The Hermes adapter can be installed once via Paperclip's adapter
management API and persists on the Docker volume across restarts.
No custom Dockerfile or build step required.
Creates ai/paperclip/ with:
- Dockerfile: extends upstream paperclip image, pre-installs
hermes-paperclip-adapter@0.3.0 npm package as seed data
- docker-entrypoint.sh: seeds the adapter plugin on first boot
if the persistent volume is empty, then runs original startup
This ensures the Hermes adapter is available on first boot without
requiring network access — no npm install needed at runtime. The
adapter persists on the Docker volume across restarts.
Paperclip (ghcr.io/paperclipai/paperclip:v2026.517.0) is an open-source
agent management dashboard. Adds paperclip-db (PostgreSQL 17) and
paperclip services with Traefik reverse proxy on
paperclip.lazyworkhorse.net.
Requires .env: PAPERCLIP_DB_PASSWORD, PAPERCLIP_AUTH_SECRET.
update-alternatives --set fails because the base image only registers
iptables-legacy as an alternative. The iptables-nft binary (/usr/sbin/iptables-nft)
exists but isn't in the alternatives database. Direct ln -sf bypasses this.
In Alpine 3.18+, the 'iptables' package IS the nftables variant.
iptables-nft is not a separate package. The binary is already in
the base image — only need to flip update-alternatives.
- Switch FROM weejewel/wg-easy:latest (4yr old, Alpine 3.11) to
ghcr.io/wg-easy/wg-easy:latest (actively maintained, Alpine krypton)
- Use update-alternatives instead of raw ln -sf to flip iptables
from legacy to nftables backend
- Fix compose build context: ./vpn -> . (Dockerfile was at same level)
The weejewel/wg-easy image lacked iptables-nft package in Alpine 3.11.
The new official image has it available, we just flip the alternatives.
The old ln -sf approach was fragile across Alpine versions.
wg-easy's Alpine wg-quick uses legacy iptables which requires the
iptable_nat kernel module. On NixOS kernels compiled without legacy
netfilter modules, the container crashes in a restart loop:
iptables v1.8.3 (legacy): can't initialize iptables table 'nat'
Table does not exist (do you need to insmod?)
Fix: build a custom image that installs Alpine's iptables-nft package
and symlinks iptables -> iptables-nft (nftables backend).
- Switch Dockerfile to clone from gortium/hermes-agent (Gitea fork)
- Add SSH agent forwarding for private repo clone at build time
- Set CHROME_EXECUTABLE for Playwright Chromium
- Remove patch_tts_tool.py (Piper patch now in fork source)
- Enable Gitea Actions in versioncontrol compose
- Use --preset 'ROCm 6' for HIP build step (enables enable_language(HIP))
- Remove /opt/rocm from PATH for CPU build to prevent check_language(HIP)
- Add CMAKE_PREFIX_PATH=/opt/rocm so find_package(hip) finds hip-config.cmake
- cmake --install --component HIP now works correctly with OLLAMA_RUNNER_DIR=rocm
gfx940/gfx1010/gfx1030/gfx1100 cause C++ narrowing errors in ollama's
mma.cuh with hipcc. Since we only have MI50 (gfx906) cards, compile
for gfx906 only. Reduces build time and avoids upstream code bugs.
CPU backends compiled with GCC (fixes AVX intrinsic errors from hipcc).
HIP backend compiled with hipcc (legacy mode skips enable_language(HIP)).
Go binary built with GCC for CGo linking.
This avoids both CMAKE_HIP_COMPILER rejection and CXX=hipcc CPU failures.
The old Dockerfile used the deprecated llama.cpp/ subdirectory approach
which doesn't exist in ollama v0.23.2. Now using the official CMake
presets (ROCm 6 preset) with AMDGPU_TARGETS including gfx906:xnack-.
- Add ollama/Dockerfile that builds ollama from source with AMDGPU_TARGETS=gfx906
- Uses ROCm 6.1 (rocm/dev-ubuntu-22.04:6.1.2-complete) for MI50 support
- Builds llama.cpp runner with HIPBLAS for gfx906 architecture
- Updates compose.yml to build from this Dockerfile instead of pulling ollama/ollama:latest
The migration from debian:stable-slim to nousresearch/hermes-agent:latest
dropped several packages that were previously installed. This restores:
- poppler-utils, imagemagick (PDF/image processing)
- texlive-latex-base, latex-extra, fonts-recommended, xetex, science
- qemu-user-static, binfmt-support (cross-compilation)
- emacs-nox (text editing)
These were added in PRs 3/5, 4/5, 5/5 and earlier commits of the
compose repo. The official image already has git, curl, ffmpeg,
python3, gcc, openssh, ripgrep, tini, docker-cli, etc.
