feat(ai): add TeXLive packages to Dockerfile

ai/Dockerfile

@@ -0,0 +1,65 @@
+FROM ghcr.io/astral-sh/uv:0.11.6-python3.13-trixie@sha256:b3c543b6c4f23a5f2df22866bd7857e5d304b67a564f4feab6ac22044dde719b AS uv_source
+FROM tianon/gosu:1.19-trixie@sha256:3b176695959c71e123eb390d427efc665eeb561b1540e82679c15e992006b8b9 AS gosu_source
+FROM debian:13.4
+
+# Disable Python stdout buffering to ensure logs are printed immediately
+ENV PYTHONUNBUFFERED=1
+
+# Store Playwright browsers outside the volume mount so the build-time
+# install survives the /opt/data volume overlay at runtime.
+ENV PLAYWRIGHT_BROWSERS_PATH=/opt/hermes/.playwright
+
+# Install system dependencies in one layer, clear APT cache
+# tini reaps orphaned zombie processes (MCP stdio subprocesses, git, bun, etc.)
+# that would otherwise accumulate when hermes runs as PID 1. See #15012.
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends \
+        build-essential nodejs npm python3 ripgrep ffmpeg gcc python3-dev libffi-dev procps git openssh-client docker-cli tini \
+        curl poppler-utils imagemagick emacs-nox \
+        texlive-latex-base texlive-latex-extra texlive-fonts-recommended texlive-xetex texlive-science && \
+    rm -rf /var/lib/apt/lists/*
+
+# Non-root user for runtime; UID can be overridden via HERMES_UID at runtime
+RUN useradd -u 10000 -m -d /opt/data hermes
+
+COPY --chmod=0755 --from=gosu_source /gosu /usr/local/bin/
+COPY --chmod=0755 --from=uv_source /usr/local/bin/uv /usr/local/bin/uvx /usr/local/bin/
+
+WORKDIR /opt/hermes
+
+# ---------- Layer-cached dependency install ----------
+# Copy only package manifests first so npm install + Playwright are cached
+# unless the lockfiles themselves change.
+COPY package.json package-lock.json ./
+COPY web/package.json web/package-lock.json web/
+
+RUN npm install --prefer-offline --no-audit && \
+    npx playwright install --with-deps chromium --only-shell && \
+    (cd web && npm install --prefer-offline --no-audit) && \
+    npm cache clean --force
+
+# ---------- Source code ----------
+# .dockerignore excludes node_modules, so the installs above survive.
+COPY --chown=hermes:hermes . .
+
+# Build web dashboard (Vite outputs to hermes_cli/web_dist/)
+RUN cd web && npm run build
+
+# ---------- Permissions ----------
+# Make install dir world-readable so any HERMES_UID can read it at runtime.
+# The venv needs to be traversable too.
+USER root
+RUN chmod -R a+rX /opt/hermes
+# Start as root so the entrypoint can usermod/groupmod + gosu.
+# If HERMES_UID is unset, the entrypoint drops to the default hermes user (10000).
+
+# ---------- Python virtualenv ----------
+RUN uv venv && \
+    uv pip install --no-cache-dir -e ".[all]"
+
+# ---------- Runtime ----------
+ENV HERMES_WEB_DIST=/opt/hermes/hermes_cli/web_dist
+ENV HERMES_HOME=/opt/data
+ENV PATH="/opt/data/.local/bin:${PATH}"
+VOLUME [ "/opt/data" ]
+ENTRYPOINT [ "/usr/bin/tini", "-g", "--", "/opt/hermes/docker/entrypoint.sh" ]

ai/compose.yml

@@ -112,7 +112,22 @@ services:
       - /mnt/HoardingCow_docker_data/Ollama/ollama:/root/.ollama
     environment:
       - OLLAMA_VULKAN=0
+      - HSA_OVERRIDE_GFX_VERSION=9.0.6
+      - HCC_AMDGPU_TARGET=gfx906
+      - HIP_VISIBLE_DEVICES=0,1
+      - ROCR_VISIBLE_DEVICES=0,1
+      - HSA_ENABLE_SDMA=0 
       - OLLAMA_HOST=0.0.0.0
+      - OLLAMA_DEBUG=1
+      - OLLAMA_FLASH_ATTENTION=1
+      - OLLAMA_NUM_PARALLEL=2
+    devices:
+      # Map the render nodes and KFD for ROCm to work inside the container
+      - /dev/kfd:/dev/kfd
+      - /dev/dri:/dev/dri
+    group_add:
+      - "303"
+      - "26"
 
 networks:
   ai_net:
@@ -122,40 +137,47 @@ networks:
     driver: bridge
     name: ai_backend
     
