From 8e8b5f4304da75e682a99d908ce90de4c20d6e6d Mon Sep 17 00:00:00 2001
From: John Ogle <johno@squareup.com>
Date: Tue, 27 Jan 2026 10:54:33 -0800
Subject: [PATCH] chore(machines): remove tart-agent-sandbox config

Pivoted to Docker container approach for agent sandboxing instead of
Tart VMs due to networking issues with Cloudflare WARP.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 flake.nix                                     |  8 --
 machines/tart-agent-sandbox/configuration.nix | 98 -------------------
 .../hardware-configuration.nix                | 30 ------
 3 files changed, 136 deletions(-)
 delete mode 100644 machines/tart-agent-sandbox/configuration.nix
 delete mode 100644 machines/tart-agent-sandbox/hardware-configuration.nix

diff --git a/flake.nix b/flake.nix
index 3238412..c159ed7 100644
--- a/flake.nix
+++ b/flake.nix
@@ -214,14 +214,6 @@
       ];
     };
 
-    # Agent sandbox VM for Tart (aarch64-linux on Apple Silicon)
-    nixosConfigurations.tart-agent-sandbox = nixpkgs.lib.nixosSystem rec {
-      system = "aarch64-linux";
-      modules = nixosModules ++ [
-        ./machines/tart-agent-sandbox/configuration.nix
-      ];
-    };
-
     # Darwin/macOS configurations
     darwinConfigurations."blkfv4yf49kt7" = inputs.nix-darwin.lib.darwinSystem rec {
       system = "aarch64-darwin";
diff --git a/machines/tart-agent-sandbox/configuration.nix b/machines/tart-agent-sandbox/configuration.nix
deleted file mode 100644
index 04ab5dd..0000000
--- a/machines/tart-agent-sandbox/configuration.nix
+++ /dev/null
@@ -1,98 +0,0 @@
-# Agent sandbox VM configuration for Tart
-# Designed for LLM agents with full sudo access in an isolated environment
-{ config, pkgs, lib, ... }:
-
-{
-  imports = [
-    ./hardware-configuration.nix
-  ];
-
-  # Bootloader
-  boot.loader.systemd-boot.enable = true;
-  boot.loader.efi.canTouchEfiVariables = true;
-
-  networking.hostName = "tart-agent-sandbox";
-
-  # SSH access from host
-  services.openssh = {
-    enable = true;
-    settings = {
-      PermitRootLogin = "yes";
-      PasswordAuthentication = true;
-    };
-  };
-
-  # Agent user - full sudo, no password required
-  users.users.agent = {
-    isNormalUser = true;
-    description = "Agent sandbox user";
-    extraGroups = [ "wheel" "docker" ];
-    initialPassword = "agent";
-    openssh.authorizedKeys.keys = [
-      # Add your SSH public key here for passwordless access
-      # "ssh-ed25519 AAAA... your-key"
-    ];
-  };
-
-  # Passwordless sudo for wheel group
-  security.sudo.wheelNeedsPassword = false;
-
-  # Dev tools for agents
-  environment.systemPackages = with pkgs; [
-    # Core
-    git
-    curl
-    wget
-    vim
-    htop
-    tmux
-
-    # Build tools
-    gnumake
-    gcc
-    binutils
-
-    # Languages (add what your agents need)
-    python3
-    nodejs
-
-    # Utilities
-    jq
-    ripgrep
-    fd
-    tree
-    unzip
-    zip
-
-    # Networking
-    openssh
-    rsync
-  ];
-
-  # Docker for containerized workloads
-  virtualisation.docker.enable = true;
-
-  # Increase file descriptor limits for large operations
-  security.pam.loginLimits = [
-    { domain = "*"; type = "soft"; item = "nofile"; value = "65536"; }
-    { domain = "*"; type = "hard"; item = "nofile"; value = "65536"; }
-  ];
-
-  # Git config for large repos
-  programs.git = {
-    enable = true;
-    config = {
-      core.compression = 0;
-      http.postBuffer = 524288000;  # 500MB
-      pack.windowMemory = "100m";
-    };
-  };
-
-  # Nix settings
-  nix.settings = {
-    experimental-features = [ "nix-command" "flakes" ];
-    auto-optimise-store = true;
-  };
-
-  system.stateVersion = "25.11";
-}
diff --git a/machines/tart-agent-sandbox/hardware-configuration.nix b/machines/tart-agent-sandbox/hardware-configuration.nix
deleted file mode 100644
index 7df5629..0000000
--- a/machines/tart-agent-sandbox/hardware-configuration.nix
+++ /dev/null
@@ -1,30 +0,0 @@
-# Hardware configuration for Tart VM (Apple Virtualization.framework)
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
-  imports = [
-    (modulesPath + "/profiles/qemu-guest.nix")
-  ];
-
-  boot.initrd.availableKernelModules = [ "xhci_pci" "virtio_pci" "virtio_blk" ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ ];
-  boot.extraModulePackages = [ ];
-
-  # Root filesystem (will be /dev/vda1 after partitioning)
-  fileSystems."/" = {
-    device = "/dev/disk/by-label/nixos";
-    fsType = "ext4";
-  };
-
-  # EFI boot partition
-  fileSystems."/boot" = {
-    device = "/dev/disk/by-label/boot";
-    fsType = "vfat";
-    options = [ "fmask=0077" "dmask=0077" ];
-  };
-
-  swapDevices = [ ];
-
-  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
-}