The nousresearch/hermes-agent:latest base image already has a
venv with hermes-agent installed at /opt/hermes/.venv/.
Running 'uv venv' on top of it either fails or wipes the
existing install.
Fix: activate the existing venv first, then pip install into it.
Starting from debian:stable-slim required re-installing everything
(Hermes source, Node.js, Playwright, etc.) which was redundant
and fragile. The official nousresearch/hermes-agent image already
has all that.
Now the Dockerfile:
- FROM nousresearch/hermes-agent:latest (has tts_tool.py, Playwright, etc.)
- Install Piper + voice model on top
- Patch tts_tool.py at build time (Edge fallback -> Piper)
- Runtime fallback in fix-permissions.sh for volume resilience
Cleaner, smaller Dockerfile, and the build-time patch can find
tts_tool.py because it's in the base image's venv.
The Dockerfile starts from debian:stable-slim, not from the official
Hermes image. Without installing hermes-agent from pip, there is no
tools/tts_tool.py in the image at build time, so the patch script
crashes with FileNotFoundError.
Adding hermes-agent to uv pip install gives us tts_tool.py in the
venv site-packages, so the COPY+RUN patch step works cleanly.
Also keep the runtime fallback in fix-permissions.sh for cases where
the volume's site-packages differ from the image.
The build-time COPY+RUN of patch_tts_tool.py failed because
the Dockerfile starts from debian:stable-slim and only copies
the ai/ build context — there's no tools/tts_tool.py in the
image at build time (Hermes is on the mounted data volume).
Move patching to fix-permissions.sh which runs at container
startup when the data volume is mounted, so tts_tool.py is
available via the venv site-packages.
Also make patch_tts_tool.py robust: searches multiple paths
for tts_tool.py, accepts path as argument, exits 0 instead
of 1 when file/pattern not found (build must not fail).
Commit 8e9a75f removed the COPY+RUN of patch_tts_tool.py
because the build context was thought to be insufficient.
The build context is ai/ which contains both the Dockerfile
and patch_tts_tool.py, so COPY works fine.
Without this step the tts_tool.py silently falls through
to Edge TTS as its default provider even when
config.yaml says provider: piper, because 'piper' is not
a recognized provider in the unpatched code. This caused
the female Edge TTS voice (AriaNeural) instead of the
configured Ryan High male voice.
