Removed double file

Added access to the secret to version control
The key changed apparently? it works with that one anyway
2026-05-13 10:04:57 -04:00 · 2026-05-13 10:03:14 -04:00 · 2026-05-13 10:01:58 -04:00 · 2026-05-10 22:23:29 -04:00 · 2026-05-10 22:15:53 -04:00 · 2026-05-10 22:15:02 -04:00
8 changed files with 138 additions and 351 deletions
--- a/.gitea/workflows/build-nixos.yml
+++ b/.gitea/workflows/build-nixos.yml
@@ -0,0 +1,33 @@
+name: Build NixOS config
+on:
+  pull_request:
+    branches: [ master ]
+    paths:
+      - '**.nix'
+      - 'flake.lock'
+      - 'secrets/**'
+      - 'hosts/**'
+      - 'modules/**'
+  push:
+    branches: [ master ]
+    paths:
+      - '**.nix'
+      - 'flake.lock'
+      - 'secrets/**'
+      - 'hosts/**'
+      - 'modules/**'
+
+jobs:
+  build:
+    runs-on: nixos-builder
+    steps:
+      - name: Checkout
+        run: |
+          git clone -b "${{ github.head_ref || github.ref_name }}" \
+            https://gitea:${{ secrets.GITHUB_TOKEN }}@code.lazyworkhorse.net/gortium/infra.git .
+          git log --oneline -3
+
+      - name: Build NixOS config (lazyworkhorse)
+        run: |
+          nix --version
+          nh os build .#lazyworkhorse 2>&1
--- a/assets/compose
+++ b/assets/compose
--- a/assets/ollama/Dockerfile
+++ b/assets/ollama/Dockerfile
@@ -1,106 +0,0 @@
-# ollama-gfx906/Dockerfile
-#
-# Custom ollama image with ROCm 6.1 + gfx906 (MI50) support.
-# The official ollama/rocm image ships ROCm 7.2 which dropped gfx906.
-# This uses v0.23.2's native CMake build system with AMDGPU_TARGETS including gfx906.
-#
-# Build: docker build -t ollama/ollama:rocm-gfx906 ai/ollama
-
-FROM rocm/dev-ubuntu-22.04:6.1.2-complete AS builder
-
-# Build dependencies (CMake, Ninja, Go)
-ARG CMAKEVERSION=3.31.2
-ARG NINJAVERSION=1.12.1
-ARG GOLANG_VERSION=1.22.0
-
-RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y \
-    curl git ccache build-essential pkg-config unzip \
-    && rm -rf /var/lib/apt/lists/*
-
-# Install CMake from official binaries
-RUN curl -fsSL https://github.com/Kitware/CMake/releases/download/v${CMAKEVERSION}/cmake-${CMAKEVERSION}-linux-x86_64.tar.gz \
-    | tar xz -C /usr/local --strip-components 1
-
-# Install Ninja
-RUN curl -fsSL -o /tmp/ninja.zip \
-    https://github.com/ninja-build/ninja/releases/download/v${NINJAVERSION}/ninja-linux.zip \
-    && unzip /tmp/ninja.zip -d /usr/local/bin && rm /tmp/ninja.zip
-
-# Install Go
-RUN curl -fsSL https://go.dev/dl/go${GOLANG_VERSION}.linux-amd64.tar.gz \
-    | tar xz -C /usr/local
-ENV PATH=/usr/local/go/bin:$PATH
-
-ARG OLLAMA_VERSION=v0.23.2
-RUN git clone --depth 1 --branch ${OLLAMA_VERSION} https://github.com/ollama/ollama.git /build
-WORKDIR /build
-
-# ROCm paths
-ENV HIP_PATH=/opt/rocm
-ENV ROCM_PATH=/opt/rocm
-ENV CMAKE_GENERATOR=Ninja
-ENV LDFLAGS=-s
-
-# Step 1: Build CPU backends with GCC (no ROCm preset)
-# Pre-set CMAKE_HIP_COMPILER="" to prevent check_language(HIP) from
