gortium/compose
1
1
Fork 0
Code Issues Pull Requests 18 Actions Packages Projects Releases Wiki Activity

refactor: use official Hermes Agent image as base, not debian:stable-slim

Browse Source 
Starting from debian:stable-slim required re-installing everything
(Hermes source, Node.js, Playwright, etc.) which was redundant
and fragile. The official nousresearch/hermes-agent image already
has all that.

Now the Dockerfile:
- FROM nousresearch/hermes-agent:latest (has tts_tool.py, Playwright, etc.)
- Install Piper + voice model on top
- Patch tts_tool.py at build time (Edge fallback -> Piper)
- Runtime fallback in fix-permissions.sh for volume resilience

Cleaner, smaller Dockerfile, and the build-time patch can find
tts_tool.py because it's in the base image's venv.
This commit is contained in:
Thierry Pouplier
2026-05-09 17:39:23 +00:00
parent a40e347dfa
commit 98216d2872
2 changed files with 19 additions and 91 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
ai/fix-permissions.sh
View File

@@ -1,13 +1,11 @@
#!/bin/bash
# Startup permission fix for the Hermes data volume.
# Startup permission fix + TTS patch.
# Runs as root before the entrypoint drops to the hermes user.
# Fixes files that were created by root (host agent, cron jobs, etc.)
# becoming inaccessible to the hermes runtime user.
set -e
HERMES_HOME="${HERMES_HOME:-/opt/data}"
# Fix ownership on critical writable directories so hermes user can access them
# Fix ownership on critical writable directories
chown -R hermes:hermes \
"$HERMES_HOME/sessions" \
"$HERMES_HOME/checkpoints" \
@@ -22,20 +20,19 @@ chown -R hermes:hermes \
"$HERMES_HOME/cache" \
2>/dev/null || true
# Also fix the data volume root if it's wrong
# Fix data volume root ownership
if [ "$(stat -c %u "$HERMES_HOME" 2>/dev/null)" != "$(id -u hermes)" ]; then
chown hermes:hermes "$HERMES_HOME" 2>/dev/null || true
fi
# ---------- Patch tts_tool.py: replace Edge TTS with Piper ----------
# Runs at startup so the patch is applied even if the Python package is
# updated (e.g. via pip upgrade on the volume). Idempotent -- if the
# patch is already applied the script does nothing.
# Fallback runtime patch in case the volume's site-packages differ from the image.
# Idempotent: if already patched, the script does nothing.
PATCH_SCRIPT="/opt/hermes/patch_tts_tool.py"
if [ -f "$PATCH_SCRIPT" ]; then
echo "Applying TTS patch (Piper only, no Edge fallback)..."
/opt/hermes/.venv/bin/python3 "$PATCH_SCRIPT" 2>&1 || true
fi
# Now chain to the real entrypoint
# Chain to the official Hermes entrypoint
exec /opt/hermes/docker/entrypoint.sh "$@"