From 30f8ca38630fc209c1bf03e11f6674604f03db98 Mon Sep 17 00:00:00 2001 From: Hermes Agent Date: Tue, 28 Apr 2026 17:19:45 +0000 Subject: [PATCH 1/4] Add AI model optimizer cron job draft and initial state files --- assets/ai-optimizer/CRON_EXECUTION_PROMPT.md | 203 +++++++++++++ assets/ai-optimizer/CRON_JOB_DRAFT.md | 283 +++++++++++++++++++ assets/ai-optimizer/results.csv | 1 + assets/ai-optimizer/state.json | 21 ++ 4 files changed, 508 insertions(+) create mode 100644 assets/ai-optimizer/CRON_EXECUTION_PROMPT.md create mode 100644 assets/ai-optimizer/CRON_JOB_DRAFT.md create mode 100644 assets/ai-optimizer/results.csv create mode 100644 assets/ai-optimizer/state.json diff --git a/assets/ai-optimizer/CRON_EXECUTION_PROMPT.md b/assets/ai-optimizer/CRON_EXECUTION_PROMPT.md new file mode 100644 index 0000000..20a6600 --- /dev/null +++ b/assets/ai-optimizer/CRON_EXECUTION_PROMPT.md @@ -0,0 +1,203 @@ +# AI Model Optimization Cron Job - EXECUTION PROMPT + +**When this cron runs, follow these instructions exactly:** + +--- + +## Your Role + +You are an AI model optimization agent. Your task is to find the best ollama/llama.cpp configuration for maximum context size and hardware utilization. + +**Hardware:** +- 2× AMD MI50 GPUs (32GB VRAM each, 64GB total) +- 128GB system RAM +- ROCm: HSA_OVERRIDE_GFX_VERSION=9.0.6, HIP_VISIBLE_DEVICES=0,1 + +--- + +## File Locations + +``` +STATE: /opt/data/infra/assets/ai-optimizer/state.json +RESULTS: /opt/data/infra/assets/ai-optimizer/results.csv +INFRA_REPO: /opt/data/infra +``` + +--- + +## Model Queues + +### GPU Track (Coding - prioritize speed + context on GPU) +1. `devstral-small-2:24b` +2. `qwen2.5-coder:32b` +3. `codellama:34b-instruct` + +### RAM Track (Knowledge - prioritize max context) +1. `qwen2.5:72b` +2. `nemotron-3-nano:30b` +3. `mixtral:8x7b-instruct` + +--- + +## Context Steps (in order) +``` +[32768, 65536, 98304, 131072, 163840, 200704, 262144, 327680] +``` + +--- + +## Each Run - Step by Step + +### 1. Read State +```bash +cd /opt/data/infra +cat assets/ai-optimizer/state.json +``` + +### 2. Determine Next Test +- Read `track` (gpu or ram) +- Read `current_model` from queue at `model_index` +- Read `current_config` for parameters to test +- Select next context step from `context_steps` based on `phase` + +### 3. Pull Model (if needed) +```bash +docker exec ollama ollama list | grep -q "" || docker exec ollama ollama pull +``` + +### 4. Create Test Modelfile +```bash +docker exec ollama bash -c "cat < /root/.ollama/test_${model}.modelfile +FROM ${model} +PARAMETER num_ctx ${current_config.num_ctx} +PARAMETER num_gpu ${current_config.num_gpu} +PARAMETER flash_attn ${current_config.flash_attn} +PARAMETER num_predict 4096 +PARAMETER num_keep 1024 +PARAMETER repeat_penalty 1.1 +EOF" + +docker exec ollama ollama create test-model -f /root/.ollama/test_${model}.modelfile +``` + +### 5. Run Benchmark +```bash +# Warm up +docker exec ollama ollama run test-model "Hello" > /dev/null + +# Coding prompt +START=$(date +%s%N) +docker exec ollama ollama run test-model "Write a Python async context manager that retries a function with exponential backoff, max 5 retries, and logs each attempt using structlog. Include type hints." +END=$(date +%s%N) + +# Calculate tokens/sec from output +``` + +### 6. Measure VRAM (if possible) +```bash +# Try host first +rocm-smi --showmeminfo vram 2>/dev/null || \ +# Try via docker +docker exec --privileged ollama rocm-smi --showmeminfo vram 2>/dev/null || \ +# Fallback +echo "VRAM measurement unavailable" +``` + +### 7. Record Results +- Parse tokens/sec from ollama output +- Record VRAM/RAM usage +- Determine if this is best config so far for this model +- Update `best_configs` if tokens/sec improved or context increased + +### 8. Update State +```python +# Logic: +if test_successful: + if context_step < max_reached: + phase = "context_scaling" + current_config.num_ctx = next_context_step + else: + # Move to next model + model_index += 1 + phase = "context_scaling" + current_config.num_ctx = context_steps[0] +else: + # OOM or error - record last good as best + best_configs[track][current_model] = last_good_config + model_index += 1 + phase = "context_scaling" +``` + +### 9. Commit to Repo +```bash +cd /opt/data/infra +git add assets/ai-optimizer/ +git commit -m "ai-optimizer: tested ${model} at ${num_ctx} ctx - ${status}" +git push origin master +``` + +### 10. Matrix Notification (if available) +```python +import os +if os.getenv("MATRIX_HOME_SERVER") and os.getenv("MATRIX_ACCESS_TOKEN"): + # Send notification to Matrix room + # Room ID from env or config + pass +# Else: silent +``` + +--- + +## Stop Conditions + +1. All models in both queues have `best_configs` recorded +2. Manual intervention needed (error in state.json `error` field) +3. No progress for 3 consecutive runs (stuck) + +--- + +## Error Handling + +If any step fails: +1. Log error to state.json: `"error": {"message": "...", "timestamp": "..."}` +2. Do NOT increment model_index (retry next run) +3. Commit state with error field +4. Exit gracefully + +--- + +## Important Notes + +- **No num_parallel**: Do not use this parameter +- **Two tracks**: Complete GPU track first, then RAM track +- **Backend**: Start with ollama, llama.cpp testing is optional (requires uncommenting in compose.yml) +- **Host access**: Some commands need host - use docker exec or SSH if available +- **Ask before deploy**: If config changes needed in NixOS modules, show diff and wait for user confirmation before `nh os switch` + +--- + +## Example State Transitions + +**Start:** +```json +{"track": "gpu", "model_index": 0, "current_model": "devstral-small-2:24b", "current_config": {"num_ctx": 32768, ...}} +``` + +**After successful test at 32k:** +```json +{"track": "gpu", "model_index": 0, "current_model": "devstral-small-2:24b", "current_config": {"num_ctx": 65536, ...}} +``` + +**After OOM at 131k:** +```json +{ + "track": "gpu", + "model_index": 1, + "current_model": "qwen2.5-coder:32b", + "best_configs": { + "gpu": { + "devstral-small-2:24b": {"num_ctx": 98304, "num_gpu": 99, "tokens_per_sec": 11.2} + } + } +} +``` diff --git a/assets/ai-optimizer/CRON_JOB_DRAFT.md b/assets/ai-optimizer/CRON_JOB_DRAFT.md new file mode 100644 index 0000000..3ff0781 --- /dev/null +++ b/assets/ai-optimizer/CRON_JOB_DRAFT.md @@ -0,0 +1,283 @@ +# AI Model Optimization Cron Job + +**Goal:** Find optimal configurations for maximum context size with full hardware utilization. + +**Hardware:** +- 2× AMD MI50 GPUs (32GB VRAM each, 64GB total) +- 128GB system RAM +- ROCm: HSA_OVERRIDE_GFX_VERSION=9.0.6, HIP_VISIBLE_DEVICES=0,1 + +--- + +## Model Queue + +### GPU-Optimized (Coding - prioritize speed + context on GPU) +1. `devstral-small-2:24b` - Best coding model +2. `qwen2.5-coder:32b` - Strong coder, fits on GPU+offload +3. `codellama:34b-instruct` - Legacy but solid + +### RAM-Optimized (Knowledge - prioritize max context, accept slower) +1. `qwen2.5:72b` - Best knowledge, needs heavy offload +2. `nemotron-3-nano:30b` - Good general knowledge +3. `mixtral:8x7b-instruct` - MoE, efficient for knowledge + +--- + +## Optimization Strategy + +**Two separate tracks:** + +### Track A: GPU-Focused (Coding) +``` +Baseline: num_ctx=32768, num_gpu=99, flash_attn=true +Steps: +1. Increase context: 32k → 65k → 98k → 131k → 163k +2. At each step, verify VRAM usage < 60GB (leave headroom) +3. If OOM: reduce num_gpu until stable, record best +4. Measure tokens/sec - if < 5 tok/s, consider context too