chore: update compose submodule for traefik access logs

ai-worker only needs security audit commands, not deployment access.

Removed:
- nh os switch
- nixos-rebuild switch

Kept:
- Firewall checks (iptables)
- Fail2ban status
- Log inspection (journalctl)
- SSH config (sshd -T)
- Docker service checks
- Network diagnostics

.planning/ROADMAP.md

@@ -13,9 +13,7 @@ None
 - ✅ **Phase 1: Foundation Setup** - Establish core NixOS configuration with flakes
 - ✅ **Phase 2: Docker Service Integration** - Integrate Docker Compose services
 - ✅ **Phase 3: AI Assistant Integration** - Enable AI-assisted infrastructure management
-- ✅ **Phase 4: Internet Access & MCP** - MCP server for web access
-- 🚨 **Security Hardening** - CRITICAL: Firewall, fail2ban, SSH hardening (PR #28)
-- [ ] **Phase 5: TAK Server** - Research, implementation, and validation
+- [ ] **Phase 4: Internet Access & MCP** - MCP server for web access
 
 
 ## Phase Details
@@ -135,25 +133,8 @@ Plans:
 
 ## Progress
 
-**Merge Priority Order** (CRITICAL - merge in this order):
-
-| Priority | PR | Description | Status | Notes |
-|----------|-----|-------------|--------|-------|
-| 🚨 1 | #28 | **Security hardening** (firewall, fail2ban, SSH) | Open | **MERGE FIRST** - protects all other services |
-| 2 | #22 | Matrix bridge dependency fix | Open | Blocks Hermes functionality |
-| 3 | #21 | Backup network creation fix | Open | Infrastructure fix |
-| 4 | #25 | Hermes voice GPU support | Open | Feature enhancement |
-| 5 | #24 | uConsole CM5 host | Open | New hardware support |
-| 6 | #23 | NixOS deployment infrastructure | Open | Deployment tooling |
-| 7 | #1 | AI worker restricted access | Open | Legacy PR (superseded by hardening) |
-
 **Execution Order:**
-Phases execute in numeric order: 1 → 2 → 3 → 4 → Security → 5 → 6 → 7
-
-**Merge vs Phase Execution:**
-- PRs can merge independently (no strict phase ordering for merges)
-- **EXCEPTION:** Security hardening (#28) must merge before any new services are exposed
-- After security merge, deploy with: `nh os switch --flake .#lazyworkhorse`
+Phases execute in numeric order: 1 → 2 → 3 → 4 → 5 → 6 → 7
 
 | Phase | Milestone | Plans Complete | Status | Completed |
 |-------|-----------|----------------|--------|-----------|

