Compare commits
13 Commits
f44f93e35a
...
feat/herme
| Author | SHA1 | Date | |
|---|---|---|---|
| 6b33c3099a | |||
| d3f2e3b7b9 | |||
| 6a44120b1a | |||
| 38a1451689 | |||
| f9fb28d560 | |||
| bcc4b6d157 | |||
| 8d1ae7e632 | |||
| 29ae32a1c5 | |||
| 8dff094768 | |||
| ec08f5eb5d | |||
| 611e96b306 | |||
| f184ed957c | |||
| 2bf31c7ccc |
@@ -52,8 +52,16 @@ services:
|
|||||||
- ROCR_VISIBLE_DEVICES=0,1
|
- ROCR_VISIBLE_DEVICES=0,1
|
||||||
- HSA_ENABLE_SDMA=0
|
- HSA_ENABLE_SDMA=0
|
||||||
- TZ=America/Montreal
|
- TZ=America/Montreal
|
||||||
|
# Hermes Workspace dashboard (port 9119) — enables multi-agent web UI
|
||||||
|
- HERMES_DASHBOARD=1
|
||||||
|
- HERMES_DASHBOARD_HOST=0.0.0.0
|
||||||
|
- HERMES_DASHBOARD_PORT=9119
|
||||||
volumes:
|
volumes:
|
||||||
- /mnt/HoardingCow_docker_data/Hermes/data:/opt/data
|
- /mnt/HoardingCow_docker_data/Hermes/data:/opt/data
|
||||||
|
# Syncthing-shared org files — read-only view of user's agenda
|
||||||
|
- /mnt/HoardingCow_docker_data/Syncthing/telos-ro:/opt/data/telos-ro:ro
|
||||||
|
# Syncthing-shared inbox — write tasks here, they sync to user's laptop
|
||||||
|
- /mnt/HoardingCow_docker_data/Syncthing/telos-rw:/opt/data/telos-rw:rw
|
||||||
devices:
|
devices:
|
||||||
- /dev/kfd:/dev/kfd
|
- /dev/kfd:/dev/kfd
|
||||||
- /dev/dri:/dev/dri
|
- /dev/dri:/dev/dri
|
||||||
@@ -62,6 +70,41 @@ services:
|
|||||||
- "26"
|
- "26"
|
||||||
networks:
|
networks:
|
||||||
- ai_backend
|
- ai_backend
|
||||||
|
healthcheck:
|
||||||
|
test: ["CMD-SHELL", "curl -fsS http://localhost:8642/health && curl -fsS http://localhost:9119/api/status || exit 1"]
|
||||||
|
interval: 15s
|
||||||
|
timeout: 5s
|
||||||
|
retries: 5
|
||||||
|
start_period: 60s
|
||||||
|
|
||||||
|
syncthing:
|
||||||
|
image: syncthing/syncthing:latest
|
||||||
|
container_name: syncthing
|
||||||
|
hostname: syncthing
|
||||||
|
restart: always
|
||||||
|
ports:
|
||||||
|
- "8384:8384"
|
||||||
|
- "22000:22000"
|
||||||
|
- "21027:21027/udp"
|
||||||
|
environment:
|
||||||
|
- TZ=America/Montreal
|
||||||
|
volumes:
|
||||||
|
- /mnt/HoardingCow_docker_data/Syncthing/config:/var/syncthing/config
|
||||||
|
- /mnt/HoardingCow_docker_data/Syncthing/telos-ro:/telos-ro
|
||||||
|
- /mnt/HoardingCow_docker_data/Syncthing/telos-rw:/telos-rw
|
||||||
|
networks:
|
||||||
|
- ai_backend
|
||||||
|
- ai_net
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.http.routers.syncthing-http.rule=Host(`syncthing.lazyworkhorse.net`)"
|
||||||
|
- "traefik.http.routers.syncthing-http.entrypoints=web"
|
||||||
|
- "traefik.http.routers.syncthing-http.middlewares=redirect-to-https"
|
||||||
|
- "traefik.http.routers.syncthing-https.rule=Host(`syncthing.lazyworkhorse.net`)"
|
||||||
|
- "traefik.http.routers.syncthing-https.entrypoints=websecure"
|
||||||
|
- "traefik.http.routers.syncthing-https.tls=true"
|
||||||
|
- "traefik.http.routers.syncthing-https.tls.certresolver=njalla"
|
||||||
|
- "traefik.http.services.syncthing.loadbalancer.server.port=8384"
|
||||||
|
|
||||||
ollama:
|
ollama:
|
||||||
build:
|
build:
|
||||||
@@ -96,6 +139,46 @@ services:
|
|||||||
- "303"
|
- "303"
|
||||||
- "26"
|
- "26"
