Comment by spott
1 month ago
This is the biggest thing I use my Proxmox homelab for.
I have a few VMs that I can rebuild trivially. They only have the relevant repo on them. They basically only run Claude in yolo mode.
I do wish I could use yolo mode, but deny git push or git push —force.
The biggest risk I have using yolo mode is a git push —force to wipe out my remote repo, or a data exfiltration.
I ssh in on my phone/tablet into a tmux session. Each box also has the ability to have an independent environment, which I can access from wherever I’m sshing from.
All in all, I’m pretty happy with the whole situation.
> The biggest risk I have using yolo mode is a git push —force to wipe out my remote repo, or a data exfiltration.
Why not just create a user with only pull access?
Cause the risk isn’t actually that bad.
There are three nodes that are running with the same repo. If one of them force pushes, the others have the repo to restore it.
In 6+ months that I’ve had this setup, I’ve never had to deal with that issue.
The convenience of having the agents create their own prs, and evaluate issues, is just too great.
You could remove the origin on the repo and add it back only when you need to push.
Personally I do this: local machine with all repos, containers with a single repo without the origin. When I need to deploy I rsync new files from the container to my local and push.
This isn’t a horrible idea, but the risk isn’t really big enough to justify introducing that friction.