infra

gortium/infra

Fork 0

Commit Graph

Select branches

Hide Pull Requests

ai-worker-restricted-access

docs/merge-priority-order

feat/add-paperclip-agent-orchestrator

feat/add-uconsole-host

feat/compose-submodule-v2

feat/docker-add-chromium-browser-deps

feat/docker-add-curl-poppler-imagemagick

feat/docker-add-latex-stack

feat/docker-add-qemu-cross-compilation

feat/hermes-fork-dockerfile

feat/hermes-voice-gpu-support

feat/hermes-workers

feat/hermes-workspace

feat/hermes-workspace-combined

feat/hyperspace-pods-module

feat/k3s-pod-cluster

feat/kvm-libvirt

feat/nix-deployment-v2

feat/nixos-ci

feat/nixos-ci-workflow

feat/restrict-docker-blacklist

feat/restrict-docker-commands-for-ai-worker

feat/rollback-sentinel-on-fresh-branch

feat/syncthing-org-sync

feat/uconsole-cm5-v2

feat/uconsole-cm5-v3

feat/update-compose-submodule-custom-tools

feat/ups-config

feat/wireguard-vpn

feat/worldmonitor

feature/server-hardening-clean

fix/backup-network-v2

fix/backup-submodule-update

fix/hermes-matrix-deps-venv-persist

fix/honcho-vector-dim-empty

fix/matrix-bridge-v2

fix/update-compose-submodule-matrix-bridge

fix/vpn-iptables-nft-upstream

fix/vpn-iptables-nft-v2

fix/vpn-iptables-nft-v3

fix/wg-easy-iptables-nft

home_manager

kvm-pr

kvm-pr-consolidate

master

#1

#10

#11

#12

#13

#17

#18

#19

#2

#20

#21

#22

#23

#24

#25

#27

#28

#29

#3

#30

#31

#33

#34

#35

#36

#37

#38

#39

#40

#41

#42

#43

#44

#45

#46

#47

#48

#5

#51

#52

#53

#54

#56

#57

#59

#6

#61

#63

#64

#65

#67

#68

#69

#7

#70

#71

#8

#9

0bb0a270e6 fix: update compose submodule for clean Piper Dockerfile Hermes Agent 2026-05-09 13:42:02 +00:00
41256ccbde fix: update compose submodule for Piper TTS (replaces Coqui/ROCm) Hermes Agent 2026-05-09 13:24:17 +00:00
e551f0e5c5 feat: update compose submodule for ROCm + Coqui TTS Dockerfile Hermes Agent 2026-05-09 04:10:05 +00:00
b11d599f37 fix: update compose submodule for simplified Dockerfile Hermes Agent 2026-05-09 02:38:41 +00:00
782f2fa9ed feat(hermes): update compose submodule for ROCm GPU voice STT support Hermes Agent 2026-05-09 00:22:08 +00:00
2e14069584 Merge pull request 'feat: add WireGuard VPN stack' (#33) from feat/wireguard-vpn into master Thierry Pouplier 2026-05-09 00:13:36 +00:00
c53460c400 fix: remove dns option from wireguard config (not a valid nixos option) feat/wireguard-vpn Hermes Agent 2026-05-05 03:26:17 +00:00
ee96593e3d Merge branch 'feat/wireguard-vpn' of ssh://code.lazyworkhorse.net:2222/gortium/infra into feat/wireguard-vpn Robert 2026-05-04 23:22:35 -04:00
030125ab01 Added wireguard pass Robert 2026-05-04 23:21:36 -04:00
5935747902 Security fixes Robert 2026-05-04 23:20:57 -04:00
9ae0f6ad62 Submodule update Robert 2026-05-04 23:20:03 -04:00
5c481d664a fix: split tunnel on host VPN - only route 10.8.0.0/24 Hermes Agent 2026-05-05 02:41:29 +00:00
94a7c7195a fix: remove exposed keys from comments Hermes Agent 2026-05-05 02:12:55 +00:00
cf279c4fb0 feat: add host-level WireGuard client via networking.wireguard Hermes Agent 2026-05-05 02:11:41 +00:00