docker/hermes/Dockerfile.full

@@ -0,0 +1,71 @@
+FROM ghcr.io/astral-sh/uv:0.11.6-python3.13-trixie@sha256:b3c543b6c4f23a5f2df22866bd7857e5d304b67a564f4feab6ac22044dde719b AS uv_source
+FROM tianon/gosu:1.19-trixie@sha256:3b176695959c71e123eb390d427efc665eeb561b1540e82679c15e992006b8b9 AS gosu_source
+FROM debian:13.4
+
+# Disable Python stdout buffering to ensure logs are printed immediately
+ENV PYTHONUNBUFFERED=1
+
+# Store Playwright browsers outside the volume mount so the build-time
+# install survives the /opt/data volume overlay at runtime.
+ENV PLAYWRIGHT_BROWSERS_PATH=/opt/hermes/.playwright
+
+# Install system dependencies in one layer, clear APT cache
+# tini reaps orphaned zombie processes (MCP stdio subprocesses, git, bun, etc.)
+# that would otherwise accumulate when hermes runs as PID 1. See #15012.
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends \
+        build-essential nodejs npm python3 ripgrep ffmpeg gcc python3-dev libffi-dev procps git openssh-client docker-cli tini \
+        curl poppler-utils imagemagick \
+        chromium xvfb fonts-noto-color-emoji fonts-unifont fonts-liberation fonts-ipafont-gothic fonts-wqy-zenhei fonts-tlwg-loma-otf fonts-freefont-ttf \
+        libasound2t64 libatk-bridge2.0-0t64 libatk1.0-0t64 libatspi2.0-0t64 libcairo2 libcups2t64 libdbus-1-3 libdrm2 libgbm1 libglib2.0-0t64 libnspr4 libnss3 libpango-1.0-0 libx11-6 libxcb1 libxcomposite1 libxdamage1 libxext6 libxfixes3 libxkbcommon0 libxrandr2 \
+        texlive-latex-base texlive-latex-extra texlive-fonts-recommended texlive-xetex texlive-science \
+        qemu-user-static binfmt-support qemu-user-binfmt \
+        emacs-nox \
+        libportaudio2 && \
+    rm -rf /var/lib/apt/lists/*
+
+# Non-root user for runtime; UID can be overridden via HERMES_UID at runtime
+RUN useradd -u 10000 -m -d /opt/data hermes
+
+COPY --chmod=0755 --from=gosu_source /gosu /usr/local/bin/
+COPY --chmod=0755 --from=uv_source /usr/local/bin/uv /usr/local/bin/uvx /usr/local/bin/
+
+WORKDIR /opt/hermes
+
+# ---------- Layer-cached dependency install ----------
+# Copy only package manifests first so npm install + Playwright are cached
+# unless the lockfiles themselves change.
+COPY package.json package-lock.json ./
+COPY web/package.json web/package-lock.json web/
+
+RUN npm install --prefer-offline --no-audit && \
+    npx playwright install --with-deps chromium --only-shell && \
+    (cd web && npm install --prefer-offline --no-audit) && \
+    npm cache clean --force
+
+# ---------- Source code ----------
+# .dockerignore excludes node_modules, so the installs above survive.
+COPY --chown=hermes:hermes . .
+
+# Build web dashboard (Vite outputs to hermes_cli/web_dist/)
+RUN cd web && npm run build
+
+# ---------- Permissions ----------
+# Make install dir world-readable so any HERMES_UID can read it at runtime.
+# The venv needs to be traversable too.
+USER root
+RUN chmod -R a+rX /opt/hermes
+# Start as root so the entrypoint can usermod/groupmod + gosu.
+# If HERMES_UID is unset, the entrypoint drops to the default hermes user (10000).
+
+# ---------- Python virtualenv ----------
+RUN uv venv && \
+    uv pip install --no-cache-dir -e ".[all]" && \
+    uv pip install --no-cache-dir sounddevice numpy faster-whisper
+
+# ---------- Runtime ----------
+ENV HERMES_WEB_DIST=/opt/hermes/hermes_cli/web_dist
+ENV HERMES_HOME=/opt/data
+ENV PATH="/opt/data/.local/bin:${PATH}"
+VOLUME [ "/opt/data" ]
+ENTRYPOINT [ "/usr/bin/tini", "-g", "--", "/opt/hermes/docker/entrypoint.sh" ]

flake.nix

@@ -61,7 +61,6 @@
               ./modules/nixos/services/open_code_server.nix
               ./modules/nixos/services/ollama_init_custom_models.nix
               ./modules/nixos/services/openclaw_node.nix
-              ./modules/nixos/services/hyperspace.nix
               ./users/gortium.nix
               ./users/ai-worker.nix
             ];

hosts/lazyworkhorse/configuration.nix

@@ -158,7 +158,7 @@
     settings = {
       PasswordAuthentication = false;
       KbdInteractiveAuthentication = false;
-      PermitRootLogin = "prohibit-password"; 
+      # Additional hardening settings below in SERVER HARDENING section
     };
     hostKeys = [
       {
@@ -277,16 +277,6 @@
     displayName = "lazyworkhorse-host";
   };
 
