From 3c8a5886e4a3355505ff377afbff0a15c4bb571c Mon Sep 17 00:00:00 2001 From: Hermes Date: Fri, 22 May 2026 12:40:09 -0400 Subject: [PATCH] feat: honcho-only memory provider with Traefik + Authelia - Remove OpenViking/Holographic dependencies (only Honcho stays) - Remove httpx install from Dockerfile (was for OpenViking) - Add Traefik routing for honcho at honcho.lazyworkhorse.net - Add Authelia auth middleware on honcho HTTPS - Add ai_net network to honcho for Traefik access --- ai/compose.yml | 18 ++++++++++++++++++ ai/hermes/Dockerfile | 2 ++ 2 files changed, 20 insertions(+) diff --git a/ai/compose.yml b/ai/compose.yml index e336ab4..744a20d 100755 --- a/ai/compose.yml +++ b/ai/compose.yml @@ -175,11 +175,29 @@ services: - /mnt/HoardingCow_docker_data/Honcho/data:/app/data networks: - ai_backend + - ai_net depends_on: honcho-db: condition: service_healthy honcho-redis: condition: service_healthy + labels: + - "traefik.enable=true" + + # Router for HTTP + redirect to HTTPS + - "traefik.http.routers.honcho-http.rule=Host(`honcho.lazyworkhorse.net`)" + - "traefik.http.routers.honcho-http.entrypoints=web" + - "traefik.http.routers.honcho-http.middlewares=redirect-to-https" + + # Router for HTTPS with TLS — protected by Authelia + - "traefik.http.routers.honcho-https.rule=Host(`honcho.lazyworkhorse.net`)" + - "traefik.http.routers.honcho-https.entrypoints=websecure" + - "traefik.http.routers.honcho-https.tls=true" + - "traefik.http.routers.honcho-https.tls.certresolver=njalla" + - "traefik.http.routers.honcho-https.middlewares=hermes-auth" + + # Service Loadbalancer + - "traefik.http.services.honcho.loadbalancer.server.port=8000" honcho-db: image: pgvector/pgvector:pg15 diff --git a/ai/hermes/Dockerfile b/ai/hermes/Dockerfile index 253b9b7..625b517 100644 --- a/ai/hermes/Dockerfile +++ b/ai/hermes/Dockerfile @@ -43,6 +43,8 @@ RUN apt-get update && \ # ---------- UV ---------- COPY --chmod=0755 --from=ghcr.io/astral-sh/uv:latest /uv /usr/local/bin/ +WORKDIR /opt/hermes + # ---------- Matrix bridge + extra pip deps ---------- # Previously installed inline at container startup and persisted via volume mount. # Now baked into the image so the fragile venv volume mount can be removed.