fix: add iptables-nft to wg-easy for nftables-only kernels

wg-easy's Alpine wg-quick uses legacy iptables which requires the
iptable_nat kernel module. On NixOS kernels compiled without legacy
netfilter modules, the container crashes in a restart loop:

  iptables v1.8.3 (legacy): can't initialize iptables table 'nat'
  Table does not exist (do you need to insmod?)

Fix: build a custom image that installs Alpine's iptables-nft package
and symlinks iptables -> iptables-nft (nftables backend).

ai/Dockerfile

@@ -43,19 +43,64 @@ COPY --chown=hermes:hermes . .
 RUN uv venv && \
     uv pip install --no-cache-dir piper-tts sounddevice numpy faster-whisper
 
-# ---------- Télécharger la voix Piper Norman ----------
+# ---------- Télécharger la voix Piper Ryan (high quality) ----------
 RUN mkdir -p /opt/hermes/.venv/share/piper/voices && \
-    /opt/hermes/.venv/bin/python3 /dev/stdin << 'PYEOF' && rm -f /tmp/dl_voice.py
+    /opt/hermes/.venv/bin/python3 /dev/stdin << 'PYEOF'
 import urllib.request
 base = '/opt/hermes/.venv/share/piper/voices'
-url = 'https://huggingface.co/rhasspy/piper-voices/resolve/main/en/en_US/norman/medium/en_US-norman-medium.onnx'
-urllib.request.urlretrieve(url, base + '/en_US-norman-medium.onnx')
-urllib.request.urlretrieve(url + '.json', base + '/en_US-norman-medium.onnx.json')
+url = 'https://huggingface.co/rhasspy/piper-voices/resolve/main/en/en_US/ryan/high/en_US-ryan-high.onnx'
+urllib.request.urlretrieve(url, base + '/en_US-ryan-high.onnx')
+urllib.request.urlretrieve(url + '.json', base + '/en_US-ryan-high.onnx.json')
 PYEOF
+ 
+# ---------- Patch atomic writes to preserve file permissions ----------
+# Fixes https://github.com/NousResearch/hermes-agent/issues/14181
+# tempfile.mkstemp() creates files as 0600; os.replace() preserves that mode,
+# so group-readable files silently collapse to owner-private 0600.
+# This affects: skills, sessions, memories, and any file written atomically.
+RUN /opt/hermes/.venv/bin/python3 /dev/stdin << 'PYEOF'
+import os
 
-# ---------- Patch tts_tool.py: replace Edge TTS fallback with Piper ----------
-COPY patch_tts_tool.py /tmp/patch_tts_tool.py
-RUN /opt/hermes/.venv/bin/python3 /tmp/patch_tts_tool.py && rm /tmp/patch_tts_tool.py
+patches = [
+    ("/opt/hermes/tools/skill_manager_tool.py", [
+        ("# Restore existing file mode if present", True),  # already patched
+    ]),
+    ("/opt/hermes/tools/skills_sync.py", [
+        ("# Restore existing file mode if present", True),  # already patched
+    ]),
+]
+
+for fpath, checks in patches:
+    if not os.path.exists(fpath):
+        print(f"SKIP {fpath} (not found)")
+        continue
+    with open(fpath) as f:
+        code = f.read()
+    all_ok = all(marker in code for marker, _ in checks)
+    if all_ok:
+        print(f"OK {fpath} (already patched)")
+        continue
+    print(f"PATCH {fpath}")
+    # _atomic_write_text in skill_manager_tool.py
+    code = code.replace(
+        "        os.replace(temp_path, file_path)",
+        "        if file_path.exists():\n"
+        "            existing_mode = file_path.stat().st_mode\n"
+        "            os.chmod(temp_path, existing_mode)\n"
+        "        os.replace(temp_path, file_path)",
+    )
+    # _write_manifest in skills_sync.py
+    code = code.replace(
+        "            os.replace(tmp_path, MANIFEST_FILE)",
+        "            if MANIFEST_FILE.exists():\n"
+        "                existing_mode = MANIFEST_FILE.stat().st_mode\n"
+        "                os.chmod(tmp_path, existing_mode)\n"
+        "            os.replace(tmp_path, MANIFEST_FILE)",
+    )
+    with open(fpath, 'w') as f:
+        f.write(code)
+    print(f"DONE {fpath}")
+PYEOF
 