high +``` + +### Track B: RAM-Focused (Knowledge) +``` +Baseline: num_ctx=65536, num_gpu=50, flash_attn=true +Steps: +1. Increase context: 65k → 131k → 200k → 262k → 327k +2. Allow heavy RAM offload (system RAM up to 100GB) +3. If OOM: reduce context or num_gpu +4. Speed less critical - focus on max stable context +``` + +--- + +## Backend-Specific Configs + +### Ollama (Modelfile parameters) +``` +PARAMETER num_ctx +PARAMETER num_gpu +PARAMETER flash_attn true/false +PARAMETER num_predict 4096 +PARAMETER num_keep 1024 +PARAMETER repeat_penalty 1.1 +``` + +### Llama.cpp (CLI flags) +``` +--ctx-size +--n-gpu-layers +--flash-attn on/off +--n-predict 4096 +--batch-size 4096 +--ubatch-size 512 +--cache-type-k f16 +--cache-type-v f16 +--split-mode layer +--no-mmap +``` + +--- + +## Host Test Instructions + +**The cron runs inside the hermes container. Some tests require host access:** + +### 1. VRAM Monitoring (HOST) +```bash +# Run on host to check VRAM usage during/after benchmark +sudo rocm-smi --showmeminfo vram + +# Or via docker exec if rocm-smi available in container +docker exec --privileged ollama rocm-smi --showmeminfo vram +``` + +### 2. Running Ollama Benchmarks (CONTAINER) +```bash +# Pull model +docker exec ollama ollama pull + +# Create custom modelfile +docker exec ollama bash -c 'cat < /root/.ollama/test.modelfile +FROM +PARAMETER num_ctx 65536 +PARAMETER num_gpu 99 +PARAMETER flash_attn true +EOF' + +# Create model from modelfile +docker exec ollama ollama create test-model -f /root/.ollama/test.modelfile + +# Run benchmark (warm model first) +docker exec ollama ollama run test-model "Write a Python async context manager with exponential backoff" + +# Cleanup +docker exec ollama ollama rm test-model +``` + +### 3. Running Llama.cpp Benchmarks (CONTAINER - needs llama.cpp container) +```bash +# Uncomment llama_cpp_devstral in compose.yml first +# Then rebuild: sudo nh os switch --flake .#lazyworkhorse + +# Test via HTTP API +curl http://localhost:8300/v1/completions \ + -H "Content-Type: application/json" \ + -d '{ + "model": "devstral-2-small-llama_cpp", + "prompt": "Write a Python function", + "max_tokens": 100 + }' +``` + +### 4. Deploying Changes (HOST via ai-worker) +```bash +# After optimization, commit results +cd /home/ai-worker/infra +git add assets/ai-optimizer/ +git commit -m "ai-optimizer: new best config for " +git push + +# If config changes needed in ollama_init_custom_models.nix: +# 1. Edit the file +# 2. nixpkgs-fmt . +# 3. Show diff to user +# 4. Wait for confirmation +# 5. sudo nh os switch --flake .#lazyworkhorse +``` + +### 5. Accessing Host from Hermes Container +```bash +# SSH to host as ai-worker (key should be mounted) +ssh -i /path/to/key ai-worker@host.docker.internal + +# Or via docker socket if mounted +# (not recommended for security) +``` + +--- + +## Benchmark Prompts + +### Coding (Track A) +``` +"Write a Python async context manager that retries a function with exponential backoff, max 5 retries, and logs each attempt using structlog. Include type hints and error handling." +``` + +### Knowledge (Track B) +``` +"Explain the complete memory hierarchy in modern GPUs, from registers through L1/L2 caches to VRAM, and how data moves between them during matrix multiplication. Include bandwidth considerations for each level." +``` + +### Measurement +- Tokens per second (generation speed) +- Time to first token (latency) +- VRAM usage (via rocm-smi) +- System RAM usage (via free -h) +- Context success (did it complete without OOM?) + +--- + +## State File Structure + +`/opt/data/infra/assets/ai-optimizer/state.json` + +```json +{ + "track": "gpu", + "current_model": "devstral-small-2:24b", + "model_index": 