-  # Hyperspace Pods — P2P mesh AI cluster (combine GPUs across machines)
-  services.hyperspace = {
-    enable = true;
-    user = "ai-worker";
-    apiPort = 8080;
-    profile = "auto";
-    openFirewall = true;
-    extraArgs = [ "--verbose" ];
-  };
-
   # Public host ssh key (kept in sync with the private one)
   environment.etc."ssh/ssh_host_ed25519_key.pub".text =
     "${keys.hosts.lazyworkhorse.main}";
@@ -318,6 +308,176 @@
   # Or disable the firewall altogether.
   # networking.firewall.enable = false;
 
+  # =============================================================================
+  # SERVER HARDENING - Firewall, Fail2ban, SSH, Kernel
+  # =============================================================================
+  
+  # Firewall - default deny, explicit allow
+  networking.firewall = {
+    enable = true;
+    allowPing = true;
+    defaultAllow = false;
+    
+    # Only essential ports exposed to internet
+    allowedTCPPorts = [
+      2424  # SSH (non-standard port)
+      2222  # Gitea (version control)
+      80    # HTTP (Traefik redirect)
+      443   # HTTPS (Traefik)
+      # 8000  # Portainer - REVIEW: internal only?
+      # 4242  # Coms - REVIEW: internal only?
+      # 5000  # TAK API - REVIEW: internal only?
+      # 8087  # TAK Connect - REVIEW: internal only?
+      # 8089  # TAK Management - REVIEW: internal only?
+    ];
+    
+    allowedUDPPorts = [
+      # Add UDP ports if required
+    ];
+    
+    # Rate limiting and attack prevention
+    extraCommands = ''
+      # Rate limit SSH connections (max 4 new connections per 60 seconds)
+      iptables -A INPUT -p tcp --dport 2424 -m state --state NEW -m recent --set
+      iptables -A INPUT -p tcp --dport 2424 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 -j DROP
+      
+      # Rate limit HTTP/HTTPS (protects Traefik)
+      iptables -A INPUT -p tcp --dport 80 -m state --state NEW -m limit --limit 25/minute --limit-burst 100 -j ACCEPT
+      iptables -A INPUT -p tcp --dport 443 -m state --state NEW -m limit --limit 25/minute --limit-burst 100 -j ACCEPT
+      
+      # Drop invalid packets
+      iptables -A INPUT -m state --state INVALID -j DROP
+      
+      # Log dropped packets (rate limited)
+      iptables -A INPUT -m limit --limit 5/min -j LOG --log-prefix "IPTables-Dropped: " --log-level 4
+    '';
+  };
+
+  # Fail2ban - automatic IP banning
+  services.fail2ban = {
+    enable = true;
+    maxRetry = 3;
+    findtime = 600;
+    bantime = 3600;
+    banaction = "iptables-multiport";
+    
+    # Ban repeat offenders for 1 week
+    recidive = {
+      enabled = true;
+      filter = "recidive";
+      logpath = "/var/log/fail2ban.log";
+      bantime = 604800;
+      findtime = 86400;
+      maxretry = 3;
+    };
+    
+    jails = {
+      # SSH brute force protection
+      sshd = {
+        enabled = true;
+        filter = "sshd";
+        port = "2424";
+        logpath = "/var/log/auth.log";
+        maxretry = 3;
+        bantime = 3600;