-# finding a HIP compiler (it searches /opt/rocm even without PATH).
-# Remove /opt/rocm from PATH to prevent find_program from finding hipcc.
-RUN mkdir -p build-cpu && \
-    PATH=/usr/local/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin \
-    cmake -B build-cpu -DCMAKE_BUILD_TYPE=Release \
-      -DCMAKE_HIP_COMPILER="" \
-      -DCMAKE_INSTALL_PREFIX=/build/dist && \
-    cmake --build build-cpu --target ggml-cpu -- -l $(nproc) && \
-    cmake --install build-cpu --component CPU --strip && \
-    echo "=== CPU install ===" && \
-    (find /build/dist/lib/ollama -type f -o -type l 2>&1 | head -20 || echo "empty")
-
-# Step 2: Build HIP backend with ROCm preset + gfx906 target only
-# The ROCm 6 preset enables HIP language detection (enable_language(HIP))
-# which ensures GPU kernels are properly compiled for gfx906.
-# OLLAMA_RUNNER_DIR=rocm from the preset, so HIP goes to lib/ollama/rocm/
-# Need CMAKE_PREFIX_PATH so find_package(hip) finds hip-config.cmake
-# at /opt/rocm/lib/cmake/hip/hip-config.cmake.
-RUN mkdir -p build-hip && \
-    cmake -B build-hip \
-      --preset 'ROCm 6' \
-      -DAMDGPU_TARGETS="gfx906:xnack-" \
-      -DCMAKE_BUILD_TYPE=Release \
-      -DCMAKE_PREFIX_PATH="/opt/rocm" && \
-    cmake --build build-hip --target ggml-hip -- -l $(nproc) && \
-    cmake --install build-hip --component HIP --strip && \
-    echo "=== HIP install ===" && \
-    find /build/dist/lib/ollama -type f -o -type l | head -20
-
-# Step 3: Build Go binary (GCC for CGo linking)
-ENV CGO_ENABLED=1
-RUN go build -trimpath -ldflags="-X=github.com/ollama/ollama/version.Version=${OLLAMA_VERSION}" -o /build/dist/ollama .
-
-# ---------- Runtime image ----------
-FROM ubuntu:24.04
-
-RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y \
-    ca-certificates curl libstdc++6 libgomp1 libvulkan1 libopenblas0 \
-    && rm -rf /var/lib/apt/lists/*
-
-# Copy ROCm 6.1 runtime libraries
-# These are needed at runtime by ggml-hip via LD_LIBRARY_PATH
-COPY --from=builder /opt/rocm/lib/ /opt/rocm/lib/
-COPY --from=builder /opt/rocm/share/ /opt/rocm/share/
-
-# Copy ollama binary + all backends (CPU + HIP)
-# CPU install:  /build/dist/lib/ollama/libggml-*.so
-# HIP install:  /build/dist/lib/ollama/rocm/libggml-hip.so
-COPY --from=builder /build/dist/ollama /usr/bin/ollama
-COPY --from=builder /build/dist/lib/ollama/ /usr/lib/ollama/
-
-RUN ldconfig
-
-ENV LD_LIBRARY_PATH=/opt/rocm/lib:/usr/lib/ollama/rocm:/usr/lib/ollama
-ENV HSA_OVERRIDE_GFX_VERSION=9.0.6
-ENV HCC_AMDGPU_TARGET=gfx906
-ENV HSA_ENABLE_SDMA=0
-
-EXPOSE 11434
-ENTRYPOINT ["/bin/ollama"]
-CMD ["serve"]
--- a/hosts/lazyworkhorse/configuration.nix
+++ b/hosts/lazyworkhorse/configuration.nix
@@ -191,6 +191,7 @@
  services.dockerStacks = {
    versioncontrol = {
      path = self + "/assets/compose/versioncontrol";
+      envFile = config.age.secrets.containers_env.path;
      ports = [ 2222 ];
    };
    
