assure que Docker tourne avant de lancer ce script
-    after = [ "docker.service" ];
+    after = [ "docker-ollama.service" ];
     wantedBy = [ "multi-user.target" ];
-    
     script = ''
-      # Fonction de création asynchrone pour ne pas bloquer le démarrage
-      (
-        echo "Starting asynchronous Ollama initialization..."
-        
-        # Attente d'Ollama (maximum 120 secondes pour éviter une boucle infinie)
-        TIMEOUT=60
-        COUNT=0
-        while ! ${pkgs.curl}/bin/curl -s -f http://127.0.0.1:11434/api/tags > /dev/null; do
-          if [ $COUNT -ge $TIMEOUT ]; then
-            echo "Ollama did not become ready in time. Exiting."
-            exit 1
-          fi
-          echo "Waiting for Ollama API to be reachable..."
-          sleep 5
-          COUNT=$((COUNT + 5))
-        done
+      # Wait for Ollama
+      while ! ${pkgs.curl}/bin/curl -s http://localhost:11434/api/tags > /dev/null; do
+        sleep 2
+      done
 
-        create_model_if_missing() {
-          local model_name=$1
-          local base_model=$2
+      create_model_if_missing() {
+        local model_name=$1
+        local base_model=$2
+        if ! ${pkgs.docker}/bin/docker exec ollama ollama list | grep -q "$model_name"; then
+          echo "$model_name not found, creating from $base_model..."
           
-          # Vérification robuste via l'API HTTP d'Ollama plutôt que docker exec (évite les conflits de tty)
-          if ! ${pkgs.curl}/bin/curl -s http://127.0.0.1:11434/api/tags | ${pkgs.jq}/bin/jq -e ".models[] | select(.name == \"$model_name\")" > /dev/null; then
-            echo "$model_name not found, creating from $base_model..."
-            
-            # Utilisation d'un fichier temporaire sur l'hôte pour l'injecter proprement dans Docker
-            TMP_FILE=$(mktemp)
-            cat <<EOF > "$TMP_FILE"
+          # We use a custom TEMPLATE block to strip the 'currentDate' function 
+          # which is unsupported in Ollama 0.5.7 but present in Devstral's default manifest.
+          ${pkgs.docker}/bin/docker exec ollama sh -c "cat <<EOF > /root/.ollama/$model_name.modelfile
 FROM $base_model
-TEMPLATE """{{- if .System }}
+TEMPLATE \"\"\"{{- if .System }}
 [SYSTEM_PROMPT]
 {{ .System }}
 [/SYSTEM_PROMPT]
 {{- end }}
 {{- range .Messages }}
-{{- if eq .Role "user" }}
+{{- if eq .Role \"user\" }}
 [INST]
 {{ .Content }}
 [/INST]
-{{- else if eq .Role "assistant" }}
+{{- else if eq .Role \"assistant\" }}
 {{ .Content }}
 {{- end }}
-{{- end }}"""
+{{- end }}\"\"\"
 PARAMETER num_ctx 131072
 PARAMETER num_predict 4096
 PARAMETER num_keep 1024
 PARAMETER repeat_penalty 1.1
 PARAMETER top_k 40
-PARAMETER stop "[INST]"
-PARAMETER stop "[/INST]"
-PARAMETER stop "</s>"
-EOF
+PARAMETER stop \"[INST]\"
+PARAMETER stop \"[/INST]\"
+PARAMETER stop \"</s>\"
+EOF"
+          ${pkgs.docker}/bin/docker exec ollama ollama create "$model_name" -f "/root/.ollama/$model_name.modelfile"
+          ${pkgs.docker}/bin/docker exec ollama rm "/root/.ollama/$model_name.modelfile"
+        else
+          echo "$model_name already exists, skipping."
+        fi
+      }
 
-            # Copie et création dans le conteneur
-            ${pkgs.docker}/bin/docker cp "$TMP_FILE" ollama:/tmp/model.modelfile
-            ${pkgs.docker}/bin/docker exec ollama ollama create "$model_name" -f /tmp/model.modelfile
-            ${pkgs.docker}/bin/docker exec ollama rm /tmp/model.modelfile
-            rm -f "$TMP_FILE"
-          else
-            echo "$model_name already exists, skipping."
-          fi
-        }
-
-        # Create Nemotron
-        create_model_if_missing "nemotron-3-nano:30b-128k" "nemotron-3-nano:30b"
-        
-        # Create Devstral
-        create_model_if_missing "devstral-small-2:24b-128k" "devstral-small-2:24b" 
-        
-      ) &
+      # Create Nemotron
+      create_model_if_missing "nemotron-3-nano:30b-128k" "nemotron-3-nano:30b"
+      
+      # Create Devstral
+      create_model_if_missing "devstral-small-2:24b-128k" "devstral-small-2:24b" 
+      
+      # create_model_if_missing "qwen2.5-coder:32b-128k" "qwen2.5-coder:32b"
+      
+      # create_model_if_missing "mistral-large-planner:123b" "mistral-large:123b-instruct-v2407-q4_K_S"
     '';
-
     serviceConfig = {
-      Type = "forking"; # Permet à systemd de savoir que le script passe en arrière-plan via '&'
-      User = "root";
+      Type = "oneshot";
+      RemainAfterExit = true;
     };
   };
 }

secrets/secrets.nix

@@ -4,7 +4,6 @@ let
     keys.users.gortium.main
     keys.hosts.lazyworkhorse.main
     keys.hosts.lazyworkhorse.bootstrap
-    keys.users.hermes_agent.age
   ];
 in
 {

