lair/containers
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
745a6767026c9d31676b84426d12ab46fd5d210a
containers/images/hermes/hermes.container
grenade 745a676702
All checks were successful
images / hermes (push) Successful in 15m40s
Details
hermes: finalize dashboard exposure + local-inference config 
Confirmed against upstream: dashboard binds 0.0.0.0:9119 by default
(HERMES_DASHBOARD_HOST/PORT), so bridge + PublishPort=5100:9119 needs no
override. LLM backend uses Hermes' `custom` OpenAI-compatible provider
pointed at the local sovereign inference (hanzalova.internal:31313/v1).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_011D3YeWKpjg5bT488fVanCH
2026-06-23 12:22:28 +03:00

45 lines
1.9 KiB
Plaintext
Raw Blame History

# Reference quadlet for deploying Hermes on bob (bob.hanzalova.internal).
# Deploy to /etc/containers/systemd/hermes.container (rootful, matching the
# existing agent-zero.container and open-webui.container), then:
# sudo install -d -o 10000 -g 10000 /var/lib/hermes # /opt/data owner = HERMES_UID
# sudo install -o 10000 -g 10000 /path/to/config.yaml /var/lib/hermes/config.yaml
# sudo install -o 10000 -g 10000 /path/to/.env /var/lib/hermes/.env # if needed
# sudo systemctl daemon-reload && sudo systemctl start hermes.service
#
# Gated on git.lair.cafe/lair/hermes:latest being published by the `images`
# workflow first. After that it's a normal pull + AutoUpdate=registry quadlet —
# same lifecycle as the other two services, and now enrolled in the (enabled)
# podman-auto-update.timer.
#
# Dashboard: the image binds the dashboard on 0.0.0.0:9119 by default
# (HERMES_DASHBOARD_HOST / HERMES_DASHBOARD_PORT), so bridge networking +
# PublishPort below exposes it on the LAN at :5100 with no override needed.
# ⚠ The dashboard stores provider API keys and has NO auth — keep it on a trusted
# LAN only; front it with an authenticating reverse proxy for anything wider.
[Unit]
Description=Hermes Agent
After=network-online.target
Wants=network-online.target
[Container]
Image=git.lair.cafe/lair/hermes:latest
ContainerName=hermes
AutoUpdate=registry
# Keeps the 50X0 LAN convention (agent-zero=5080, open-webui=5090, hermes=5100).
PublishPort=5100:9119
Volume=/var/lib/hermes:/opt/data:Z
# Upstream drops to the non-root hermes user (uid/gid 10000); /var/lib/hermes
# must be owned 10000:10000 on the host (see install -d above).
Environment=HERMES_UID=10000
Environment=HERMES_GID=10000
# LLM backend (local sovereign inference) is configured in
# /var/lib/hermes/config.yaml via provider: "custom" -> see readme.md.
[Service]
Restart=always
TimeoutStartSec=300
[Install]
WantedBy=default.target
Reference in New Issue View Git Blame Copy Permalink