|
||||||
|
|
||||||
|
# ── Hermes Workspace ──────────────────────────────────────────
|
||||||
|
# Web UI for Hermes Agent — chat, memory, skills, terminal,
|
||||||
|
# multi-agent swarm orchestration. Connects to the existing
|
||||||
|
# hermes gateway (port 8642) and dashboard (port 9119).
|
||||||
|
hermes-workspace:
|
||||||
|
image: ghcr.io/outsourc-e/hermes-workspace:latest
|
||||||
|
container_name: hermes-workspace
|
||||||
|
restart: unless-stopped
|
||||||
|
depends_on:
|
||||||
|
hermes:
|
||||||
|
condition: service_healthy
|
||||||
|
environment:
|
||||||
|
HERMES_API_URL: http://hermes:8642
|
||||||
|
HERMES_DASHBOARD_URL: http://hermes:9119
|
||||||
|
HERMES_API_TOKEN: ${API_SERVER_KEY}
|
||||||
|
HERMES_PASSWORD: ${HERMES_WORKSPACE_PASSWORD:?must be set}
|
||||||
|
COOKIE_SECURE: "1"
|
||||||
|
volumes:
|
||||||
|
# Share the same Hermes data — workspace reads config, sessions,
|
||||||
|
# skills, memory from the agent's persistent volume
|
||||||
|
- /mnt/HoardingCow_docker_data/Hermes/data:/home/workspace/.hermes
|
||||||
|
networks:
|
||||||
|
- ai_backend
|
||||||
|
- ai_net
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.docker.network=ai_net"
|
||||||
|
|
||||||
|
- "traefik.http.routers.workspace-http.rule=Host(`workspace.lazyworkhorse.net`)"
|
||||||
|
- "traefik.http.routers.workspace-http.entrypoints=web"
|
||||||
|
- "traefik.http.routers.workspace-http.middlewares=redirect-to-https"
|
||||||
|
|
||||||
|
- "traefik.http.routers.workspace-https.rule=Host(`workspace.lazyworkhorse.net`)"
|
||||||
|
- "traefik.http.routers.workspace-https.entrypoints=websecure"
|
||||||
|
- "traefik.http.routers.workspace-https.tls=true"
|
||||||
|
- "traefik.http.routers.workspace-https.tls.certresolver=njalla"
|
||||||
|
|
||||||
|
- "traefik.http.services.workspace.loadbalancer.server.port=3000"
|
||||||
|
# ─────────────────────────────────────────────────────────────
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
ai_net:
|
ai_net:
|
||||||
external: true
|
external: true
|
||||||
|
|||||||
@@ -8,13 +8,10 @@ services:
|
|||||||
- USER_GID=1000
|
- USER_GID=1000
|
||||||
- GITEA__server__ROOT_URL=https://code.lazyworkhorse.net
|
- GITEA__server__ROOT_URL=https://code.lazyworkhorse.net
|
||||||
- GITEA__actions__ENABLED=true
|
- GITEA__actions__ENABLED=true
|
||||||
- GITEA__actions__DEFAULT_ACTIONS_URL=off
|
|
||||||
- SSH_PORT=2222
|
- SSH_PORT=2222
|
||||||
- SSH_LISTEN_PORT=2222
|
- SSH_LISTEN_PORT=2222
|
||||||
# Enable Gitea Actions (act_runner required on host)
|
# Enable Gitea Actions (act_runner required on host)
|
||||||
- GITEA__actions__ENABLED=true
|
- GITEA__actions__ENABLED=true
|
||||||
# Don't fetch actions from GitHub (offline mode + local only)
|
|
||||||
- GITEA__actions__DEFAULT_ACTIONS_URL=off
|
|
||||||
volumes:
|
volumes:
|
||||||
- /mnt/HoardingCow_docker_data/Gitea:/data
|
- /mnt/HoardingCow_docker_data/Gitea:/data
|
||||||
networks:
|
networks:
|
||||||
|
|||||||
@@ -1,16 +1,9 @@
|
|||||||
# Custom wg-easy with iptables-nft (nftables-backed iptables)
|
# Custom wg-easy with iptables-nft (nftables-backed iptables)
|
||||||
# Fixes crash-loop when host kernel lacks legacy iptable_nat module.
|
# Fixes crash-loop when host kernel lacks legacy iptable_nat module.
|
||||||
FROM weejewel/wg-easy:latest
|
FROM ghcr.io/wg-easy/wg-easy:latest
|
||||||
|
|
||||||
# Alpine's iptables-nft provides iptables that uses nftables kernel API
|
# The upstream image registers only iptables-legacy with update-alternatives.
|
||||||
# instead of the legacy iptable_nat module. This works on kernels
|
# iptables-nft binary exists but isn't registered as an alternative key.
|
||||||
# where only nftables netfilter modules are available.
|
# Override the alternatives-managed symlinks directly.
|
||||||
RUN apk add --no-cache iptables-nft
|
RUN ln -sf /usr/sbin/iptables-nft /usr/sbin/iptables && \
|
||||||
|
ln -sf /usr/sbin/ip6tables-nft /usr/sbin/ip6tables
|
||||||
# Ensure iptables-nft takes priority over legacy iptables
|
|
||||||
RUN ln -sf /sbin/iptables-nft /sbin/iptables && \
|
|
||||||
ln -sf /sbin/iptables-nft-save /sbin/iptables-save && \
|
|
||||||
ln -sf /sbin/iptables-nft-restore /sbin/iptables-restore && \
|
|
||||||
ln -sf /sbin/ip6tables-nft /sbin/ip6tables && \
|
|
||||||
ln -sf /sbin/ip6tables-nft-save /sbin/ip6tables-save && \
|
|
||||||
ln -sf /sbin/ip6tables-nft-restore /sbin/ip6tables-restore
|
|
||||||
|
|||||||
@@ -3,7 +3,7 @@ version: "3.8"
|
|||||||
services:
|
services:
|
||||||
wireguard:
|
wireguard:
|
||||||
build:
|
build:
|
||||||
context: ./vpn
|
context: .
|
||||||
dockerfile: Dockerfile
|
dockerfile: Dockerfile
|
||||||
image: wg-easy-iptables-nft:latest
|
image: wg-easy-iptables-nft:latest
|
||||||
container_name: wireguard
|
container_name: wireguard
|
||||||
|
|||||||
Reference in New Issue
Block a user