Hermes Agent
21bd4bb283
- Deployment: nh os switch, nixos-rebuild switch (flake path locked) - Firewall checks: iptables -L, iptables -S - Fail2ban: status, banned IPs - Logs: journalctl for kernel and fail2ban - SSH config: sshd -T for verification - Docker: ps, inspect (service health) - Network: ss -tlnp, /proc/net/tcp All commands are whitelisted with NOPASSWD. No shell access, no ALL command - principle of least privilege.