Phase 6a: per-container web UI (axum); per-agent port hashed from name

2026-05-14 23:39:06 +02:00 · 2026-05-14 23:39:06 +02:00 · d0f954bbc1
commit d0f954bbc1
parent 14cb107125
9 changed files with 112 additions and 4 deletions
--- a/nix/modules/hive-c0re.nix
+++ b/nix/modules/hive-c0re.nix
@ -31,6 +31,17 @@ in
  config = lib.mkIf cfg.enable {
    environment.systemPackages = [ cfg.package ];

+    # Per-container web UIs share the host's network namespace and need their
+    # ports reachable. Manager: 8000. Sub-agents: 8100..8999 (deterministic
+    # hash; see `lifecycle::agent_web_port`).
+    networking.firewall.allowedTCPPorts = [ 8000 ];
+    networking.firewall.allowedTCPPortRanges = [
+      {
+        from = 8100;
+        to = 8999;
+      }
+    ];
+
    systemd.services.hive-c0re = {
      description = "hyperhive coordinator daemon";
      wantedBy = [ "multi-user.target" ];
--- a/nix/templates/manager.nix
+++ b/nix/templates/manager.nix
@ -23,6 +23,10 @@
    description = "hive-m1nd manager harness";
    wantedBy = [ "multi-user.target" ];
    after = [ "network.target" ];
+    environment = {
+      HIVE_PORT = "8000";
+      HIVE_LABEL = "hm1nd";
+    };
    serviceConfig = {
      ExecStart = "${pkgs.hyperhive}/bin/hive-m1nd serve";
      Restart = "on-failure";