b9289a149d chore: update compose submodule for Hermes NET_ADMIN + WireGuard Dockerfile Hermes Agent 2026-05-05 01:48:24 +00:00
e0068260cb chore: move Hermes Dockerfile to compose repo, add WireGuard tools Hermes Agent 2026-05-05 01:43:42 +00:00
a42b2ff65d chore: update compose submodule to wireguard-vpn (fix ref) Hermes Agent 2026-05-05 01:21:34 +00:00
92bcf1cc04 chore: update compose submodule to wireguard-vpn Hermes Agent 2026-05-05 01:21:19 +00:00
7d0b72a513 chore: update compose submodule to linuxserver/wireguard Hermes Agent 2026-05-05 01:18:13 +00:00
48245518a1 fix: load iptables kernel modules for WireGuard NAT Hermes Agent 2026-05-05 01:17:14 +00:00
1673a56439 feat: add WireGuard VPN stack Hermes Agent 2026-05-04 22:49:06 +00:00
7d3d072961 Merge branch 'master' into ai-worker-restricted-access Robert 2026-05-03 05:28:39 -04:00
4cceab05d0 Merge pull request 'security: harden lazyworkhorse with firewall, fail2ban, SSH hardening' (#28) from feature/server-hardening-clean into master Thierry Pouplier 2026-05-03 09:11:56 +00:00
f4b666284a feat: add Hyperspace Pods NixOS module and enable on lazyworkhorse feat/k3s-pod-cluster Hermes Agent 2026-05-02 15:36:15 +00:00
815ca3afa6 chore: update compose submodule to traefik logging branch Hermes Agent 2026-05-01 03:08:21 +00:00
e983775c04 docs: add merge priority order with security hardening as #1 priority Hermes Agent 2026-04-30 18:37:04 +00:00
bcebf18676 fix: move filter into jail settings (NixOS submodule doesn't pass string filters) feature/server-hardening-clean Hermes Agent 2026-05-01 11:59:33 +00:00
0370d784a0 fix: http-botsearch logpath must be string, not list Hermes Agent 2026-05-01 04:02:06 +00:00
260b2d2756 fix: restructure fail2ban jails per NixOS module - recidive in jails, settings attr, str bantime Hermes Agent 2026-05-01 03:59:32 +00:00
2477acdfc7 fix: services.fail2ban top-level options - no findtime, maxretry lowercase Hermes Agent 2026-05-01 03:57:21 +00:00
81c25d3f20 fix: use security.auditd instead of services.auditd Hermes Agent 2026-05-01 03:55:09 +00:00
9b1f467db9 fix: remove invalid networking.firewall.defaultAllow option Hermes Agent 2026-05-01 03:52:57 +00:00
65fa778b2b fix: add custom traefik fail2ban filters for http-auth and http-botsearch jails Hermes Agent 2026-05-01 03:03:08 +00:00
5d3bbe99f3 chore: update compose submodule for traefik access logs Hermes Agent 2026-05-01 03:33:34 +00:00
bcf5cadaa0 olllama template fix to remove currenttime Robert 2026-04-30 21:54:47 -04:00
25404466bb docs: add merge priority order with security hardening as #1 priority docs/merge-priority-order Hermes Agent 2026-04-30 18:37:04 +00:00
3e04ccc1e8 security: remove deployment commands from ai-worker sudo rules Hermes Agent 2026-04-30 17:36:13 +00:00
21bd4bb283 security: add restricted sudo for ai-worker with security audit commands Hermes Agent 2026-04-30 17:33:05 +00:00
7994aad8d8 security: harden lazyworkhorse with firewall, fail2ban, SSH hardening Hermes Agent 2026-04-30 17:07:10 +00:00
bb64234223 fix: keep root user in Dockerfile (match upstream image) feat/hermes-voice-gpu-support Hermes Agent 2026-04-30 15:14:35 +00:00