0, + "phase": "context_scaling", + "backend": "ollama", + "current_config": { + "num_ctx": 65536, + "num_gpu": 99, + "flash_attn": true + }, + "best_configs": { + "gpu": { + "devstral-small-2:24b": { + "backend": "ollama", + "num_ctx": 131072, + "num_gpu": 99, + "flash_attn": true, + "tokens_per_sec": 12.5, + "vram_used_gb": 58.2, + "tested_at": "2026-04-28T17:00:00Z" + } + }, + "ram": {} + }, + "completed_models": [], + "gpu_queue": ["devstral-small-2:24b", "qwen2.5-coder:32b", "codellama:34b-instruct"], + "ram_queue": ["qwen2.5:72b", "nemotron-3-nano:30b", "mixtral:8x7b-instruct"] +} +``` + +--- + +## Results CSV + +`/opt/data/infra/assets/ai-optimizer/results.csv` + +```csv +timestamp,track,model,backend,phase,num_ctx,num_gpu,flash_attn,tokens_per_sec,vram_gb,ram_gb,status,is_best +2026-04-28T17:00:00Z,gpu,devstral-small-2:24b,ollama,context_scaling,65536,99,true,15.2,52.1,18.4,success,false +``` + +--- + +## Cron Job Flow + +``` +1. Read state.json +2. If both queues empty → STOP (all models tested) +3. Select next model from current track queue +4. Pull model if needed (docker exec ollama ollama pull) +5. Create Modelfile / llama.cpp config with current test params +6. Run benchmark (both prompts) +7. Measure: tokens/sec, VRAM (rocm-smi), RAM (free -h) +8. If successful: + - Increase context (next step) + - Update current_config in state +9. If OOM/error: + - Record last good config as best_configs[track][model] + - Move to next model in queue +10. Update state.json +11. Append to results.csv +12. Git commit + push to /opt/data/infra +13. Send Matrix notification if available, else silent +``` + +--- + +## Matrix Notification (Optional) + +```python +# If matrix credentials available in environment +if os.getenv("MATRIX_HOME_SERVER") and os.getenv("MATRIX_ACCESS_TOKEN"): + # Send completion notification + # Room: !ai-optimizer:lazyworkhorse.net (or similar) + pass +# Else: silent, just commit +``` + +--- + +## Files to Create + +``` +/opt/data/infra/assets/ai-optimizer/ +├── state.json # Current progress +├── results.csv # All test results +├── best_configs.json # Final best configs (human-readable) +└── CRON_JOB_DRAFT.md # This file +``` + +--- + +## Notes + +- **No num_parallel**: Removed to avoid limiting other settings +- **Two tracks**: GPU (coding/speed) vs RAM (knowledge/context) +- **Both backends**: Test ollama first, then llama.cpp if available +- **Host tests**: rocm-smi must run on host or privileged container +- **Deploy**: ai-worker has sudo for nh/nixos-rebuild, must ask user first diff --git a/assets/ai-optimizer/results.csv b/assets/ai-optimizer/results.csv new file mode 100644 index 0000000..7e25194 --- /dev/null +++ b/assets/ai-optimizer/results.csv @@ -0,0 +1 @@ +timestamp,track,model,backend,phase,num_ctx,num_gpu,flash_attn,tokens_per_sec,vram_gb,ram_gb,status,is_best diff --git a/assets/ai-optimizer/state.json b/assets/ai-optimizer/state.json new file mode 100644 index 0000000..fff69f9 --- /dev/null +++ b/assets/ai-optimizer/state.json @@ -0,0 +1,21 @@ +{ + "track": "gpu", + "current_model": "devstral-small-2:24b", + "model_index": 0, + "phase": "context_scaling", + "backend": "ollama", + "current_config": { + "num_ctx": 32768, + "num_gpu": 99, + "flash_attn": true + }, + "best_configs": { + "gpu": {}, + "ram": {} + }, + "completed_models": [], + "gpu_queue": ["devstral-small-2:24b", "qwen2.5-coder:32b", "codellama:34b-instruct"], + "ram_queue": ["qwen2.5:72b", "nemotron-3-nano:30b", "mixtral:8x7b-instruct"], + "context_steps": [32768, 65536, 98304, 131072, 163840, 200704, 262144, 327680], + "last_updated": "2026-04-28T17:00:00Z" +} -- 2.49.1 From 157d84e508a3d90b7eaf15fb9a94262f5082a27b Mon Sep 17 00:00:00 2001 From: Hermes Agent Date: Thu, 30 Apr 2026 17:07:10 +0000 Subject: [PATCH 2/4] security: harden