+      };
+      
+      # HTTP authentication failures
+      http-auth = {
+        enabled = true;
+        filter = "apache-auth";
+        port = "80,443";
+        logpath = "/var/log/traefik/access.log";
+        maxretry = 5;
+        bantime = 3600;
+      };
+      
+      # HTTP scanning/attacks
+      http-botsearch = {
+        enabled = true;
+        filter = "apache-botsearch";
+        port = "80,443";
+        logpath = [ "/var/log/traefik/access.log" ];
+        maxretry = 2;
+        bantime = 7200;
+      };
+    };
+  };
+
+  # SSH hardening
+  services.openssh.settings = {
+    PermitRootLogin = "no";
+    MaxAuthTries = 3;
+    MaxSessions = 5;
+    LoginGraceTime = 30;
+    ClientAliveInterval = 300;
+    ClientAliveCountMax = 2;
+    PermitEmptyPasswords = "no";
+    ChallengeResponseAuthentication = "no";
+    UsePAM = true;
+    LogLevel = "VERBOSE";
+    X11Forwarding = false;
+    AllowTcpForwarding = "no";
+    AllowAgentForwarding = "no";
+    PermitTunnel = "no";
+  };
+
+  # Kernel network hardening
+  boot.kernel.sysctl = {
+    # IP Spoofing protection
+    "net.ipv4.conf.all.rp_filter" = 1;
+    "net.ipv4.conf.default.rp_filter" = 1;
+    
+    # Ignore ICMP broadcasts
+    "net.ipv4.icmp_echo_ignore_broadcasts" = 1;
+    
+    # Disable source routing
+    "net.ipv4.conf.all.accept_source_route" = 0;
+    "net.ipv4.conf.default.accept_source_route" = 0;
+    "net.ipv6.conf.all.accept_source_route" = 0;
+    "net.ipv6.conf.default.accept_source_route" = 0;
+    
+    # Disable redirects
+    "net.ipv4.conf.all.send_redirects" = 0;
+    "net.ipv4.conf.default.send_redirects" = 0;
+    
+    # SYN flood protection
+    "net.ipv4.tcp_syncookies" = 1;
+    "net.ipv4.tcp_max_syn_backlog" = 2048;
+    "net.ipv4.tcp_synack_retries" = 2;
+    "net.ipv4.tcp_syn_retries" = 5;
+    
+    # Log martian packets
+    "net.ipv4.conf.all.log_martians" = 1;
+    "net.ipv4.conf.default.log_martians" = 1;
+    
+    # Ignore redirects
+    "net.ipv4.conf.all.accept_redirects" = 0;
+    "net.ipv4.conf.default.accept_redirects" = 0;
+    "net.ipv4.conf.all.secure_redirects" = 0;
+    "net.ipv4.conf.default.secure_redirects" = 0;
+    "net.ipv6.conf.all.accept_redirects" = 0;
+    "net.ipv6.conf.default.accept_redirects" = 0;
+    
+    # Connection tuning
+    "net.core.somaxconn" = 4096;
+    "net.core.netdev_max_backlog" = 65536;
+    "net.ipv4.tcp_max_orphans" = 65536;
+    "net.ipv4.tcp_fin_timeout" = 15;
+    "net.ipv4.tcp_keepalive_time" = 300;
+    "net.ipv4.tcp_keepalive_probes" = 5;
+    "net.ipv4.tcp_keepalive_intvl" = 15;
+  };
+
+  # Audit logging
+  services.auditd.enable = true;
+  
+  # Fail2ban log directory
+  systemd.tmpfiles.rules = [
+    "d /var/log/fail2ban 0755 root root -"
+    "d /var/log/traefik 0755 root root -"
+  ];
+
   # Copy the NixOS configuration file and link it from the resulting system
   # (/run/current-system/configuration.nix). This is useful in case you
   # accidentally delete configuration.nix.

