gortium/infra
1
1
Fork 0
Code Issues 13 Pull Requests 21 Actions Packages Projects 1 Releases Wiki Activity
Files
0980dca4558e8725cbe40d5d86fb5d100ab9d8f4
infra/modules/nixos/security/README-ai-worker.md
Hermes Agent f0e21d95e4 fix: ai-worker docker-only access for ollama benchmarking 
Remove infra repo bind mount and sudo access from ai-worker user.
Now ai-worker can only:
- SSH into host from Hermes container
- Run docker commands via docker group membership
- Execute ollama benchmarks via docker exec

Results saved to /opt/data/ai-optimizer/ in Hermes container.
2026-04-29 19:55:19 +00:00

2.5 KiB
Raw Blame History

AI Worker Restricted Access

This module provides SSH access for the AI worker (hermes-agent) to run ollama benchmarks on the host.

Security Model

The ai-worker user has:

Filesystem Access

  • Home directory: /home/ai-worker (standard user home)
  • No bind mounts: Cannot access /home/gortium/infra or other host files
  • Cannot access: Any files outside standard system paths

Sudo Access

  • NONE: ai-worker has no sudo privileges
  • Cannot run nh, nixos-rebuild, nixpkgs-fmt, or nix with elevated permissions

Docker Access

  • Member of docker group - can run docker and docker exec commands
  • Primary use: docker exec ollama ollama ... for benchmarking
  • Can run docker exec --privileged ollama rocm-smi ... for VRAM monitoring

Workflow: SSH + Docker Benchmarking

The AI worker connects from the Hermes container to the host via SSH, runs ollama benchmarks, then returns to save results.

Example Workflow

# From Hermes container, SSH to host
ssh -i /path/to/ssh/key ai-worker@host.docker.internal

# On host, run ollama benchmarks via docker
docker exec ollama ollama pull devstral-small-2:24b

# Create test modelfile
docker exec ollama bash -c 'cat <<EOF > /root/.ollama/test.modelfile
FROM devstral-small-2:24b
PARAMETER num_ctx 65536
PARAMETER num_gpu 99
PARAMETER flash_attn true
EOF'

# Create and test model
docker exec ollama ollama create test-model -f /root/.ollama/test.modelfile
docker exec ollama ollama run test-model "Write a Python async function"

# Check VRAM usage
docker exec --privileged ollama rocm-smi --showmeminfo vram

# Cleanup
docker exec ollama ollama rm test-model

# Exit SSH, return to Hermes container
exit

# Save results in Hermes container
# /opt/data/ai-optimizer/state.json
# /opt/data/ai-optimizer/results.csv

SSH Access

Connect as:

ssh ai-worker@lazyworkhorse

The working directory will be /home/ai-worker. No infra repo access.

Verification

Check ai-worker permissions:

# On the host, as root or gortium:
sudo -u ai-worker sudo -l
# Should show: no sudo access

# Check docker group membership
groups ai-worker
# Should show: ai-worker docker

Troubleshooting

If ai-worker cannot run docker commands:

# Check docker group membership
groups ai-worker

# Verify ollama container is running
docker ps | grep ollama

# Test docker access
sudo -u ai-worker docker exec ollama ollama list

If SSH connection fails:

# Check SSH key is authorized
cat /home/ai-worker/.ssh/authorized_keys

# Check SSH service
systemctl status sshd