@@ -207,7 +208,6 @@
    ai = {
      path = self + "/assets/compose/ai";
      envFile = config.age.secrets.containers_env.path;
-      ports = [ 22000 ];  # Syncthing TCP sync
    };

    cloudstorage = {
@@ -475,7 +475,7 @@
  services.openssh.settings = {
    PermitRootLogin = "no";
    MaxAuthTries = 3;
-    MaxSessions = 20;
+    MaxSessions = 10;
    LoginGraceTime = 30;
    ClientAliveInterval = 300;
    ClientAliveCountMax = 2;
--- a/modules/nixos/security/README-ai-worker.md
+++ b/modules/nixos/security/README-ai-worker.md
@@ -1,44 +1,10 @@
 # AI Worker Restricted Access

-This module provides SSH access for the AI worker (hermes-agent) to run docker commands on the host.
+This module provides SSH access for the AI worker (hermes-agent) to run ollama benchmarks on the host.

 ## Security Model

-### Overview
-
-The `ai-worker` user has **no direct docker group access**. All docker commands must go through `sudo`, and only specific subcommands are whitelisted:
-
- **Container lifecycle**: `docker ps`, `docker inspect`, `docker logs`, `docker images`, `docker info`, `docker version`, `docker stats`
- **Control**: `docker start`, `docker stop`, `docker restart`, `docker rm`, `docker rmi`, `docker wait`
- **Image management**: `docker pull`, `docker build`, `docker run`, `docker compose`
- **Disk cleanup**: `docker system`
- **Network/Volume**: `docker network ls`, `docker volume ls` (read-only)
-
-### EXPLICITLY BLOCKED (not in sudo whitelist)
-
-| Command | Risk | Result |
-|---------|------|--------|
-| `docker exec` | Execute arbitrary commands inside containers (FILE MODIFICATION) | Blocked by sudo |
-| `docker cp` | Copy files between containers and host | Blocked by sudo |
-| `docker commit` | Create images from running containers (data exfil) | Blocked by sudo |
-| `docker diff` | Inspect filesystem changes | Blocked by sudo |
-| `docker export` | Export container filesystem | Blocked by sudo |
-| `docker import` | Import filesystem archives | Blocked by sudo |
-| `docker load` | Load docker images | Blocked by sudo |
-| `docker save` | Save docker images to tar | Blocked by sudo |
-| `docker attach` | Interactive access to containers | Blocked by sudo |
-| `docker push` | Push images to registries | Blocked by sudo |
-| `docker tag` | Rename images | Blocked by sudo |
-
-### Why This Approach?
-
-Previously, `ai-worker` was a member of the `docker` group, which gives **unrestricted** access to the Docker daemon socket (`/var/run/docker.sock`). Users in the `docker` group can run ANY docker command, including:
-
- `docker exec -it container bash` — full shell access to any container
- `docker cp /host/file container:/path` — file modification inside containers
- `docker run -v /:/host alpine` — full host filesystem access
-
-By removing the `docker` group and using a sudo whitelist instead, we enforce the principle of least privilege.
+The `ai-worker` user has:

 ### Filesystem Access
 - **Home directory**: `/home/ai-worker` (standard user home)
@@ -46,33 +12,51 @@ By removing the `docker` group and using a sudo whitelist instead, we enforce th
 - **Cannot access**: Any files outside standard system paths

 ### Sudo Access
- **Restricted**: ai-worker has `NOPASSWD` access only to whitelisted commands
+- **NONE**: ai-worker has no sudo privileges
 - Cannot run `nh`, `nixos-rebuild`, `nixpkgs-fmt`, or `nix` with elevated permissions

-## Workflow: SSH + Restricted Docker
+### Docker Access
+- Member of `docker` group - can run `docker` and `docker exec` commands
+- Primary use: `docker exec ollama ollama ...` for benchmarking
+- Can run `docker exec --privileged ollama rocm-smi ...` for VRAM monitoring

-All docker commands must be prefixed with `sudo`:
+## Workflow: SSH + Docker Benchmarking
+
+The AI worker connects from the Hermes container to the host via SSH, runs ollama benchmarks, then returns to save results.
+
+### Example Workflow

 ```bash
 # From Hermes container, SSH to host
 ssh -i /path/to/ssh/key ai-worker@host.docker.internal

-# Check container status (works)
-sudo docker ps
+# On host, run ollama benchmarks via docker
+docker exec ollama ollama pull devstral-small-2:24b

-# Restart a container (works)
-sudo docker restart ollama
+# Create test modelfile
+docker exec ollama bash -c 'cat <<EOF > /root/.ollama/test.modelfile
+FROM devstral-small-2:24b
+PARAMETER num_ctx 65536
+PARAMETER num_gpu 99
+PARAMETER flash_attn true
+EOF'

-# Run benchmark (works - docker run is allowed)
-sudo docker run --rm alpine echo "test"
+# Create and test model
+docker exec ollama ollama create test-model -f /root/.ollama/test.modelfile
+docker exec ollama ollama run test-model "Write a Python async function"

-# ANY of these will FAIL (not in whitelist):
-sudo docker exec ollama ollama list          # FAILS - docker exec blocked
-sudo docker cp file.txt container:/path/     # FAILS - docker cp blocked
-sudo docker commit container new-image       # FAILS - docker commit blocked
+# Check VRAM usage
+docker exec --privileged ollama rocm-smi --showmeminfo vram

-# For ollama operations, use the HTTP API instead of docker exec:
-curl http://ollama:11434/api/tags
+# Cleanup
+docker exec ollama ollama rm test-model
+
+# Exit SSH, return to Hermes container
+exit
+
+# Save results in Hermes container
+# /opt/data/ai-optimizer/state.json
+# /opt/data/ai-optimizer/results.csv
 ```