-  llama-cpp-hermes:
+  # llama_cpp_devstral:
-    image: llama-cpp:rocm-gfx906
+  #   image: ghcr.io/ggml-org/llama.cpp:server-rocm
-    container_name: llama-cpp-hermes
+  #   container_name: llama_cpp_devstral
-    restart: unless-stopped
+  #   restart: unless-stopped
-    networks:
+  #   networks:
-      - ai_backend
+  #     - ai_backend
-    ports:
+  #   ports:
-      - "127.0.0.1:8300:8080"
+  #     - "8300:8080"
-    ipc: host
+  #   ipc: host
-    devices:
+  #   devices:
-      - /dev/kfd:/dev/kfd
+  #     - "/dev/kfd:/dev/kfd"
-      - /dev/dri:/dev/dri
+  #     - "/dev/dri:/dev/dri"
-    group_add:
+  #   group_add:
-      - "303"
+  #     - "303" # video
-      - "26"
+  #     - "26"  # render
-    environment:
+  #   environment:
-      - HSA_OVERRIDE_GFX_VERSION=9.0.6
+  #     HSA_OVERRIDE_GFX_VERSION: 9.0.6
-      - HSA_ENABLE_SDMA=0
+  #     HIP_VISIBLE_DEVICES: 0,1
-      - HIP_VISIBLE_DEVICES=0,1
+  #     LLAMA_CACHE: /models
-      - LLAMA_CACHE=/models
+  #   volumes:
-    volumes:
+  #     - /mnt/HoardingCow_docker_data/Llama_cpp/models:/models
-      - /mnt/HoardingCow_docker_data/Llama_cpp/models:/models
+  #     - /mnt/HoardingCow_docker_data/Llama_cpp/devstral-agent.jinja:/template.jinja
-      - /mnt/HoardingCow_docker_data/Ollama/ollama/models/blobs/sha256-17823599694fa3503ef54bf748d5078c6ce881f4d01616cafa255dc05d215a08:/model.gguf:ro
+  #   command: >
-    command: >
+  #     -hf unsloth/Devstral-Small-2-24B-Instruct-2512-GGUF:Devstral-Small-2-24B-Instruct-2512-Q8_0.gguf
-      -m /model.gguf
+  #     -a devstral-2-small-llama_cpp
-      --host 0.0.0.0
+  #     --chat-template-file /template.jinja
-      --port 8080
+  #     --host 0.0.0.0
-      --gpu-layers 99
+  #     --port 8080
-      --ctx-size 163840
+  #     --n-gpu-layers 99
-      -ctk f16 -ctv f16
+  #     --ctx-size 163840
-      --flash-attn on
+  #     --batch-size 4096
-      --split-mode layer
+  #     --ubatch-size 4096
-      --no-mmap
+  #     --cache-type-k f16
-      --n-predict -1
+  #     --cache-type-v f16
+  #     --cache-reuse 256
+  #     --flash-attn on
+  #     --context-shift
+  #     --split-mode layer
+  #     --no-mmap
+  #     --n-predict -1
+  #     --parallel 2
 
   # vllm:
   #   image: nalanzeyu/vllm-gfx906:v0.9.0-rocm6.3

ai/llama-cpp/Dockerfile

@@ -1,30 +0,0 @@
-# llama-cpp-rocm6/Dockerfile
-# Custom llama.cpp server with ROCm 6.1 + gfx906 (MI50) support.
-# Build: docker build -t llama-cpp:rocm-gfx906 .
-
-FROM rocm/dev-ubuntu-22.04:6.1.2-complete AS builder
-RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y curl git build-essential pkg-config cmake make && rm -rf /var/lib/apt/lists/*
-ARG LLAMACPP_VERSION=b9596
-RUN git clone --depth 1 --branch ${LLAMACPP_VERSION} https://github.com/ggml-org/llama.cpp.git /build
-WORKDIR /build
-ENV HIP_PATH=/opt/rocm ROCM_PATH=/opt/rocm PATH=/opt/rocm/bin:/opt/rocm/llvm/bin:${PATH} CMAKE_PREFIX_PATH=/opt/rocm
-RUN mkdir build && cd build && \
-    cmake .. -DGGML_HIP=ON -DCMAKE_BUILD_TYPE=Release \
-      -DAMDGPU_TARGETS="gfx906:xnack-" \
-      -DCMAKE_POSITION_INDEPENDENT_CODE=ON \
-      -DGGML_CUDA=OFF -DGGML_VULKAN=OFF -DGGML_METAL=OFF \
-      -DBUILD_SHARED_LIBS=OFF && \
-    cmake --build . --target llama-server -- -j $(nproc)
-
-FROM ubuntu:24.04
-RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y \
-    ca-certificates curl libstdc++6 libgomp1 libopenblas0 \
-    libnuma1 libelf1 libdrm2 libdrm-amdgpu1 \
-    && rm -rf /var/lib/apt/lists/*
-COPY --from=builder /opt/rocm/lib/ /opt/rocm/lib/
-COPY --from=builder /opt/rocm/share/ /opt/rocm/share/
-COPY --from=builder /build/build/bin/llama-server /usr/local/bin/llama-server
-RUN echo /opt/rocm/lib > /etc/ld.so.conf.d/rocm.conf && ldconfig
-ENV HSA_OVERRIDE_GFX_VERSION=9.0.6 HCC_AMDGPU_TARGET=gfx906 HSA_ENABLE_SDMA=0
-EXPOSE 8080
-ENTRYPOINT ["/usr/local/bin/llama-server"]