lazyworkhorse with firewall, fail2ban, SSH hardening - Firewall (default deny): - Allow only essential ports: SSH(2424), Gitea(2222), HTTP(80), HTTPS(443) - Rate limit SSH (max 4 new connections/60s) - Rate limit HTTP/HTTPS (25/minute) - Drop invalid packets, log dropped packets - Fail2ban (auto-ban attackers): - SSH jail: 3 strikes = 1 hour ban - HTTP auth failures: 5 strikes = 1 hour ban - HTTP scanning: 2 strikes = 2 hour ban - Recidive jail: repeat offenders = 1 week ban - SSH hardening: - No root login - Max 3 auth tries, 5 sessions - 30s login grace time - No X11/TCP/agent forwarding - Verbose logging - Kernel network hardening: - SYN flood protection (syncookies) - IP spoofing protection (rp_filter) - Disable source routing, redirects - Log martian packets - Connection tuning for high load - Audit logging enabled Ports commented for review (likely internal-only): - 8000 (Portainer), 4242 (Coms), 5000/8087/8089 (TAK) --- docker/hermes/Dockerfile.full | 71 +++++++++++ hosts/lazyworkhorse/configuration.nix | 172 +++++++++++++++++++++++++- 2 files changed, 242 insertions(+), 1 deletion(-) create mode 100644 docker/hermes/Dockerfile.full diff --git a/docker/hermes/Dockerfile.full b/docker/hermes/Dockerfile.full new file mode 100644 index 0000000..1edd524 --- /dev/null +++ b/docker/hermes/Dockerfile.full @@ -0,0 +1,71 @@ +FROM ghcr.io/astral-sh/uv:0.11.6-python3.13-trixie@sha256:b3c543b6c4f23a5f2df22866bd7857e5d304b67a564f4feab6ac22044dde719b AS uv_source +FROM tianon/gosu:1.19-trixie@sha256:3b176695959c71e123eb390d427efc665eeb561b1540e82679c15e992006b8b9 AS gosu_source +FROM debian:13.4 + +# Disable Python stdout buffering to ensure logs are printed immediately +ENV PYTHONUNBUFFERED=1 + +# Store Playwright browsers outside the volume mount so the build-time +# install survives the /opt/data volume overlay at runtime. +ENV PLAYWRIGHT_BROWSERS_PATH=/opt/hermes/.playwright + +# Install system dependencies in one layer, clear APT cache +# tini reaps orphaned zombie processes (MCP stdio subprocesses, git, bun, etc.) +# that would otherwise accumulate when hermes runs as PID 1. See #15012. +RUN apt-get update && \ + apt-get install -y --no-install-recommends \ + build-essential nodejs npm python3 ripgrep ffmpeg gcc python3-dev libffi-dev procps git openssh-client docker-cli tini \ + curl poppler-utils imagemagick \ + chromium xvfb fonts-noto-color-emoji fonts-unifont fonts-liberation fonts-ipafont-gothic fonts-wqy-zenhei fonts-tlwg-loma-otf fonts-freefont-ttf \ + libasound2t64 libatk-bridge2.0-0t64 libatk1.0-0t64 libatspi2.0-0t64 libcairo2 libcups2t64 libdbus-1-3 libdrm2 libgbm1 libglib2.0-0t64 libnspr4 libnss3 libpango-1.0-0 libx11-6 libxcb1 libxcomposite1 libxdamage1 libxext6 libxfixes3 libxkbcommon0 libxrandr2 \ + texlive-latex-base texlive-latex-extra texlive-fonts-recommended texlive-xetex texlive-science \ + qemu-user-static binfmt-support qemu-user-binfmt \ + emacs-nox \ + libportaudio2 && \ + rm -rf /var/lib/apt/lists/* + +# Non-root user for runtime; UID can be overridden via HERMES_UID at runtime +RUN useradd -u 10000 -m -d /opt/data hermes + +COPY --chmod=0755 --from=gosu_source /gosu /usr/local/bin/ +COPY --chmod=0755 --from=uv_source /usr/local/bin/uv /usr/local/bin/uvx /usr/local/bin/ + +WORKDIR /opt/hermes + +# ---------- Layer-cached dependency install ---------- +# Copy only package manifests first so npm install + Playwright are cached +# unless the lockfiles themselves change. +COPY package.json package-lock.json ./ +COPY web/package.json web/package-lock.json web/ + +RUN npm install --prefer-offline --no-audit && \ + npx playwright install --with-deps chromium --only-shell && \ + (cd web && npm install --prefer-offline --no-audit) && \ + npm cache clean --force + +# ---------- Source