secrets/wireguard_preshared_key.age

@@ -1,9 +0,0 @@
------BEGIN AGE ENCRYPTED FILE-----
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEdoTUQ4QSA3VG9Z
-MVFPVFc2VVJ3d0h0dmtBUnI3WHl2SzUxTkRZbjFCaGloWmV3dnd3ClcxdnVPeGd6
-SU4zR0Q0K1dtVjRRVHd0VW5XSFI0dVFpTjZnYk1DNjRxTVEKLT4gQzlgRy1ncmVh
-c2UKeUozOWgyUytSTVF0NjY2STBEb2VadwotLS0gblI3bmJCUWxxU3QrYTEyVFBI
-Snc4NC9rTkh0NnZYbUtxUE9hRWRkelpmMAq58fmH6cK13GeD7wGLxKmx10hmJeW4
-b7KqnCD1ZP7uG85s32xzVRwRG8RrG4xZo5nR9Mrtg1CoTSFfUGeFnf5xveN+Ej0X
-wDVB1LwC+Q==
------END AGE ENCRYPTED FILE-----

secrets/wireguard_private_key.age

@@ -1,11 +0,0 @@
------BEGIN AGE ENCRYPTED FILE-----
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEdoTUQ4QSA5dzVG
-WUNvT3NlRmcrWS81bzJqSWlTekVYaDFFTE10SkI2dEgzaGpxcUI4Cmk5Y0FGYTRZ
-K0NGYzY3VUp4aS9ZZGRmWTgybDJFUURva2pZNmVOS3QxdEUKLT4gPnVRTCtldGMt
-Z3JlYXNlCk04OTJZeFRNeDI5aGpMVTk1ZTE0Y2FMMnFEMjlJalJpMHRlaTE4ZWIx
-d2lCRGQ5RHVjcktOMGJCb1VERlNWcTYKaSt0L1Z6dVJ0QWIyZkhsYzFEVjZSQWUr
-ZWpwVlo1TmhoUFJZdkEvR0gxNlVhcXF2ZTRnCi0tLSBLcmM2MThNVkdWclpHUXRr
-VTF6QVk2WUZlTXpZMVNLMlpBOFc3M1o5WjZzCs9xbPlIX+u5vRSQ/z9utu+I9S2c
-02DOsIb1kzxzb1OK91b8Kh4JucQSq3qkyEvRucsNn5QW8hIHDnRuND6EbPyN7p4S
-YB/F0dxSqgnq
------END AGE ENCRYPTED FILE-----

users/ai-worker.nix

@@ -9,85 +9,6 @@
     openssh.authorizedKeys.keys = [
       keys.users.ai-worker.main
     ];
-    # No password login - SSH key only
-    hashedPassword = "!";
   };
   users.groups.ai-worker = {};
-
-  # Enable restricted AI worker SSH access for ollama benchmarking
-  # SECURITY: ai-worker can only:
-  #   - SSH into host from Hermes container
-  #   - Run docker commands (docker exec ollama ...) via docker group
-  #   - Run specific security audit commands
-  #   - NO access to infra repo (no bind mount)
-  #   - NO sudo access (no nh, nixos-rebuild, nixpkgs-fmt, nix)
-  # WORKFLOW: SSH from Hermes container, run docker benchmarks, return and save results to /opt/data/ai-optimizer/
-  services.aiWorkerAccess = true;
-  
-  # Restricted sudo for ai-worker - security checks only
-  security.sudo.extraRules = [
-    {
-      users = [ "ai-worker" ];
-      commands = [
-        # Firewall checks
-        {
-          command = "/run/wrappers/bin/sudo iptables -L -n -v";
-          options = [ "NOPASSWD" ];
-        }
-        {
-          command = "/run/wrappers/bin/sudo iptables -S";
-          options = [ "NOPASSWD" ];
-        }
-        # Fail2ban status
-        {
-          command = "/run/current-system/sw/bin/fail2ban-client status";
-          options = [ "NOPASSWD" ];
-        }
-        {
-          command = "/run/current-system/sw/bin/fail2ban-client status *";
-          options = [ "NOPASSWD" ];
-        }
-        {
-          command = "/run/current-system/sw/bin/fail2ban-client get * banned";
-          options = [ "NOPASSWD" ];
-        }
-        # Log inspection
-        {
-          command = "/run/current-system/sw/bin/journalctl -t kernel -n 100";
-          options = [ "NOPASSWD" ];
-        }
-        {
-          command = "/run/current-system/sw/bin/journalctl -u fail2ban -n 50";
-          options = [ "NOPASSWD" ];
-        }
-        {
-          command = "/run/current-system/sw/bin/journalctl -u firewall -n 50";
-          options = [ "NOPASSWD" ];
-        }
-        # SSH config verification
-        {
-          command = "/run/current-system/sw/bin/sshd -T";
-          options = [ "NOPASSWD" ];
-        }
-        # Docker service checks
-        {
-          command = "/run/current-system/sw/bin/docker ps";
-          options = [ "NOPASSWD" ];
-        }
-        {
-          command = "/run/current-system/sw/bin/docker inspect *";
-          options = [ "NOPASSWD" ];
-        }
-        # Network diagnostics
-        {
-          command = "/run/current-system/sw/bin/ss -tlnp";
-          options = [ "NOPASSWD" ];
-        }
-        {
-          command = "/run/current-system/sw/bin/cat /proc/net/tcp";
-          options = [ "NOPASSWD" ];
-        }
-      ];
-    }
-  ];
 }