 ## SSH Access
@@ -90,30 +74,25 @@ Check ai-worker permissions:
 ```bash
 # On the host, as root or gortium:
 sudo -u ai-worker sudo -l
-# Should show the whitelisted commands only (no docker exec/cp/commit)
+# Should show: no sudo access

-# Verify NOT in docker group
+# Check docker group membership
 groups ai-worker
-# Should show: ai-worker (NO docker group)
+# Should show: ai-worker docker
 ```

 ## Troubleshooting

-If docker commands fail:
-
+If ai-worker cannot run docker commands:
 ```bash
-# Check sudo permissions
-sudo -u ai-worker sudo -l | grep docker
-
-# Verify group membership
+# Check docker group membership
 groups ai-worker

-# Test allowed command
-sudo -u ai-worker sudo docker ps
+# Verify ollama container is running
+docker ps | grep ollama

-# Test blocked command (should fail)
-sudo -u ai-worker sudo docker exec ollama ollama list
-# Expected: "Sorry, user ai-worker is not allowed to execute"
+# Test docker access
+sudo -u ai-worker docker exec ollama ollama list
 ```

 If SSH connection fails:
--- a/modules/nixos/security/ai-worker-restricted.nix
+++ b/modules/nixos/security/ai-worker-restricted.nix
@@ -6,19 +6,12 @@ with lib;
  options.services.aiWorkerAccess = mkOption {
    type = types.bool;
    default = false;
-    description = "Enable AI worker SSH access with restricted sudo docker commands";
+    description = "Enable AI worker SSH access with docker group membership for ollama benchmarking";
  };

