lair/containers
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
214850dae482b7725a6426c30a94d742d399de72
containers/images/hermes/hermes.container
grenade 214850dae4
Some checks failed
images / hermes (push) Has been cancelled
Details
Add lair/containers image-build repo; hermes as first image 
Builds container images for lair infra and publishes to git.lair.cafe.
Hermes Agent (NousResearch) is built directly from its upstream Dockerfile
at the latest release tag, published as git.lair.cafe/lair/hermes; the build
is release-triggered (daily API poll) and self-healing (gated on registry
presence, not a committable pin). Includes a draft rootful quadlet for bob
matching the agent-zero/open-webui convention. Convention follows gongfoo.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_011D3YeWKpjg5bT488fVanCH
2026-06-23 12:17:10 +03:00

50 lines
2.3 KiB
Plaintext
Raw Blame History

# DRAFT reference quadlet for deploying Hermes on bob (bob.hanzalova.internal).
# Deploy to /etc/containers/systemd/hermes.container (rootful, matching the
# existing agent-zero.container and open-webui.container), then:
# sudo install -d -o 10000 -g 10000 /var/lib/hermes # /opt/data owner = HERMES_UID
# # drop config.yaml + .env into /var/lib/hermes (LLM backend, secrets) — see readme.md
# sudo systemctl daemon-reload && sudo systemctl start hermes.service
#
# Once git.lair.cafe/lair/hermes:latest is published by the `images` workflow,
# this is a normal pull + AutoUpdate=registry quadlet — same lifecycle as the
# other two services on bob.
#
# UNRESOLVED before first deploy (confirm against hermes dashboard docs):
# The dashboard binds 127.0.0.1:9119 by default. To expose it on the LAN at
# :5100 (the agent-zero=5080 / open-webui=5090 convention) the dashboard must
# be told to bind 0.0.0.0 INSIDE the container — set that in
# /var/lib/hermes/config.yaml (or a hermes dashboard-host env) and keep the
# PublishPort below. ⚠ It stores provider API keys and has no auth, so only
# expose on a trusted LAN — consider a reverse proxy with auth for anything wider.
[Unit]
Description=Hermes Agent
After=network-online.target
Wants=network-online.target
[Container]
Image=git.lair.cafe/lair/hermes:latest
ContainerName=hermes
AutoUpdate=registry
# Bridge + PublishPort keeps the 50X0 LAN convention. Requires the dashboard to
# bind 0.0.0.0:9119 inside the container (see note above). If you instead accept
# host networking like upstream's compose, replace the next two lines with
# `Network=host` and configure the dashboard bind/port directly.
PublishPort=5100:9119
Volume=/var/lib/hermes:/opt/data:Z
# Upstream drops to the non-root hermes user (uid/gid 10000); /var/lib/hermes
# must be owned by 10000:10000 on the host (see install -d above).
Environment=HERMES_UID=10000
Environment=HERMES_GID=10000
# LLM backend: point hermes at the local sovereign inference at
# http://hanzalova.internal:31313/v1 (same endpoint open-webui uses). Hermes is
# OpenRouter-first with per-provider base URLs and no plain OpenAI slot, so the
# model routing is configured in /var/lib/hermes/config.yaml, not here. See readme.md.
[Service]
Restart=always
TimeoutStartSec=300
[Install]
WantedBy=default.target
Reference in New Issue View Git Blame Copy Permalink