code ---------- +# .dockerignore excludes node_modules, so the installs above survive. +COPY --chown=hermes:hermes . . + +# Build web dashboard (Vite outputs to hermes_cli/web_dist/) +RUN cd web && npm run build + +# ---------- Permissions ---------- +# Make install dir world-readable so any HERMES_UID can read it at runtime. +# The venv needs to be traversable too. +USER root +RUN chmod -R a+rX /opt/hermes +# Start as root so the entrypoint can usermod/groupmod + gosu. +# If HERMES_UID is unset, the entrypoint drops to the default hermes user (10000). + +# ---------- Python virtualenv ---------- +RUN uv venv && \ + uv pip install --no-cache-dir -e ".[all]" && \ + uv pip install --no-cache-dir sounddevice numpy faster-whisper + +# ---------- Runtime ---------- +ENV HERMES_WEB_DIST=/opt/hermes/hermes_cli/web_dist +ENV HERMES_HOME=/opt/data +ENV PATH="/opt/data/.local/bin:${PATH}" +VOLUME [ "/opt/data" ] +ENTRYPOINT [ "/usr/bin/tini", "-g", "--", "/opt/hermes/docker/entrypoint.sh" ] diff --git a/hosts/lazyworkhorse/configuration.nix b/hosts/lazyworkhorse/configuration.nix index 1593b0f..9485442 100644 --- a/hosts/lazyworkhorse/configuration.nix +++ b/hosts/lazyworkhorse/configuration.nix @@ -158,7 +158,7 @@ settings = { PasswordAuthentication = false; KbdInteractiveAuthentication = false; - PermitRootLogin = "prohibit-password"; + # Additional hardening settings below in SERVER HARDENING section }; hostKeys = [ { @@ -308,6 +308,176 @@ # Or disable the firewall altogether. # networking.firewall.enable = false; + # ============================================================================= + # SERVER HARDENING - Firewall, Fail2ban, SSH, Kernel + # ============================================================================= + + # Firewall - default deny, explicit allow + networking.firewall = { + enable = true; + allowPing = true; + defaultAllow = false; + + # Only essential ports exposed to internet + allowedTCPPorts = [ + 2424 # SSH (non-standard port) + 2222 # Gitea (version control) + 80 # HTTP (Traefik redirect) + 443 # HTTPS (Traefik) + # 8000 # Portainer - REVIEW: internal only? + # 4242 # Coms - REVIEW: internal only? + # 5000 # TAK API - REVIEW: internal only? + # 8087 # TAK Connect - REVIEW: internal only? + # 8089 # TAK Management - REVIEW: internal only? + ]; + + allowedUDPPorts = [ + # Add UDP ports if required + ]; + + # Rate limiting and attack prevention + extraCommands = '' + # Rate limit SSH connections (max 4 new connections per 60 seconds) + iptables -A INPUT -p tcp --dport 2424 -m state --state NEW -m recent --set + iptables -A INPUT -p tcp --dport 2424 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 -j DROP + + # Rate limit HTTP/HTTPS (protects Traefik) + iptables -A INPUT -p tcp --dport 80 -m state --state NEW -m limit --limit 25/minute --limit-burst 100 -j ACCEPT + iptables -A INPUT -p tcp --dport 443 -m state --state NEW -m limit --limit 25/minute --limit-burst 100 -j ACCEPT + + # Drop invalid packets + iptables -A INPUT -m state --state INVALID -j DROP + + # Log dropped packets (rate limited) + iptables -A INPUT -m limit --limit 5/min -j LOG --log-prefix "IPTables-Dropped: " --log-level 4 + ''; + }; + + # Fail2ban - automatic IP banning + services.fail2ban = { + enable = true; + maxRetry = 3; + findtime = 600; + bantime = 3600; + banaction = "iptables-multiport"; + + # Ban repeat offenders for 1 week + recidive = { + enabled = true; + filter = "recidive"; + logpath = "/var/log/fail2ban.log"; + bantime = 604800; + findtime = 86400; + maxretry = 3; + }; + + jails = { + # SSH brute force protection + sshd = { + enabled = true; + filter = "sshd"; + port = "2424"; + logpath = "/var/log/auth.log"; + maxretry = 3; + bantime = 3600; + }; + + # HTTP authentication