Grimoire

nas-exec

2 min read

nas-exec — run commands on the Jarvis NAS from chat

Category: skill Where it works: Telegram (Hermes) / IRC — the conversational lane (in Claude Code, the synology-jarvis MCP is used instead) Source: _infra/hermes/skills/nas-exec/SKILL.md

What it is

Lets Wednesday actually run, check, and fix things on the Jarvis NAS (containers, docker stacks, files, services) when you ask from Telegram/IRC. It exists because the chat-lane Wednesday used to wrongly say “I have no SSH access” and refuse — she does have access (a passwordless key), and this skill points her at it.

How to trigger it

  • Natural language: “repară containerul X de pe jarvis”, “restart on jarvis”, “containerul Y e unhealthy”, “verifică jarvis”, “rebuild the stack on jarvis”, “run <cmd> on the nas”.
  • Auto-fires? Yes — on any “do something on Jarvis” request from the Hermes lane.

How to use it

Just ask in plain language — “the adguard container on jarvis is unhealthy, fix it.” Wednesday SSHes in with the stored key and does it. For anything needing root (docker, Container Manager, /etc), she pulls the NAS password from the credential vault herself and elevates — you’ll get one approve/deny prompt the first time (the security gate catching the credential touch); approve it. You never type the password.

Practical examples

  1. Unhealthy container — you: “containerul adguard de pe jarvis e unhealthy, repară-l” → she checks its health, restarts it, confirms healthy.
  2. Read a config — you: “arată-mi docker-compose.yml din stackul quartz de pe jarvis” → she cats the file back to you.
  3. Restart a stack — you: “rebuild pixelfed on jarvis” → she runs the compose recreate and reports the result.

Notes / limits

  • Jarvis only. Gideon (the other NAS) isn’t wired for this key yet — for Gideon, ask from Claude Code (the synology MCP) or ask to set up a Gideon key.
  • The password stays in the credential vault (_infra/config/.credentials/); it is never copied into the skill or shown in chat.
  • The one-time approve prompt on privileged commands is the credential-exfil safety gate working as intended — not an error.

Graph View