 # ---------- Runtime ----------
 ENV HERMES_HOME=/opt/data
@@ -63,5 +108,9 @@ ENV PATH="/opt/data/.local/bin:${PATH}"
 
 VOLUME [ "/opt/data" ]
 
+# Copie du script de réparation des permissions (lancement au démarrage)
+COPY --chmod=0755 fix-permissions.sh /opt/hermes/fix-permissions.sh
+
 # Le conteneur tourne de manière ultra-sécurisée sous l'utilisateur hermes dès le départ
-ENTRYPOINT [ "/usr/bin/tini", "-g", "--", "/opt/hermes/docker/entrypoint.sh" ]
+# fix-permissions.sh chown les répertoires critiques avant de chaîner vers entrypoint.sh
+ENTRYPOINT [ "/usr/bin/tini", "-g", "--", "/opt/hermes/fix-permissions.sh" ]

ai/fix-permissions.sh

@@ -0,0 +1,31 @@
+#!/bin/bash
+# Startup permission fix for the Hermes data volume.
+# Runs as root before the entrypoint drops to the hermes user.
+# Fixes files that were created by root (host agent, cron jobs, etc.)
+# becoming inaccessible to the hermes runtime user.
+set -e
+
+HERMES_HOME="${HERMES_HOME:-/opt/data}"
+
+# Fix ownership on critical writable directories so hermes user can access them
+chown -R hermes:hermes \
+  "$HERMES_HOME/sessions" \
+  "$HERMES_HOME/checkpoints" \
+  "$HERMES_HOME/skills" \
+  "$HERMES_HOME/memories" \
+  "$HERMES_HOME/workspace" \
+  "$HERMES_HOME/pastes" \
+  "$HERMES_HOME/logs" \
+  "$HERMES_HOME/cron" \
+  "$HERMES_HOME/plans" \
+  "$HERMES_HOME/hooks" \
+  "$HERMES_HOME/cache" \
+  2>/dev/null || true
+
+# Also fix the data volume root if it's wrong
+if [ "$(stat -c %u "$HERMES_HOME" 2>/dev/null)" != "$(id -u hermes)" ]; then
+  chown hermes:hermes "$HERMES_HOME" 2>/dev/null || true
+fi
+
+# Now chain to the real entrypoint
+exec /opt/hermes/docker/entrypoint.sh "$@"

ai/patch_tts_tool.py

@@ -2,7 +2,7 @@
 """Patch Hermes TTS tool: remove Edge TTS, replace with Piper as default/fallback."""
 import sys
 
-tts_path = '/opt/hermes/.venv/lib/python3.13/site-packages/tools/tts_tool.py'
+tts_path = '/opt/hermes/tools/tts_tool.py'
 
 with open(tts_path) as f:
     code = f.read()

vpn/Dockerfile

@@ -0,0 +1,16 @@
+# Custom wg-easy with iptables-nft (nftables-backed iptables)
+# Fixes crash-loop when host kernel lacks legacy iptable_nat module.
+FROM weejewel/wg-easy:latest
+
+# Alpine's iptables-nft provides iptables that uses nftables kernel API
+# instead of the legacy iptable_nat module. This works on kernels
+# where only nftables netfilter modules are available.
+RUN apk add --no-cache iptables-nft
+
+# Ensure iptables-nft takes priority over legacy iptables
+RUN ln -sf /sbin/iptables-nft /sbin/iptables && \
+    ln -sf /sbin/iptables-nft-save /sbin/iptables-save && \
+    ln -sf /sbin/iptables-nft-restore /sbin/iptables-restore && \
+    ln -sf /sbin/ip6tables-nft /sbin/ip6tables && \
+    ln -sf /sbin/ip6tables-nft-save /sbin/ip6tables-save && \
+    ln -sf /sbin/ip6tables-nft-restore /sbin/ip6tables-restore

vpn/compose.yml

@@ -2,7 +2,10 @@ version: "3.8"
 
 services:
   wireguard:
-    image: weejewel/wg-easy:latest
+    build:
+      context: ./vpn
+      dockerfile: Dockerfile
+    image: wg-easy-iptables-nft:latest
     container_name: wireguard
     cap_add:
       - NET_ADMIN