  config = mkIf config.services.aiWorkerAccess {
-    # SECURITY: ai-worker is NOT added to docker group.
-    # Docker access is granted via sudo whitelist in users/ai-worker.nix.
-    # This prevents unrestricted docker daemon access (docker exec, cp, commit, etc.)
-    # Only specific docker subcommands are allowed via sudo NOPASSWD rules.
-    
-    # The old approach (docker group membership) has been removed because:
-    # - Docker group gives UNRESTRICTED access to the docker daemon socket
-    # - No way to limit which docker subcommands a docker group member can run
-    # - Allowed: docker exec, docker cp, docker run -v /:/host, etc.
-    # users.groups.docker.members = [ "ai-worker" ];  // REMOVED
+    # ai-worker is member of docker group - can run docker commands via SSH
+    # No bind mounts, no sudo access - docker-only for ollama benchmarking
+    users.groups.docker.members = [ "ai-worker" ];
  };
 }
--- a/secrets/containers.env.age
+++ b/secrets/containers.env.age
@@ -1,36 +1,36 @@
 -----BEGIN AGE ENCRYPTED FILE-----
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEdoTUQ4QSBWNEpt
-cGFNeVBBaDRqb3pLSEZGQW0wb3VmVnBoZCswUFkzbnBLUnJ0QTNrClRqVkk4RUVO
-d29KYjd5YUcwankvaTFmVHUxQVpDT2ZYWHRaY3JXTUtQMU0KLT4gKXBtQ3UsXi1n
-cmVhc2UgNnwxYCBXVyA/KCQmIHt9NAo3OTZVUHR2UXkvaEFwY0ZBdEJsaFpsbHJ0
-cklKcDVHcEdWMEdPSkpnN0FiRU43RW5hUWFMdjR3WFRRSFBLSGlmClM3cTNJWlNM
-TExkdHdXUHJISkNIaE1TTUxUc1NUWkV1a09HeFU3bVZwQXMKLS0tIGhOcXFTUElS
-azJJNnEreUhMWTJBaVZGSTJPRUFqQkVYS01KRENUVVpZSDgK8+8onFejroBo7MeO
-dW+so4lOsq4zJKn3f0cxmCFg1f0X8zt6h4Uc3A5Cvr1uU+6yw1FWmJ7xa3jJz3lO
-EEaKQJXYC+xIIKGcA7qILa0SFp4a/4OuYjcg27HrlPhg7u5wDhQrd0LdVEe1Xngp
-ZivX7P7HwIna3X8C+TL+K2v/AG2N/z86cdKfRvxyMKNbHhYw+CfHEnWgh8tJ++4h
-G9evNniuNqte6cQaRe7jODfPNW4FuY/Sb7barlJ/M9iAQdYAdyLAzU1LABeHeUfD
-wtHjxy9DUZ55Vg8bB8M2JJU9MkoRT4ewiVd9LeC1GWeVmKsm93wsmrov714i7U2j
-wHtDkjqEF2MmzuQc18sjNaAHiwz8j6o5xU2L/Q4+Q707yISWG7RGZYh389Cr1rnw
-siUq/Vunqw2wk13+J/4vu9nqt5mMktBaCtp+QiWIurjwB5LUAyChrSm+dg5lb0Mt
-UhSc0lq1+E3vxAXM2Hmk+vP86VD+6WJvAU82VFApF1s6zG2FU1/AcOVVf54nan/q
-f+rgSFfASHQCYSblUJHyEtwLNsWEmTGmOEn1buUKD/H0zatPQnc0rYpjlx2V0Sjd
-6yB5+wPrZ0AkN1pjcsPKOv8Kaog2DzqIjib+SaSTaRxWHQEb9uzvaReAcYI5HOpE
-gkC040HN33BItATbo4+hz70Im8Ni/VXD+g6yzM6Hj1hJL+PinTKeg5keQRFIZjMx
-grzievB2wVBBgLgN3qMdTFmpplaL7iL702JjXZUTTK9Izp+9wiCsV1fTa53FWDht
-ylFL5SWElqXjK+QBXxAe+Jk6VQov5HI21YDXL67S554ABeRok23wxrQ31TCI4xq9
-PQV7VtNRjyVud7S29m3OwpWOsgTZhn+JclHj2v4bNJzJkJnZRTmcvGPktzRI5+R4
-e5vxVhGnJDzI71txaHl8+xS1lu9VzCQUrxX6TXyTRV4KjIOz0g06JOBgmBRBvJca
-7MZbC65xpisl/gyLRbgkVga3t94dPV+dpZsn8eq6427IyRbKslJefatggR9//c6I
-5N5fl0fR3gJQMB+HRbipBH2YsdbdWJyb4Nn6STZxIfrqoG/xC6C1raF0xK7hUx6i
-4DUDSPohM8fOIswQPfE+FH3eygfzu/Ln5+ghsgHTEhgFvmgMvyxaAt6kHIzIUhMX
-M3dASr4VPDpIXuXsRWwYLEifhzxsuvwVxfwtsnCaR6XKijsYECWGDdYOWHdleeqx
-wDPhxEesfFVhKxhrKY9Ir8k9/FFBKQU/3GjW4+SMAg5Al1YEzxshP9vKuVcsei7W
-JDwAwotNXaCm6NBckiyZJE53ou6+gckPY7V9cOfnuH74Z9ywkFzB3HW3ZlonaGyM
-oGmLGcccavFtyhg5s/As4i6X8ARIpDiwe59Pn3GNXMctySqIrrr2ogUoXgrfFCie
-6GOTdeMW7GeOSdJUxCofghlspS/nq01Og77VI/beWYrIwLubSka6Zaltww9zgObk
-/FGEMgFkEpq7iyCvYSPA8F46pJKvnMP3S84AWCPmcTcHeg4lwGPvs6btexXBGdoz
-nkCyq7wdH5Nngm7jUbl88LtaLZPAQkuqXphBVTnrF9Ofbnb4iRZ2Op4xpx9rGyvx
-mO6UEhL6V1i2YZFNkNMg/W8aoMiUgBdqbkxaxblT9L0aNdlFU9+LbWYolURVEadd
-Qjv0Z1gMA+tsuBbVszwsMfneZ5+B9Q==
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEdoTUQ4QSBMcVY2
+eWRnb05sMEZVZUpicGVYN2ZSUm1mUmVsdUsrSHR4c2I2SXVRWDF3CnlhUkxoeEx5