modules/nixos/services/hyperspace.nix

@@ -1,235 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-let
-  cfg = config.services.hyperspace;
-
-  # Hyperspace CLI release from github.com/hyperspaceai/aios-cli
-  # The binary bundles Node.js runtime + llama.cpp + sidecars (~914MB)
-  # It auto-updates via `hyperspace update` post-install
-  hyperspacePkg = pkgs.stdenv.mkDerivation rec {
-    pname = "hyperspace";
-    version = cfg.release;
-
-    src = pkgs.fetchurl {
-      url = "https://github.com/hyperspaceai/aios-cli/releases/download/v${version}/aios-cli-x86_64-unknown-linux-gnu.tar.gz";
-      hash = "sha256-f6fJ8t3exqtYwUD5j+WvD+Hm0oN/Eef0X+R9Rj23dE0=";
-    };
-
-    sourceRoot = ".";
-
-    installPhase = ''
-      mkdir -p $out/bin $out/lib/hyperspace
-
-      # Main CLI binary
-      cp aios-cli $out/bin/hyperspace
-      chmod +x $out/bin/hyperspace
-
-      # Sidecar binaries
-      for f in _aios-cli pod-raft hyperspace-*; do
-        [ -f "$f" ] && install -m755 "$f" $out/lib/hyperspace/ || true
-      done
-
-      # WASM, native modules, Python shards
-      cp -r *.wasm $out/lib/hyperspace/ 2>/dev/null || true
-      cp -r *.node $out/lib/hyperspace/ 2>/dev/null || true
-      mkdir -p $out/lib/hyperspace/python
-      cp -r python/* $out/lib/hyperspace/python/ 2>/dev/null || true
-
-      # Skills directory
-      mkdir -p $out/share/hyperspace
-      cp -r skills $out/share/hyperspace/ 2>/dev/null || true
-
-      # Set HYPERSPACE_PATH so the binary finds sidecars
-      wrapProgram $out/bin/hyperspace \
-        --set HYPERSPACE_PATH "$out/lib/hyperspace" \
-        --set HYPERSPACE_SKILLS_DIR "$out/share/hyperspace/skills"
-    '';
-
-    nativeBuildInputs = with pkgs; [ makeWrapper ];
-
-    meta = {
-      description = "Hyperspace CLI — P2P mesh AI inference network (Pods)";
-      longDescription = ''
-        Hyperspace Pods let multiple machines pool their GPUs into one private
-        AI cluster. Install the CLI, create a pod, share an invite link — your
-        machines form a P2P mesh and can run models split across all connected
-        GPUs. Exposes an OpenAI-compatible API for use with Cursor, Claude Code,
-        Aider, etc.
-      '';
-      homepage = "https://hyperspace.sh";
-      sourceProvenance = with lib; [ sourceTypes.binaryNativeCode ];
-      license = lib.licenses.unfree;
-      platforms = [ "x86_64-linux" ];
-      maintainers = [ ];
-    };
-  };
-
-in {
-  options.services.hyperspace = {
-    enable = mkEnableOption "Hyperspace P2P AI agent (Pods)";
-
-    release = mkOption {
-      type = types.str;
-      default = "5.45.30";
-      description = "Hyperspace CLI release version (from GitHub releases).";
-    };
-
-    user = mkOption {
-      type = types.str;
-      default = "ai-worker";
-      description = "System user to run the Hyperspace agent.";
-    };
-
-    apiPort = mkOption {
-      type = types.port;
-      default = 8080;
-      description = "Port for the OpenAI-compatible API server.";
-    };
-
-    autoStart = mkOption {
-      type = types.bool;
-      default = true;
-      description = "Auto-start the Hyperspace agent on boot.";
-    };
-
-    openFirewall = mkOption {
-      type = types.bool;
-      default = true;
-      description = "Open firewall ports for P2P traffic (libp2p 4001, chain 30301, API).";
-    };
-
-    profile = mkOption {
-      type = types.enum [ "auto" "full" "inference" "embedding" "relay" "storage" ];
-      default = "auto";
-      description = ''
-        Agent profile:
-        - auto: auto-detect hardware
-        - full: all 9 capabilities
-        - inference: GPU inference only
-        - embedding: CPU embedding only
