AUTARCH v1.9 — remote monitoring, SSH manager, daemon, vault, cleanup

- Add Remote Monitoring Station with PIAP device profile system - Add SSH/SSHD manager with fail2ban integration - Add privileged daemon architecture for safe root operations - Add encrypted vault, HAL memory, HAL auto-analyst - Add network security suite, module creator, codex training - Add start.sh launcher script and GTK3 desktop launcher - Remove Output/ build artifacts, installer files, loose docs - Update .gitignore for runtime data and build artifacts - Update README for v1.9 with new launch method, screenshots, and features Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-24 06:59:06 -07:00
parent 1092689f45
commit da53899f66
382 changed files with 15277 additions and 493964 deletions
--- a/scripts/autarch-web.service
+++ b/scripts/autarch-web.service
@@ -6,21 +6,27 @@ Wants=network.target

 [Service]
 Type=simple
-User=snake
-Group=snake
+User=root
+Group=root
 WorkingDirectory=/home/snake/autarch
-ExecStart=/usr/bin/python3 /home/snake/autarch/autarch.py --web --no-banner
+
+# Use venv python if available, fall back to system python
+ExecStart=/bin/bash -c 'if [ -x /home/snake/autarch/venv/bin/python ]; then exec /home/snake/autarch/venv/bin/python /home/snake/autarch/autarch.py --web --no-banner; else exec /usr/bin/python3 /home/snake/autarch/autarch.py --web --no-banner; fi'
+
 Restart=on-failure
 RestartSec=5
 StandardOutput=journal
 StandardError=journal
 SyslogIdentifier=autarch-web

-# Security hardening
+# Security — run as root for raw sockets, iptables, hardware access
 NoNewPrivileges=false
 ProtectHome=false
 PrivateTmp=true

+# Capabilities needed when not running as root (future: drop root)
+# AmbientCapabilities=CAP_NET_RAW CAP_NET_ADMIN CAP_NET_BIND_SERVICE
+
 # Environment
 Environment=PYTHONUNBUFFERED=1