Hermes Agent 21bd4bb283 security: add restricted sudo for ai-worker with security audit commands ...

- Deployment: nh os switch, nixos-rebuild switch (flake path locked)
- Firewall checks: iptables -L, iptables -S
- Fail2ban: status, banned IPs
- Logs: journalctl for kernel and fail2ban
- SSH config: sshd -T for verification
- Docker: ps, inspect (service health)
- Network: ss -tlnp, /proc/net/tcp

All commands are whitelisted with NOPASSWD.
No shell access, no ALL command - principle of least privilege.

2026-04-30 17:46:39 +00:00

.planning

Progress dump before ai agent

2026-04-04 04:57:47 -04:00

assets

Compose update

2026-04-27 06:11:34 -04:00

docker/hermes

security: harden lazyworkhorse with firewall, fail2ban, SSH hardening

2026-04-30 17:46:39 +00:00

hosts

security: harden lazyworkhorse with firewall, fail2ban, SSH hardening

2026-04-30 17:46:39 +00:00

lib

feat: isolate docker networks and add cyt-pi remote node config

2026-04-06 19:14:57 -04:00

modules/nixos

Forced restart for docker services

2026-04-27 06:02:25 -04:00

secrets

feat: isolate docker networks and add cyt-pi remote node config

2026-04-06 19:14:57 -04:00

shells

Used agenix to manage secrets, 4 services up, ssh

2025-08-08 17:00:47 -04:00

users

security: add restricted sudo for ai-worker with security audit commands

2026-04-30 17:46:39 +00:00

.gitmodules

Used agenix to manage secrets, 4 services up, ssh

2025-08-08 17:00:47 -04:00

AGENTS.md

Starting work on fan control with opencode

2025-08-08 18:18:21 -04:00

flake.lock

feat: isolate docker networks and add cyt-pi remote node config

2026-04-06 19:14:57 -04:00

flake.nix

feat: isolate docker networks and add cyt-pi remote node config

2026-04-06 19:14:57 -04:00

Description

My whole infra configuration

702 KiB

Languages

Nix 91.8%

Dockerfile 8.2%