+M1NNcGR3bmx6ZW5RaHU3L2l4WEowdWYzQk0xa3E4ZUtwNkkKLT4gIi1ncmVhc2Ug
+SllwSzlIIEdAKltUKSBjSWpmCnljSXlZTXZBL2xuMEtma1NUNjdCM0dMNHJuVjFS
+enV5LzF1NlYzbFNURW1rTlI2aUxCRFFxK2ZJdktsTTU1ZSsKNUZiZmVQWQotLS0g
+bTVrZEdWMHFWK0Q5RzZUc09PYmlEQjNweXRxU2FETWNWTXRUVEFKUUFpdwqtUbmM
+kbnj4Q+9QlnJHuWBVu+BcWPl5HuiPUjrrxnWAuN6rFYd79H7qk9MagDB/2BAEk82
+iuQeqS0r8wAmp9bTzhbiMQEbtN96huSGA2aO9I/RoPU1jv1Upi8bNy+KX0jSsfV9
+cGFm0JsBZ4o5acq4isanC+3YkNq+IHxyDqUdwWMIHiEkR26pwndyMAaJTCBAgTN
+kmdWMK4PxR36ElY+8J0tiOv6VmGS73rVS4R/2Rdc5ICx6QO6oQQqETKYxqcmr8eD
+8dgkZVpmBF/iuw7BYZ2U/p2PZSzgEVTVqfT3VO8WQ9ii2a4dw+2QEORgISbhxzoy
+WGB0q4X33QWEYSp0FNyAG4Kc9yTphUq+hMHfNOtz3XmTZLltcVfA6XQbKwB/nDbq
+G1gAfDwdEZ5OpN2IT0S6Zc2rKKeovqdFYWgqmDWiaBfqncl9qLH37KkpKqmUSQSe
+zyriQt8nZCzVrh4EKohjeLogVBsn0tPTYqiFnV+ZFK/kOWIYWduWDJcM3zwRVjx7
+Mr5l81gFv4WRHbnQB9eynGJLZYs1lI4/X9tKRUgUj0mN20Bt80NXGNPaJ3TAkrCO
+rX0tgjsX/Sc59JTHaMOT419+ob9UtDoS7mGlxswKfyhvjzluu+EdHd0GRJ5PUsSq
+8YlKYjRonBqhC0Ju9CRuZS0pk2bh72bG9z1Gb4LcJ0pLJ6lMfmF1j4zzfzsABe5G
+0bJF3ikzNxo6Wzsf3rk45/FvMhKjkI5O3Btnfp+Vkw+iRqDMh7wiD6cczNSp+Skd
+Et43NIobiLa6O95y2YEjqSkT5T0ug1nbLkygmxwffVn6RTWgScZSfBPvOKTINAVo
+J/MU2c0DaBm4glLfm4IWaJNcEmZn8+FWG6m42WEWTMEfSeAo5XXaEb0FsK0Yqd3+
+RlE/b6a/DdoNEAQOlEPSASsoQhTVvsiEwH4Pq5G0STHtSBBIT/xJow4pa/GOiQnn
+yAFva9F7KFYWA7bjbRbv+B21bvss0T+BK9HRF+bklSzjxBNfDEWXW0GhwIiahwXW
+Fxi3BUMZcfgoLg2NkhMb3irwJUoGqQFqn68e2jTJVyUATyVgGV5mzfjDBB8thcDt
+ehuIL/Y1bUVGWZteU/JAF7z+Fb1yBO2FJqpCKIcfd+JgkWVtQKaqYGjcuzbI7ce4
+fcrRDNCse2pBO1unE7HS160rK+dMWavlrsHHZKezsvNv7TwMj1SKjCKSVr8up7TC
+NLW0I6uXGEcUBj+RNqF6frdpw/Ve1WTAkIbznMV6kZ8cTfAGhOzJ0wxHMBSQka8X
+uMatPuGywu+dvjrJXTwD0gJD/Jrd88K685ahu86nSt/DYnxIYfQhwo/oZMR7E6kN
+4NgGtYjRU0asmio6sF8D1uA2YgmxNPRw2GwTqpS2XyYaEh3B6yjqa4pJ1vfo6t/g
+aPLhMuT4qt/eKMvSiR+sTaOMNkcLWmCpY762aYk4XUZFTYAAY5XsNSAU+Hs7o/Eu
+9NSMrIrpqLAcgzr/nZZTLqswbsYtdVl5WUd9uqdQe+AhTbrkcvHibUrVgW/XU+oq
+QdHXUyfn/IByp2uE7WZpfRVhwjXg/LQJh/ogksbzrh4/anOivku+n1ouciAAgnQn
+04i6taBu+393ysMC/sp7wZkp//yAZj2SNPOTzbakG8xWoVGzbqxLCIOIE7I97KBv
+G49jiEOS42vZZXSGLxQND+N0aOqosZfQ1WKpI9XjirB8qVOt/sr6uqEIx311V+BJ
+wrdoMa9hWmDFzf3+ThqfUuHOtxxJXReL7vC4J7K8iU6nCVIGJN7axifk
 -----END AGE ENCRYPTED FILE-----
--- a/users/ai-worker.nix
+++ b/users/ai-worker.nix
@@ -4,9 +4,7 @@
    group = "ai-worker";
    home = "/home/ai-worker";
    createHome = true;
-    # SECURITY: ai-worker is NOT in the docker group.
-    # Docker access is restricted via sudo whitelist — only specific subcommands allowed.
-    # extraGroups = [ "docker" ]; — REMOVED: docker group gives unrestricted docker daemon access
+    extraGroups = [ "docker" ];
    shell = pkgs.bashInteractive;
    openssh.authorizedKeys.keys = [
      keys.users.ai-worker.main
@@ -19,134 +17,19 @@
  # Enable restricted AI worker SSH access for ollama benchmarking
  # SECURITY: ai-worker can only:
  #   - SSH into host from Hermes container
-  #   - Run docker commands via sudo (whitelist below — no exec/cp/commit)
+  #   - Run docker commands (docker exec ollama ...) via docker group
  #   - Run specific security audit commands
  #   - NO access to infra repo (no bind mount)
-  #   - NO nix/nixos-rebuild/nh commands
-  # WORKFLOW: SSH from Hermes container, run docker commands via sudo, return and save results
+  #   - NO sudo access (no nh, nixos-rebuild, nixpkgs-fmt, nix)
+  # WORKFLOW: SSH from Hermes container, run docker benchmarks, return and save results to /opt/data/ai-optimizer/
  services.aiWorkerAccess = true;
