compose/ai/hermes/Dockerfile

# syntax=docker/dockerfile:1
# Hermes Agent with Chromium -- local browser tool support
# Based on python:3.11-slim for minimal footprint.
# Chromium installed via apt-get for system-level browser automation.
#
# Build:
#   docker build -t hermes-agent:chromium .
#
# Environment variables:
#   CHROME_EXECUTABLE  -- path to the Chromium binary

# ---------- Base image ----------
FROM python:3.11-slim

ENV DEBIAN_FRONTEND=noninteractive
ENV PYTHONUNBUFFERED=1

# ---------- System dependencies for Chromium ----------
# The minimum set required to run headless Chromium on Linux.
# python:3.11-slim is Debian Bookworm (12) -- package names without t64 suffix.
RUN apt-get update && \
    apt-get install -y --no-install-recommends \
        # Chromium and its launcher
        chromium \
        chromium-common \
        chromium-sandbox \
        # Font rendering for proper page rendering
        fonts-liberation \
        fonts-noto-color-emoji \
        fonts-dejavu-core \
        # System libraries required by Chromium at runtime
        libnss3 \
        libnspr4 \
        libatk1.0-0 \
        libatk-bridge2.0-0 \
        libcups2 \
        libdrm2 \
        libxdamage1 \
        libxfixes3 \
        libxcomposite1 \
        libxrandr2 \
        libgbm1 \
        libpango-1.0-0 \
        libcairo2 \
        libasound2 \
        libxkbcommon0 \
        libxshmfence1 \
        # Virtual framebuffer for headless operation
        xvfb \
        # Process supervisor for orphan reaping
        tini \
        # Git for Hermes source operations
        git \
        # SSL certificates for HTTPS connections
        ca-certificates \
        # Curl for health checks
        curl \
    && rm -rf /var/lib/apt/lists/*

# ---------- Hermes Agent installation ----------
# Install uv (fast Python package manager)
COPY --chmod=0755 --from=ghcr.io/astral-sh/uv:latest /uv /usr/local/bin/uv
COPY --chmod=0755 --from=ghcr.io/astral-sh/uv:latest /uvx /usr/local/bin/uvx

# Create hermes user (non-root runtime)
RUN useradd -u 10000 -m -d /opt/data hermes

# Install Hermes Agent from PyPI with gateway support for messaging
RUN uv pip install --system --no-cache-dir \
        'hermes-agent[gateway]' \
        croniter && \
    uv cache clean

# Create the /opt/hermes directory structure expected by entrypoint
RUN mkdir -p /opt/hermes/.venv/bin && \
    mkdir -p /opt/hermes/docker && \
    ln -sf /usr/local/bin/uv /opt/hermes/.venv/bin/uv && \
    ln -sf /usr/local/bin/uvx /opt/hermes/.venv/bin/uvx

# ---------- Entrypoint script ----------
COPY entrypoint.sh /opt/hermes/docker/entrypoint.sh
RUN chmod +x /opt/hermes/docker/entrypoint.sh

# ---------- Environment variables ----------
# Point browser tool to system Chromium (installed via apt-get)
ENV CHROME_EXECUTABLE=/usr/bin/chromium