-        - relay: lightweight relay
-        - storage: storage + memory
-      '';
-    };
-
-    extraArgs = mkOption {
-      type = types.listOf types.str;
-      default = [ ];
-      description = "Extra arguments passed to `hyperspace start`.";
-    };
-
-    dataDir = mkOption {
-      type = types.str;
-      default = "/var/lib/hyperspace";
-      description = "Data directory for agent state (models, config, logs).";
-    };
-  };
-
-  config = mkIf cfg.enable {
-    # Ensure the service user exists
-    users.users.${cfg.user} = {
-      isSystemUser = true;
-      group = cfg.user;
-      home = "/home/${cfg.user}";
-      createHome = true;
-      shell = pkgs.bash;
-    };
-    users.groups.${cfg.user} = { };
-
-    # Install the hyperspace binary
-    environment.systemPackages = [ hyperspacePkg ];
-
-    # Data directories
-    systemd.tmpfiles.rules = [
-      "d ${cfg.dataDir} 0755 ${cfg.user} ${cfg.user} -"
-      "d ${cfg.dataDir}/models 0755 ${cfg.user} ${cfg.user} -"
-      "d ${cfg.dataDir}/data 0755 ${cfg.user} ${cfg.user} -"
-    ];
-
-    # Systemd service: runs the Hyperspace agent as a system daemon
-    systemd.services.hyperspace = {
-      description = "Hyperspace P2P AI Agent — Pods mesh cluster";
-      documentation = [ "https://hyperspace.sh" "https://github.com/hyperspaceai/aios-cli" ];
-      after = [ "network-online.target" ];
-      wants = [ "network-online.target" ];
-      wantedBy = mkIf cfg.autoStart [ "multi-user.target" ];
-
-      environment = {
-        HYPERSPACE_HOME = cfg.dataDir;
-        HYPERSPACE_API_PORT = toString cfg.apiPort;
-        HYPERSPACE_PATH = "${hyperspacePkg}/lib/hyperspace";
-      };
-
-      path = with pkgs; [ bash curl nodejs ];
-
-      script = ''
-        # Wait for network connectivity before starting
-        ${pkgs.bash}/bin/bash -c '
-          for i in $(seq 1 30); do
-            ping -c 1 -W 1 8.8.8.8 >/dev/null 2>&1 && break
-            sleep 2
-          done
-        ' || true
-
-        exec ${hyperspacePkg}/bin/hyperspace start \
-          --profile ${cfg.profile} \
-          --api-port ${toString cfg.apiPort} \
-          ${lib.escapeShellArgs cfg.extraArgs}
-      '';
-
-      serviceConfig = {
-        Type = "exec";
-        User = cfg.user;
-        Group = cfg.user;
-        WorkingDirectory = cfg.dataDir;
-        Restart = "always";
-        RestartSec = 10;
-        TimeoutStartSec = 180;
-        TimeoutStopSec = 30;
-        KillMode = "mixed";
-
-        # File limits for network-heavy P2P agent
-        LimitNOFILE = 65536;
-        LimitNPROC = 4096;
-
-        # GPU access — AMD MI50 (ROCm) through /dev/kfd and /dev/dri
-        DeviceAllow = [
-          "/dev/kfd" "rw"
-          "/dev/dri" "rw"
-        ];
-        SupplementaryGroups = [ "video" "render" ];
-
-        # Security hardening
-        NoNewPrivileges = true;
-        ProtectSystem = "strict";
-        ProtectHome = true;
-        PrivateTmp = true;
-        PrivateDevices = false;  # needs GPU access
-        ReadWritePaths = [
-          cfg.dataDir
-          "/tmp"
-        ];
-        BindPaths = [
-          # GPU devices for AMD MI50
-          "/dev/kfd"
-          "/dev/dri"
-        ];
-      };
-    };
-
-    # Firewall: open P2P ports for the mesh network
-    networking.firewall = mkIf cfg.openFirewall {
-      allowedTCPPorts = [
-        4001    # libp2p P2P (agent gossip, DHT, circuits)
-        30301   # Chain P2P (blockchain consensus)
-        cfg.apiPort  # OpenAI-compatible API
-      ];
-      allowedUDPPorts = [
-        4001    # libp2p QUIC transport
-        30301   # Chain UDP discovery
-      ];
-    };
-  };
-}

