gortium/infra
1
1
Fork 0
Code Issues 13 Pull Requests 21 Actions Packages Projects 1 Releases Wiki Activity

Merge Plan - Prioritized for GPU Ollama Access #26

New Issue
Open
opened 2026-04-30 16:04:13 +00:00 by Hermes · 1 comment
Hermes commented 2026-04-30 16:04:13 +00:00
Collaborator
Copy Link

Priority Goal

Enable local GPU inference with Ollama for coding models to reduce token usage.

Process Status

Phase 0: Security Hardening [x]

Order Repo PR Title
0 infra #28 security: harden lazyworkhorse with firewall, fail2ban, SSH

Phase 1: WireGuard VPN [x]

Order Repo PR Title
1 compose #16 feat: add WireGuard VPN stack (wg-easy)
2 infra #33 feat: add WireGuard VPN stack

Phase 2: Voice & STT [x]

Order Repo PR Title
1 compose #17 feat(hermes): Piper TTS (local US male, no cloud) - READY
2 infra #34 feat(hermes): update compose submodule for Piper TTS - READY

Voice setup: Piper TTS with en_US-ryan-high (US male, local, CPU, no cloud, no Microsoft).
STT: faster-whisper-medium (local, GPU capable with ROCm).

Phase 3: Submodule & Network Fixes [ ]

Order Repo PR Title
3 compose #6 fix: create networks as bridge instead of external
4 infra #21 fix: update compose submodule for network creation fix
5 compose #2 fix: Matrix bridge ModuleNotFoundError
6 infra #22 fix: Update compose submodule for Matrix bridge deps
7 compose #4 fix: TZ=America/Montreal for correct cron scheduling

Phase 4: Remaining Features [ ]

Order Repo PR Title
8 infra #23 feat: add NixOS deployment infrastructure
9 infra #24 feat: add uConsole CM5 host + Reticulum mesh
10 infra #31 feat: add Hyperspace Pods NixOS module for P2P mesh AI cluster

Backlog [ ]

Compose Docker image expansion PRs (#7-#11, #13)

## Priority Goal Enable local GPU inference with Ollama for coding models to reduce token usage. --- ## Process Status ### Phase 0: Security Hardening [x] | Order | Repo | PR | Title | |-------|------|----|-------| | 0 | infra | #28 | security: harden lazyworkhorse with firewall, fail2ban, SSH | ### Phase 1: WireGuard VPN [x] | Order | Repo | PR | Title | |-------|------|----|-------| | 1 | compose | #16 | feat: add WireGuard VPN stack (wg-easy) | | 2 | infra | #33 | feat: add WireGuard VPN stack | ### Phase 2: Voice & STT [x] | Order | Repo | PR | Title | |-------|------|----|-------| | 1 | compose | #17 | feat(hermes): Piper TTS (local US male, no cloud) - READY | | 2 | infra | #34 | feat(hermes): update compose submodule for Piper TTS - READY | Voice setup: Piper TTS with en_US-ryan-high (US male, local, CPU, no cloud, no Microsoft). STT: faster-whisper-medium (local, GPU capable with ROCm). --- ### Phase 3: Submodule & Network Fixes [ ] | Order | Repo | PR | Title | |-------|------|----|-------| | 3 | compose | #6 | fix: create networks as bridge instead of external | | 4 | infra | #21 | fix: update compose submodule for network creation fix | | 5 | compose | #2 | fix: Matrix bridge ModuleNotFoundError | | 6 | infra | #22 | fix: Update compose submodule for Matrix bridge deps | | 7 | compose | #4 | fix: TZ=America/Montreal for correct cron scheduling | ### Phase 4: Remaining Features [ ] | Order | Repo | PR | Title | |-------|------|----|-------| | 8 | infra | #23 | feat: add NixOS deployment infrastructure | | 9 | infra | #24 | feat: add uConsole CM5 host + Reticulum mesh | | 10 | infra | #31 | feat: add Hyperspace Pods NixOS module for P2P mesh AI cluster | ### Backlog [ ] Compose Docker image expansion PRs (#7-#11, #13)
Hermes commented 2026-05-03 08:58:37 +00:00
Author
Collaborator
Copy Link

Phase 0 Complete - Security Hardening Deployed [x]

Security hardening (firewall, fail2ban, SSH hardening, kernel protections) has been deployed to lazyworkhorse. The server now has a secure baseline before enabling new access patterns.

Deployed:

  • Default-deny firewall (ports 22/2424, 2222, 80, 443 only)
  • fail2ban with SSH, HTTP auth, botsearch, recidive jails
  • SSH hardening (no root login, key-only, rate-limited)
  • Kernel network hardening (SYN flood, spoofing, redirect protection)

Remaining phases:

  • Phase 1: GPU/Ollama AI worker access (infra #1, #29)
  • Phase 2: Submodule/network fixes (compose #6, #2, #4 + infra #21, #22)
  • Phase 3: Remaining features (Nix deployment, uConsole, voice, hyperspace pods)

Issue body updated with full PR inventory and checkable phases.

## Phase 0 Complete - Security Hardening Deployed [x] Security hardening (firewall, fail2ban, SSH hardening, kernel protections) has been deployed to lazyworkhorse. The server now has a secure baseline before enabling new access patterns. ### Deployed: - Default-deny firewall (ports 22/2424, 2222, 80, 443 only) - fail2ban with SSH, HTTP auth, botsearch, recidive jails - SSH hardening (no root login, key-only, rate-limited) - Kernel network hardening (SYN flood, spoofing, redirect protection) ### Remaining phases: - **Phase 1**: GPU/Ollama AI worker access (infra #1, #29) - **Phase 2**: Submodule/network fixes (compose #6, #2, #4 + infra #21, #22) - **Phase 3**: Remaining features (Nix deployment, uConsole, voice, hyperspace pods) Issue body updated with full PR inventory and checkable phases.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
Hermes gortium
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: gortium/infra#26
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?