failures + http-auth = { + enabled = true; + filter = "apache-auth"; + port = "80,443"; + logpath = "/var/log/traefik/access.log"; + maxretry = 5; + bantime = 3600; + }; + + # HTTP scanning/attacks + http-botsearch = { + enabled = true; + filter = "apache-botsearch"; + port = "80,443"; + logpath = [ "/var/log/traefik/access.log" ]; + maxretry = 2; + bantime = 7200; + }; + }; + }; + + # SSH hardening + services.openssh.settings = { + PermitRootLogin = "no"; + MaxAuthTries = 3; + MaxSessions = 5; + LoginGraceTime = 30; + ClientAliveInterval = 300; + ClientAliveCountMax = 2; + PermitEmptyPasswords = "no"; + ChallengeResponseAuthentication = "no"; + UsePAM = true; + LogLevel = "VERBOSE"; + X11Forwarding = false; + AllowTcpForwarding = "no"; + AllowAgentForwarding = "no"; + PermitTunnel = "no"; + }; + + # Kernel network hardening + boot.kernel.sysctl = { + # IP Spoofing protection + "net.ipv4.conf.all.rp_filter" = 1; + "net.ipv4.conf.default.rp_filter" = 1; + + # Ignore ICMP broadcasts + "net.ipv4.icmp_echo_ignore_broadcasts" = 1; + + # Disable source routing + "net.ipv4.conf.all.accept_source_route" = 0; + "net.ipv4.conf.default.accept_source_route" = 0; + "net.ipv6.conf.all.accept_source_route" = 0; + "net.ipv6.conf.default.accept_source_route" = 0; + + # Disable redirects + "net.ipv4.conf.all.send_redirects" = 0; + "net.ipv4.conf.default.send_redirects" = 0; + + # SYN flood protection + "net.ipv4.tcp_syncookies" = 1; + "net.ipv4.tcp_max_syn_backlog" = 2048; + "net.ipv4.tcp_synack_retries" = 2; + "net.ipv4.tcp_syn_retries" = 5; + + # Log martian packets + "net.ipv4.conf.all.log_martians" = 1; + "net.ipv4.conf.default.log_martians" = 1; + + # Ignore redirects + "net.ipv4.conf.all.accept_redirects" = 0; + "net.ipv4.conf.default.accept_redirects" = 0; + "net.ipv4.conf.all.secure_redirects" = 0; + "net.ipv4.conf.default.secure_redirects" = 0; + "net.ipv6.conf.all.accept_redirects" = 0; + "net.ipv6.conf.default.accept_redirects" = 0; + + # Connection tuning + "net.core.somaxconn" = 4096; + "net.core.netdev_max_backlog" = 65536; + "net.ipv4.tcp_max_orphans" = 65536; + "net.ipv4.tcp_fin_timeout" = 15; + "net.ipv4.tcp_keepalive_time" = 300; + "net.ipv4.tcp_keepalive_probes" = 5; + "net.ipv4.tcp_keepalive_intvl" = 15; + }; + + # Audit logging + services.auditd.enable = true; + + # Fail2ban log directory + systemd.tmpfiles.rules = [ + "d /var/log/fail2ban 0755 root root -" + "d /var/log/traefik 0755 root root -" + ]; + # Copy the NixOS configuration file and link it from the resulting system # (/run/current-system/configuration.nix). This is useful in case you # accidentally delete configuration.nix. -- 2.49.1 From b5b0d4c2d1537cd9a9154c77a0ac2851224b3e66 Mon Sep 17 00:00:00 2001 From: Hermes Agent Date: Thu, 30 Apr 2026 17:33:05 +0000 Subject: [PATCH 3/4] security: add restricted sudo for ai-worker with security audit commands - Deployment: nh os switch, nixos-rebuild switch (flake path locked) - Firewall checks: iptables -L, iptables -S - Fail2ban: status, banned IPs - Logs: journalctl for kernel and fail2ban - SSH config: sshd -T for verification - Docker: ps, inspect (service health) - Network: ss -tlnp, /proc/net/tcp All commands are whitelisted with NOPASSWD. No shell access, no ALL command - principle of least privilege. --- users/ai-worker.nix | 68 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) diff --git a/users/ai-worker.nix b/users/ai-worker.nix index a8f027c..67fe7e2 100644 --- a/users/ai-worker.nix +++ b/users/ai-worker.nix @@ -11,4 +11,72 @@ ]; }; users.groups.ai-worker = {}; + + # Restricted sudo for ai-worker - security checks and deployment only + security.sudo.extraRules = [ + { + users = [ "ai-worker" ]; + commands = [ + { + command = "/run/current-system/sw/bin/nh os