9fbfc1dc51 feat(hermes): add Dockerfile for voice support with GPU STT Hermes Agent 2026-04-30 15:12:03 +00:00
7e3afe6630 feat(hermes): add voice support with GPU-accelerated STT Hermes Agent 2026-04-30 15:10:10 +00:00
568e0006de fix: correct sha256 hashes for Reticulum packages feat/uconsole-cm5-v2 Hermes Agent 2026-04-29 20:42:05 +00:00
8325cf27b6 feat(uconsole): add Reticulum network stack packages Hermes Agent 2026-04-29 20:22:50 +00:00
f54a922b8b feat: add uConsole CM5 host configuration Hermes Agent 2026-04-29 17:26:33 +00:00
8b004c47b9 feat: add NixOS deployment infrastructure Hermes Agent 2026-04-29 18:56:36 +00:00
61a93a2464 update compose submodule to fix/matrix-bridge-dependencies (mautrix fix) fix/matrix-bridge-v2 Hermes Agent 2026-04-29 03:35:12 +00:00
3bcf286476 fix: Update compose submodule for Matrix bridge dependencies Hermes Agent 2026-04-29 02:24:47 +00:00
946181063f fix: update compose submodule for network creation fix fix/backup-network-v2 Hermes Agent 2026-04-29 18:44:04 +00:00
29c1a69592 feat(docker): add QEMU cross-compilation support feat/docker-add-qemu-cross-compilation Hermes Agent 2026-04-29 21:00:44 +00:00
9eb9193dd2 feat(docker): add LaTeX typesetting stack feat/docker-add-latex-stack Hermes Agent 2026-04-29 21:00:05 +00:00
18c2322a8e feat(docker): add chromium browser automation support feat/docker-add-chromium-browser-deps Hermes Agent 2026-04-29 20:58:14 +00:00
420109b3ad feat(docker): add hermes agent Dockerfile with curl, poppler-utils, imagemagick feat/docker-add-curl-poppler-imagemagick Hermes Agent 2026-04-29 20:56:43 +00:00
f0e21d95e4 fix: ai-worker docker-only access for ollama benchmarking Hermes Agent 2026-04-29 19:55:19 +00:00
0c5e556aa8 feat: add uConsole CM5 host configuration feat/add-uconsole-host Hermes Agent 2026-04-29 17:26:33 +00:00
30f8ca3863 Add AI model optimizer cron job draft and initial state files Hermes Agent 2026-04-28 17:19:45 +00:00
18df45819d Add restricted AI worker access with deployment capabilities Hermes Agent 2026-04-28 15:34:38 +00:00
7efba3ac5b Compose update Thierry Pouplier 2026-04-27 06:10:47 -04:00
cf1373cd68 Forced restart for docker services Robert 2026-04-27 06:02:25 -04:00
bc875ef9fb feat: isolate docker networks and add cyt-pi remote node config Robert 2026-04-06 19:14:57 -04:00
c579b07843 fix: read gateway token from secret file via bash Robert 2026-04-04 17:49:39 -04:00
d3f50cdadc fix: always restart node service on exit Robert 2026-04-04 17:43:03 -04:00
8aa85e62e5 feat: add openclaw CLI to system packages Robert 2026-04-04 17:23:15 -04:00
b9cf8a47f7 fix: set openclaw secret group to ai-worker Robert 2026-04-04 17:15:24 -04:00
2e749228bb fix: set correct working directory and create home for ai-worker Robert 2026-04-04 17:07:13 -04:00
ce20fad4d3 fix: enable flake-self-attrs for lix compatibility Robert 2026-04-04 16:54:10 -04:00
401b23ce46 feat: add openclaw node service and migrate to lix Robert 2026-04-04 16:26:33 -04:00
13dbf18f67 Progress dump before ai agent Thierry Pouplier 2026-04-04 04:57:47 -04:00
58f7dd65f1 feat(05-01): OpenTAKServer selected for TAK server implementation Thierry Pouplier 2026-01-01 18:25:30 -05:00