modules/nixos/services/ollama_init_custom_models.nix

@@ -14,25 +14,8 @@
         local base_model=$2
         if ! ${pkgs.docker}/bin/docker exec ollama ollama list | grep -q "$model_name"; then
           echo "$model_name not found, creating from $base_model..."
-          
-          # We use a custom TEMPLATE block to strip the 'currentDate' function 
-          # which is unsupported in Ollama 0.5.7 but present in Devstral's default manifest.
           ${pkgs.docker}/bin/docker exec ollama sh -c "cat <<EOF > /root/.ollama/$model_name.modelfile
 FROM $base_model
-TEMPLATE \"\"\"{{- if .System }}
-[SYSTEM_PROMPT]
-{{ .System }}
-[/SYSTEM_PROMPT]
-{{- end }}
-{{- range .Messages }}
-{{- if eq .Role \"user\" }}
-[INST]
-{{ .Content }}
-[/INST]
-{{- else if eq .Role \"assistant\" }}
-{{ .Content }}
-{{- end }}
-{{- end }}\"\"\"
 PARAMETER num_ctx 131072
 PARAMETER num_predict 4096
 PARAMETER num_keep 1024
@@ -43,7 +26,6 @@ PARAMETER stop \"[/INST]\"
 PARAMETER stop \"</s>\"
 EOF"
           ${pkgs.docker}/bin/docker exec ollama ollama create "$model_name" -f "/root/.ollama/$model_name.modelfile"
-          ${pkgs.docker}/bin/docker exec ollama rm "/root/.ollama/$model_name.modelfile"
         else
           echo "$model_name already exists, skipping."
         fi
@@ -54,10 +36,6 @@ EOF"
       
       # Create Devstral
       create_model_if_missing "devstral-small-2:24b-128k" "devstral-small-2:24b" 
-      
-      # create_model_if_missing "qwen2.5-coder:32b-128k" "qwen2.5-coder:32b"
-      
-      # create_model_if_missing "mistral-large-planner:123b" "mistral-large:123b-instruct-v2407-q4_K_S"
     '';
     serviceConfig = {
       Type = "oneshot";

users/ai-worker.nix

@@ -11,4 +11,71 @@
     ];
   };
   users.groups.ai-worker = {};
+  
+  # Restricted sudo for ai-worker - security checks only
+  security.sudo.extraRules = [
+    {
+      users = [ "ai-worker" ];
+      commands = [
+        # Firewall checks
+        {
+          command = "/run/wrappers/bin/sudo iptables -L -n -v";
+          options = [ "NOPASSWD" ];
+        }
+        {
+          command = "/run/wrappers/bin/sudo iptables -S";
+          options = [ "NOPASSWD" ];
+        }
+        # Fail2ban status
+        {
+          command = "/run/current-system/sw/bin/fail2ban-client status";
+          options = [ "NOPASSWD" ];
+        }
+        {
+          command = "/run/current-system/sw/bin/fail2ban-client status *";
+          options = [ "NOPASSWD" ];
+        }
+        {
+          command = "/run/current-system/sw/bin/fail2ban-client get * banned";
+          options = [ "NOPASSWD" ];
+        }
+        # Log inspection
+        {
+          command = "/run/current-system/sw/bin/journalctl -t kernel -n 100";
+          options = [ "NOPASSWD" ];
+        }
+        {
+          command = "/run/current-system/sw/bin/journalctl -u fail2ban -n 50";
+          options = [ "NOPASSWD" ];
+        }
+        {
+          command = "/run/current-system/sw/bin/journalctl -u firewall -n 50";
+          options = [ "NOPASSWD" ];
+        }
+        # SSH config verification
+        {
+          command = "/run/current-system/sw/bin/sshd -T";
+          options = [ "NOPASSWD" ];
+        }
+        # Docker service checks
+        {
+          command = "/run/current-system/sw/bin/docker ps";
+          options = [ "NOPASSWD" ];
+        }
+        {
+          command = "/run/current-system/sw/bin/docker inspect *";
+          options = [ "NOPASSWD" ];
+        }
+        # Network diagnostics
+        {
+          command = "/run/current-system/sw/bin/ss -tlnp";
+          options = [ "NOPASSWD" ];
+        }
+        {
+          command = "/run/current-system/sw/bin/cat /proc/net/tcp";
+          options = [ "NOPASSWD" ];
+        }
+      ];
+    }
+  ];
 }