Hermes Agent
18df45819d
- New module: modules/nixos/security/ai-worker-restricted.nix - Bind mount for infra repo access (RW) - Whitelisted sudo commands: nh, nixos-rebuild, nixpkgs-fmt, nix - Audit logging for infra changes - Documentation in README-ai-worker.md - Updated users/ai-worker.nix: - Enable services.aiWorkerAccess - Lock password (SSH key only) - Security documentation comments - Updated flake.nix: - Include new security module SECURITY: AI must ask for user confirmation before running nh os switch
26 lines
888 B
Nix
26 lines
888 B
Nix
{ pkgs, inputs, config, keys, ... }: {
|
|
users.users.ai-worker = {
|
|
isSystemUser = true;
|
|
group = "ai-worker";
|
|
home = "/home/ai-worker";
|
|
createHome = true;
|
|
extraGroups = [ "docker" ];
|
|
shell = pkgs.bashInteractive;
|
|
openssh.authorizedKeys.keys = [
|
|
keys.users.ai-worker.main
|
|
];
|
|
# No password login - SSH key only
|
|
hashedPassword = "!";
|
|
};
|
|
users.groups.ai-worker = {};
|
|
|
|
# Enable restricted AI worker access with deployment capabilities
|
|
# SECURITY: ai-worker can only:
|
|
# - Access /home/ai-worker/infra (bind-mounted to /home/gortium/infra)
|
|
# - Run: nh, nixos-rebuild, nixpkgs-fmt, nix (via sudo, no password)
|
|
# - Manage docker containers (via docker group)
|
|
# - All changes to infra/ are logged via audit subsystem
|
|
# WORKFLOW: AI must ask for user confirmation before running nh os switch
|
|
services.aiWorkerAccess = true;
|
|
}
|