a4390fabcc Remove Phase 5 (TAK Server Integration) from roadmap Thierry Pouplier 2026-01-01 16:03:49 -05:00
bb40ded253 feat(04-02): Web search capabilities through MCP servers tested and integrated Thierry Pouplier 2026-01-01 14:38:02 -05:00
0845262c05 style: format Nix files after modifications Thierry Pouplier 2026-01-01 14:32:17 -05:00
b59f8952ac feat(4-2): Test and document web search capabilities through MCP servers Thierry Pouplier 2026-01-01 14:30:42 -05:00
515fe8a830 chore: update roadmap with Phase 4.1 for commit organization Thierry Pouplier 2026-01-01 02:25:46 -05:00
056c39aa71 chore: update flake imports and infrastructure secrets Thierry Pouplier 2026-01-01 02:25:40 -05:00
71dfd04108 chore: add n8n-worker user and update authentication configuration Thierry Pouplier 2026-01-01 02:25:34 -05:00
d92e1426ba chore: update service modules and remove deprecated systemd services Thierry Pouplier 2026-01-01 02:25:25 -05:00
9531bff929 chore: enhance system configuration with hardware sensors, GPU support, and security Thierry Pouplier 2026-01-01 02:25:11 -05:00
0b4e9e092d chore: add docker stack integration with improved service management Thierry Pouplier 2026-01-01 02:25:05 -05:00
46ac5a72d0 docs: finalize roadmap - removed phase 4, focus on MCP and TAK Thierry Pouplier 2026-01-01 02:07:22 -05:00
b77de4e384 docs: update roadmap - completed phases 1-3, added phases 4-6 Thierry Pouplier 2026-01-01 02:03:55 -05:00
85fd05c6cf docs: initialize NixOS Infrastructure with AI Assistant (4 phases) Thierry Pouplier 2026-01-01 01:47:43 -05:00
b54760f62b docs: initialize NixOS infrastructure with AI assistant Thierry Pouplier 2026-01-01 01:36:58 -05:00
1210a44ecc Commented graphic drivers. longer janitor time. Thierry Pouplier 2025-12-27 17:17:16 -05:00
e2b040e5f0 Simpler path copy for compose files Thierry Pouplier 2025-12-27 17:14:22 -05:00
f5b3a04378 Added amd driver, rocm Thierry Pouplier 2025-08-31 20:23:43 -04:00
a4c5a10c4f Forgot these.. Thierry Pouplier 2025-08-31 16:52:04 -04:00
b8a8e1bdce Still trying to fix secret keys... Thierry Pouplier 2025-08-31 16:50:26 -04:00
40a48eb605 Rekey the secret Thierry Pouplier 2025-08-31 16:30:07 -04:00
266f563c2f Fixed host ssh key Thierry Pouplier 2025-08-31 16:19:39 -04:00
869d3957b5 Merge branch 'master' into home_manager home_manager Thierry Pouplier 2025-08-24 22:26:12 -04:00
a49c4f40e5 Merge branch 'master' of ssh://code.lazyworkhorse.net:2222/gortium/infra Thierry Pouplier 2025-08-24 19:33:44 -04:00
a8851c19e4 Working bootstrap key Thierry Pouplier 2025-08-24 19:02:42 -04:00
3497d93dcb Added a bootstrap key Thierry Pouplier 2025-08-19 18:00:09 -04:00
2eaffa8cfb WIP on home manager Thierry Pouplier 2025-08-19 17:32:38 -04:00
955c3255a0 WIP on host ssh key. broken. Thierry Pouplier 2025-08-17 17:26:59 -04:00
6b367a7c95 WIP on fan control Thierry Pouplier 2025-08-15 21:15:59 -04:00
02155976ab Enable ssd health and zfs snapshot Thierry Pouplier 2025-08-15 21:11:22 -04:00
4c7f22b903 Fixed typo Thierry Pouplier 2025-08-09 00:05:47 +00:00
f0f7c2613e Openned the gitea container port Thierry Pouplier 2025-08-08 20:00:15 -04:00