# Hermes paths
ENV HERMES_HOME=/opt/data
ENV PATH="/opt/data/.local/bin:${PATH}"

# Playwright browsers path (for agent-browser install at runtime)
ENV PLAYWRIGHT_BROWSERS_PATH=/opt/hermes/.playwright

# Virtual framebuffer display for headless Chromium
ENV DISPLAY=:99

# ---------- Data volume ----------
VOLUME [ "/opt/data" ]

# ---------- Runtime ----------
USER hermes
WORKDIR /opt/data

ENTRYPOINT [ "/opt/hermes/docker/entrypoint.sh" ]
CMD [ "gateway", "run" ]
feat: update Hermes Dockerfile to build from forked source - Switch Dockerfile to clone from gortium/hermes-agent (Gitea fork) - Add SSH agent forwarding for private repo clone at build time - Set CHROME_EXECUTABLE for Playwright Chromium - Remove patch_tts_tool.py (Piper patch now in fork source) - Enable Gitea Actions in versioncontrol compose 2026-05-10 17:55:17 -04:00			`# syntax=docker/dockerfile:1`
feat: add 7zz for CHM documentation extraction 2026-05-20 14:25:04 -04:00			`# Hermes Agent with Chromium -- local browser tool support`
			`# Based on python:3.11-slim for minimal footprint.`
			`# Chromium installed via apt-get for system-level browser automation.`
			`#`
			`# Build:`
			`# docker build -t hermes-agent:chromium .`
			`#`
			`# Environment variables:`
			`# CHROME_EXECUTABLE -- path to the Chromium binary`
fix: replace Dockerfile with simplified stable-slim version 2026-05-09 02:38:23 +00:00
feat: add 7zz for CHM documentation extraction 2026-05-20 14:25:04 -04:00			`# ---------- Base image ----------`
			`FROM python:3.11-slim`
feat: add custom Hermes Dockerfile with WireGuard tools 2026-05-05 01:42:55 +00:00
feat: add 7zz for CHM documentation extraction 2026-05-20 14:25:04 -04:00			`ENV DEBIAN_FRONTEND=noninteractive`
			`ENV PYTHONUNBUFFERED=1`
feat: update Hermes Dockerfile to build from forked source - Switch Dockerfile to clone from gortium/hermes-agent (Gitea fork) - Add SSH agent forwarding for private repo clone at build time - Set CHROME_EXECUTABLE for Playwright Chromium - Remove patch_tts_tool.py (Piper patch now in fork source) - Enable Gitea Actions in versioncontrol compose 2026-05-10 17:55:17 -04:00
feat: add 7zz for CHM documentation extraction 2026-05-20 14:25:04 -04:00			`# ---------- System dependencies for Chromium ----------`
			`# The minimum set required to run headless Chromium on Linux.`
			`# python:3.11-slim is Debian Bookworm (12) -- package names without t64 suffix.`
feat: add custom Hermes Dockerfile with WireGuard tools 2026-05-05 01:42:55 +00:00			`RUN apt-get update && \`
			`apt-get install -y --no-install-recommends \`
feat: add 7zz for CHM documentation extraction 2026-05-20 14:25:04 -04:00			`# Chromium and its launcher`
			`chromium \`
			`chromium-common \`
			`chromium-sandbox \`
			`# Font rendering for proper page rendering`
			`fonts-liberation \`
			`fonts-noto-color-emoji \`
			`fonts-dejavu-core \`
			`# System libraries required by Chromium at runtime`
			`libnss3 \`
			`libnspr4 \`
			`libatk1.0-0 \`
			`libatk-bridge2.0-0 \`
			`libcups2 \`
			`libdrm2 \`
			`libxdamage1 \`
			`libxfixes3 \`
			`libxcomposite1 \`
			`libxrandr2 \`
			`libgbm1 \`
			`libpango-1.0-0 \`
			`libcairo2 \`
			`libasound2 \`
			`libxkbcommon0 \`
			`libxshmfence1 \`
			`# Virtual framebuffer for headless operation`
			`xvfb \`
			`# Process supervisor for orphan reaping`
			`tini \`
			`# Git for Hermes source operations`
			`git \`
			`# SSL certificates for HTTPS connections`
			`ca-certificates \`
			`# Curl for health checks`
			`curl \`
			`&& rm -rf /var/lib/apt/lists/*`
feat: add custom Hermes Dockerfile with WireGuard tools 2026-05-05 01:42:55 +00:00
