infra/modules/nixos/security/ai-worker-restricted.nix

{ config, pkgs, lib, ... }:

with lib;

{
  options.services.aiWorkerAccess = mkOption {
    type = types.bool;
    default = false;
    description = "Enable AI worker SSH access with restricted sudo docker commands";
  };

  config = mkIf config.services.aiWorkerAccess {
    # SECURITY: ai-worker is NOT added to docker group.
    # Docker access is granted via sudo whitelist in users/ai-worker.nix.
    # This prevents unrestricted docker daemon access (docker exec, cp, commit, etc.)
    # Only specific docker subcommands are allowed via sudo NOPASSWD rules.
    
    # The old approach (docker group membership) has been removed because:
    # - Docker group gives UNRESTRICTED access to the docker daemon socket
    # - No way to limit which docker subcommands a docker group member can run
    # - Allowed: docker exec, docker cp, docker run -v /:/host, etc.
    # users.groups.docker.members = [ "ai-worker" ];  // REMOVED
  };
}