fix: update compose submodule for wg-easy iptables-nft fix #40

Closed

Hermes wants to merge 7 commits from fix/wg-easy-iptables-nft into master

pull from: fix/wg-easy-iptables-nft

merge into: gortium:master

gortium:master

gortium:feat/worldmonitor

gortium:feat/ups-config

gortium:feat/rollback-sentinel-on-fresh-branch

gortium:fix/honcho-vector-dim-empty

gortium:fix/backup-submodule-update

gortium:feat/restrict-docker-blacklist

gortium:feat/restrict-docker-commands-for-ai-worker

gortium:fix/hermes-matrix-deps-venv-persist

gortium:feat/uconsole-cm5-v3

gortium:fix/update-compose-submodule-matrix-bridge

gortium:feat/nix-deployment-v2

gortium:kvm-pr

gortium:feat/nixos-ci-workflow

gortium:kvm-pr-consolidate

gortium:feat/hermes-workspace-combined

gortium:feat/hyperspace-pods-module

gortium:feat/hermes-workspace

gortium:feat/hermes-workers

gortium:feat/add-paperclip-agent-orchestrator

gortium:feat/syncthing-org-sync

gortium:fix/vpn-iptables-nft-v3

gortium:fix/vpn-iptables-nft-v2

gortium:fix/vpn-iptables-nft-upstream

gortium:feat/nixos-ci

gortium:feat/update-compose-submodule-custom-tools

gortium:feat/kvm-libvirt

gortium:feat/compose-submodule-v2

gortium:feat/hermes-fork-dockerfile

gortium:ai-worker-restricted-access

gortium:feat/wireguard-vpn

gortium:feat/k3s-pod-cluster

gortium:feature/server-hardening-clean

gortium:docs/merge-priority-order

gortium:feat/hermes-voice-gpu-support

gortium:feat/uconsole-cm5-v2

gortium:fix/matrix-bridge-v2

gortium:fix/backup-network-v2

gortium:feat/docker-add-qemu-cross-compilation

gortium:feat/docker-add-latex-stack

gortium:feat/docker-add-chromium-browser-deps

gortium:feat/docker-add-curl-poppler-imagemagick

gortium:feat/add-uconsole-host

gortium:home_manager

Conversation 0 Commits 7 Files Changed 7 +249 -8

7 Commits

Author	SHA1	Message	Date
Hermes	07805b867d	fix: update compose submodule for wg-easy iptables-nft fix ... Updates the compose submodule to point to fix/wg-easy-iptables-nft which adds a custom Dockerfile installing iptables-nft for nftables backend compatibility. Fixes the wg-easy container crash-loop: iptables v1.8.3 (legacy): can't initialize iptables table 'nat' Table does not exist (do you need to insmod?)	2026-05-12 14:53:09 -04:00
Hermes	6b2e7a626f	feat: update compose submodule for ollama-gfx906 (v0.23.2) + add Dockerfile	2026-05-10 10:09:06 -04:00
Hermes Agent	878cfc1d99	Merge remote-tracking branch 'origin/master' into ai-worker-restricted-access	2026-05-09 16:11:32 +00:00
Hermes Agent	ceb58bcf76	chore: update flake.lock and fix merge conflict	2026-05-09 16:10:30 +00:00
Robert	7d3d072961	Merge branch 'master' into ai-worker-restricted-access	2026-05-03 05:28:39 -04:00
Hermes Agent	f0e21d95e4	fix: ai-worker docker-only access for ollama benchmarking ... Remove infra repo bind mount and sudo access from ai-worker user. Now ai-worker can only: - SSH into host from Hermes container - Run docker commands via docker group membership - Execute ollama benchmarks via docker exec Results saved to /opt/data/ai-optimizer/ in Hermes container.	2026-04-29 19:55:19 +00:00
Hermes Agent	18df45819d	Add restricted AI worker access with deployment capabilities ... - New module: modules/nixos/security/ai-worker-restricted.nix - Bind mount for infra repo access (RW) - Whitelisted sudo commands: nh, nixos-rebuild, nixpkgs-fmt, nix - Audit logging for infra changes - Documentation in README-ai-worker.md - Updated users/ai-worker.nix: - Enable services.aiWorkerAccess - Lock password (SSH key only) - Security documentation comments - Updated flake.nix: - Include new security module SECURITY: AI must ask for user confirmation before running nh os switch	2026-04-28 15:34:38 +00:00