feat: add 7zz for CHM documentation extraction 2026-05-20 14:25:04 -04:00			`# ---------- Hermes Agent installation ----------`
			`# Install uv (fast Python package manager)`
			`COPY --chmod=0755 --from=ghcr.io/astral-sh/uv:latest /uv /usr/local/bin/uv`
			`COPY --chmod=0755 --from=ghcr.io/astral-sh/uv:latest /uvx /usr/local/bin/uvx`
feat: add custom Hermes Dockerfile with WireGuard tools 2026-05-05 01:42:55 +00:00
feat: add 7zz for CHM documentation extraction 2026-05-20 14:25:04 -04:00			`# Create hermes user (non-root runtime)`
			`RUN useradd -u 10000 -m -d /opt/data hermes`
feat: add custom Hermes Dockerfile with WireGuard tools 2026-05-05 01:42:55 +00:00
feat: add 7zz for CHM documentation extraction 2026-05-20 14:25:04 -04:00			`# Install Hermes Agent from PyPI with gateway support for messaging`
			`RUN uv pip install --system --no-cache-dir \`
			`'hermes-agent[gateway]' \`
			`croniter && \`
			`uv cache clean`
refactor: use official Hermes Agent image as base, not debian:stable-slim Starting from debian:stable-slim required re-installing everything (Hermes source, Node.js, Playwright, etc.) which was redundant and fragile. The official nousresearch/hermes-agent image already has all that. Now the Dockerfile: - FROM nousresearch/hermes-agent:latest (has tts_tool.py, Playwright, etc.) - Install Piper + voice model on top - Patch tts_tool.py at build time (Edge fallback -> Piper) - Runtime fallback in fix-permissions.sh for volume resilience Cleaner, smaller Dockerfile, and the build-time patch can find tts_tool.py because it's in the base image's venv. 2026-05-09 17:39:23 +00:00
feat: add 7zz for CHM documentation extraction 2026-05-20 14:25:04 -04:00			`# Create the /opt/hermes directory structure expected by entrypoint`
			`RUN mkdir -p /opt/hermes/.venv/bin && \`
			`mkdir -p /opt/hermes/docker && \`
			`ln -sf /usr/local/bin/uv /opt/hermes/.venv/bin/uv && \`
			`ln -sf /usr/local/bin/uvx /opt/hermes/.venv/bin/uvx`
feat: add Himalaya email CLI to Hermes Docker image 2026-05-12 18:02:51 -04:00
feat: add 7zz for CHM documentation extraction 2026-05-20 14:25:04 -04:00			`# ---------- Entrypoint script ----------`
			`COPY entrypoint.sh /opt/hermes/docker/entrypoint.sh`
			`RUN chmod +x /opt/hermes/docker/entrypoint.sh`
feat: add Himalaya email CLI to Hermes Docker image 2026-05-12 18:02:51 -04:00
feat: add 7zz for CHM documentation extraction 2026-05-20 14:25:04 -04:00			`# ---------- Environment variables ----------`
			`# Point browser tool to system Chromium (installed via apt-get)`
			`ENV CHROME_EXECUTABLE=/usr/bin/chromium`
feat: add Himalaya email CLI to Hermes Docker image 2026-05-12 18:02:51 -04:00
feat: add 7zz for CHM documentation extraction 2026-05-20 14:25:04 -04:00			`# Hermes paths`
feat: add custom Hermes Dockerfile with WireGuard tools 2026-05-05 01:42:55 +00:00			`ENV HERMES_HOME=/opt/data`
			`ENV PATH="/opt/data/.local/bin:${PATH}"`
fix: replace Dockerfile with simplified stable-slim version 2026-05-09 02:38:23 +00:00
feat: add 7zz for CHM documentation extraction 2026-05-20 14:25:04 -04:00			`# Playwright browsers path (for agent-browser install at runtime)`
			`ENV PLAYWRIGHT_BROWSERS_PATH=/opt/hermes/.playwright`

			`# Virtual framebuffer display for headless Chromium`
			`ENV DISPLAY=:99`

			`# ---------- Data volume ----------`
			`VOLUME [ "/opt/data" ]`

			`# ---------- Runtime ----------`
			`USER hermes`
			`WORKDIR /opt/data`
refactor: chown tools dir at build time instead of root at runtime 2026-05-12 14:47:34 -04:00
feat: add 7zz for CHM documentation extraction 2026-05-20 14:25:04 -04:00			`ENTRYPOINT [ "/opt/hermes/docker/entrypoint.sh" ]`
			`CMD [ "gateway", "run" ]`