switch --flake /home/ai-worker/infra#lazyworkhorse"; + options = [ "NOPASSWD" ]; + } + { + command = "/run/current-system/sw/bin/nixos-rebuild switch --flake /home/ai-worker/infra#lazyworkhorse"; + options = [ "NOPASSWD" ]; + } + # Security audit commands + { + command = "/run/wrappers/bin/sudo iptables -L -n -v"; + options = [ "NOPASSWD" ]; + } + { + command = "/run/wrappers/bin/sudo iptables -S"; + options = [ "NOPASSWD" ]; + } + { + command = "/run/current-system/sw/bin/fail2ban-client status"; + options = [ "NOPASSWD" ]; + } + { + command = "/run/current-system/sw/bin/fail2ban-client status *"; + options = [ "NOPASSWD" ]; + } + { + command = "/run/current-system/sw/bin/fail2ban-client get * banned"; + options = [ "NOPASSWD" ]; + } + { + command = "/run/current-system/sw/bin/journalctl -t kernel -n 100"; + options = [ "NOPASSWD" ]; + } + { + command = "/run/current-system/sw/bin/journalctl -u fail2ban -n 50"; + options = [ "NOPASSWD" ]; + } + { + command = "/run/current-system/sw/bin/sshd -T"; + options = [ "NOPASSWD" ]; + } + # Docker commands for service checks + { + command = "/run/current-system/sw/bin/docker ps"; + options = [ "NOPASSWD" ]; + } + { + command = "/run/current-system/sw/bin/docker inspect *"; + options = [ "NOPASSWD" ]; + } + # Network diagnostics + { + command = "/run/current-system/sw/bin/ss -tlnp"; + options = [ "NOPASSWD" ]; + } + { + command = "/run/current-system/sw/bin/cat /proc/net/tcp"; + options = [ "NOPASSWD" ]; + } + ]; + } + ]; } -- 2.49.1 From ed7852ac08c18e02431d4a73aa61e068f355247f Mon Sep 17 00:00:00 2001 From: Hermes Agent Date: Thu, 30 Apr 2026 17:36:13 +0000 Subject: [PATCH 4/4] security: remove deployment commands from ai-worker sudo rules ai-worker only needs security audit commands, not deployment access. Removed: - nh os switch - nixos-rebuild switch Kept: - Firewall checks (iptables) - Fail2ban status - Log inspection (journalctl) - SSH config (sshd -T) - Docker service checks - Network diagnostics --- users/ai-worker.nix | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/users/ai-worker.nix b/users/ai-worker.nix index 67fe7e2..b818426 100644 --- a/users/ai-worker.nix +++ b/users/ai-worker.nix @@ -12,20 +12,12 @@ }; users.groups.ai-worker = {}; - # Restricted sudo for ai-worker - security checks and deployment only + # Restricted sudo for ai-worker - security checks only security.sudo.extraRules = [ { users = [ "ai-worker" ]; commands = [ - { - command = "/run/current-system/sw/bin/nh os switch --flake /home/ai-worker/infra#lazyworkhorse"; - options = [ "NOPASSWD" ]; - } - { - command = "/run/current-system/sw/bin/nixos-rebuild switch --flake /home/ai-worker/infra#lazyworkhorse"; - options = [ "NOPASSWD" ]; - } - # Security audit commands + # Firewall checks { command = "/run/wrappers/bin/sudo iptables -L -n -v"; options = [ "NOPASSWD" ]; @@ -34,6 +26,7 @@ command = "/run/wrappers/bin/sudo iptables -S"; options = [ "NOPASSWD" ]; } + # Fail2ban status { command = "/run/current-system/sw/bin/fail2ban-client status"; options = [ "NOPASSWD" ]; @@ -46,6 +39,7 @@ command = "/run/current-system/sw/bin/fail2ban-client get * banned"; options = [ "NOPASSWD" ]; } + # Log inspection { command = "/run/current-system/sw/bin/journalctl -t kernel -n 100"; options = [ "NOPASSWD" ]; @@ -54,11 +48,16 @@ command = "/run/current-system/sw/bin/journalctl -u fail2ban -n 50"; options = [ "NOPASSWD" ]; } + { + command = "/run/current-system/sw/bin/journalctl -u firewall -n 50"; + options = [ "NOPASSWD" ]; + } + # SSH config verification { command = "/run/current-system/sw/bin/sshd -T"; options = [ "NOPASSWD" ]; } - # Docker commands for service checks + # Docker service checks { command = "/run/current-system/sw/bin/docker ps"; options = [ "NOPASSWD" ]; -- 2.49.1