-
-  # Restricted sudo for ai-worker
-  # IMPORTANT: ai-worker is NOT in docker group. All docker access goes through sudo.
-  # Only the subcommands listed below are allowed — everything else is denied.
-  # This prevents: docker exec, docker cp, docker commit, and other file-modifying operations.
+  
+  # Restricted sudo for ai-worker - security checks only
  security.sudo.extraRules = [
    {
      users = [ "ai-worker" ];
      commands = [
-        # === Docker commands: lifecycle management (NO file modification) ===
-        # ps/inspect/logs — read-only status checks
-        {
-          command = "/run/current-system/sw/bin/docker ps";
-          options = [ "NOPASSWD" ];
-        }
-        {
-          command = "/run/current-system/sw/bin/docker inspect *";
-          options = [ "NOPASSWD" ];
-        }
-        {
-          command = "/run/current-system/sw/bin/docker logs *";
-          options = [ "NOPASSWD" ];
-        }
-        {
-          command = "/run/current-system/sw/bin/docker images";
-          options = [ "NOPASSWD" ];
-        }
-        {
-          command = "/run/current-system/sw/bin/docker info";
-          options = [ "NOPASSWD" ];
-        }
-        {
-          command = "/run/current-system/sw/bin/docker version";
-          options = [ "NOPASSWD" ];
-        }
-        {
-          command = "/run/current-system/sw/bin/docker stats *";
-          options = [ "NOPASSWD" ];
-        }
-
-        # start/stop/restart — container lifecycle
-        {
-          command = "/run/current-system/sw/bin/docker start *";
-          options = [ "NOPASSWD" ];
-        }
-        {
-          command = "/run/current-system/sw/bin/docker stop *";
-          options = [ "NOPASSWD" ];
-        }
-        {
-          command = "/run/current-system/sw/bin/docker restart *";
-          options = [ "NOPASSWD" ];
-        }
-        {
-          command = "/run/current-system/sw/bin/docker rm *";
-          options = [ "NOPASSWD" ];
-        }
-        {
-          command = "/run/current-system/sw/bin/docker rmi *";
-          options = [ "NOPASSWD" ];
-        }
-        {
-          command = "/run/current-system/sw/bin/docker wait *";
-          options = [ "NOPASSWD" ];
-        }
-
-        # pull/build/run — image management and container creation
-        {
-          command = "/run/current-system/sw/bin/docker pull *";
-          options = [ "NOPASSWD" ];
-        }
-        {
-          command = "/run/current-system/sw/bin/docker build *";
-          options = [ "NOPASSWD" ];
-        }
-        {
-          command = "/run/current-system/sw/bin/docker run *";
-          options = [ "NOPASSWD" ];
-        }
-
-        # compose — orchestration
-        {
-          command = "/run/current-system/sw/bin/docker compose *";
-          options = [ "NOPASSWD" ];
-        }
-
-        # system — disk cleanup
-        {
-          command = "/run/current-system/sw/bin/docker system *";
-          options = [ "NOPASSWD" ];
-        }
-
-        # network — list only (create/modify not needed)
-        {
-          command = "/run/current-system/sw/bin/docker network ls";
-          options = [ "NOPASSWD" ];
-        }
-
-        # volume — list only (create/modify not needed)
-        {
-          command = "/run/current-system/sw/bin/docker volume ls";
-          options = [ "NOPASSWD" ];
-        }
-
