dan/ops-jrz1
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
107 commits 3 branches 1 tag 5.5 MiB
Commit graph

4 commits

Author SHA1 Message Date
Dan 955b6e91b4 Fix killswitch paths in watchdog scripts, remove replaceStrings workaround 2026-01-05 09:12:46 -08:00
Dan f8e77c44b1 Fix code review items from security scripts 
- egress-watchdog: Use process substitution to avoid subshell gotcha
- killswitch: Rename USER to TARGET_USER (avoid shadowing builtin)
- Add documentation comments for UID range and grep -P dependency

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-03 09:35:40 -08:00
Dan cd534a09f2 Declarative script deployment via writeShellApplication 
- Package watchdog scripts (killswitch, cpu-watchdog, egress-watchdog)
  with proper runtimeInputs, referenced directly by systemd
- Package admin scripts (learner-add, learner-remove) in systemPackages
- Fix ShellCheck issues in scripts (SC2129, SC2155, SC2115, SC2162)
- Remove manual /usr/local/bin deployment, scripts deploy with nixos-rebuild
- Update AGENTS.md with new deployment workflow

Closes epic ops-jrz1-gwk

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-03 09:21:47 -08:00
Dan fb7d6d03a2 Add egress-watchdog for rate limit abuse detection 
Monitors EGRESS-LIMIT kernel log entries, tracks strikes per user,
triggers killswitch after 3 consecutive violations within a minute.
Runs every minute via systemd timer.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-03 06:02:34 -08:00