-        # === EXPLICITLY DENIED docker commands (not in whitelist — sudo rejects them) ===
-        # docker exec     — executes arbitrary commands inside running containers (FILE MODIFICATION)
-        # docker cp       — copies files between containers and host (FILE ACCESS)
-        # docker commit   — creates images from running containers (DATA EXFIL)
-        # docker diff     — inspects filesystem changes (INFO LEAK)
-        # docker export   — exports container filesystem (DATA EXFIL)
-        # docker import   — imports filesystem archives
-        # docker load     — loads docker images
-        # docker save     — saves docker images to tar (DATA EXFIL)
-        # docker attach   — attaches to running containers (INTERACTIVE ACCESS)
-        # docker push     — pushes images to registries (DATA EXFIL)
-        # docker tag      — renames images
-        # docker create   — creates containers (use 'docker run' instead)
-        # docker plugin   — manages plugins
-        # docker network create/rm — network management
-        # docker volume create/rm  — volume management
-
-        # === Firewall checks ===
+        # Firewall checks
        {
          command = "/run/wrappers/bin/sudo iptables -L -n -v";
          options = [ "NOPASSWD" ];
@@ -155,8 +38,7 @@
          command = "/run/wrappers/bin/sudo iptables -S";
          options = [ "NOPASSWD" ];
        }
-
-        # === Fail2ban status ===
+        # Fail2ban status
        {
          command = "/run/current-system/sw/bin/fail2ban-client status";
          options = [ "NOPASSWD" ];
@@ -169,8 +51,7 @@
          command = "/run/current-system/sw/bin/fail2ban-client get * banned";
          options = [ "NOPASSWD" ];
        }
-
-        # === Log inspection ===
+        # Log inspection
        {
          command = "/run/current-system/sw/bin/journalctl -t kernel -n 100";
          options = [ "NOPASSWD" ];
@@ -183,14 +64,21 @@
          command = "/run/current-system/sw/bin/journalctl -u firewall -n 50";
          options = [ "NOPASSWD" ];
        }
-
-        # === SSH config verification ===
+        # SSH config verification
        {
          command = "/run/current-system/sw/bin/sshd -T";
          options = [ "NOPASSWD" ];
        }
-
-        # === Network diagnostics ===
+        # Docker service checks
+        {
+          command = "/run/current-system/sw/bin/docker ps";
+          options = [ "NOPASSWD" ];
+        }
+        {
+          command = "/run/current-system/sw/bin/docker inspect *";
+          options = [ "NOPASSWD" ];
+        }
+        # Network diagnostics
        {
          command = "/run/current-system/sw/bin/ss -tlnp";
          options = [ "NOPASSWD" ];
Author	SHA1	Message	Date
Robert	ef7f06166b	Removed double file Some checks failed Build NixOS config / build (pull_request) Failing after 1s Details	2026-05-13 10:04:57 -04:00
Robert	e70516e78b	Added access to the secret to version control	2026-05-13 10:03:14 -04:00
Robert	ce3a327ff7	The key changed apparently? it works with that one anyway	2026-05-13 10:01:58 -04:00
Robert	af38655170	Adding the runner key Some checks failed Build NixOS config / build (pull_request) Failing after 55s Details	2026-05-10 22:23:29 -04:00
Hermes	dcf5ac6b5e	fix: use nixos-builder label for NixOS CI	2026-05-10 22:15:53 -04:00
Hermes	d78de94f94	feat: add NixOS build CI for infra PRs	2026-05-10 22:15:02 -04:00