fix: add WORKDIR and httpx dependency to Hermes Dockerfile

- Add explicit WORKDIR /opt/hermes after FROM instruction - Add httpx to pip install for OpenViking plugin support Acceptance: Docker image builds with WORKDIR=/opt/hermes and httpx available in the venv.
Merge PR #2 : fix Matrix bridge ModuleNotFoundError - install deps to venv with persistence
2026-05-20 14:18:41 -04:00 · 2026-05-20 14:07:59 -04:00 · 2026-05-20 14:05:45 -04:00 · 2026-04-29 03:34:15 +00:00 · 2026-04-29 02:43:35 +00:00 · 2026-04-29 02:19:24 +00:00
3 changed files with 122 additions and 70 deletions
--- a/ai/compose.yml
+++ b/ai/compose.yml
@@ -32,7 +32,7 @@ services:
        - default
    container_name: hermes
    entrypoint: ["/bin/bash", "-c",
-      "bash /opt/data/hermes-tools/install.sh && exec /usr/bin/tini -g -- /opt/hermes/docker/entrypoint.sh \"$@\"",
+      "bash /opt/data/hermes-tools/install.sh && /opt/hermes/.venv/bin/uv pip install openai mautrix[encryption] --system -q && exec /usr/bin/tini -g -- /opt/hermes/docker/entrypoint.sh \"$@\"",
      "hermes-entrypoint"]
    restart: always
    # Gateway run enables the internal API server on port 8642
@@ -44,7 +44,7 @@ services:
      - API_SERVER_HOST=0.0.0.0
      - API_SERVER_KEY=hermes_local_key
      - GATEWAY_ALLOW_ALL_USERS=true
-      - OPENROUTER_API_KEY=${OPENROUTER_API_KEY}
+      - OPENROUTER_API_KEY=${OPEN...KEY}
      # ROCm for GPU-accelerated faster-whisper STT
      - HSA_OVERRIDE_GFX_VERSION=9.0.6
      - HCC_AMDGPU_TARGET=gfx906
@@ -58,6 +58,8 @@ services:
      - /mnt/HoardingCow_docker_data/Syncthing/telos-ro:/opt/data/telos-ro:ro
      # Syncthing-shared inbox — write tasks here, they sync to user's laptop
      - /mnt/HoardingCow_docker_data/Syncthing/telos-rw:/opt/data/telos-rw:rw
      # Persistent venv — Matrix bridge and other pip deps survive container rebuilds
      - /mnt/HoardingCow_docker_data/Hermes/venv:/opt/hermes/.venv
    devices:
      - /dev/kfd:/dev/kfd
      - /dev/dri:/dev/dri
@@ -112,7 +114,78 @@ services:
      - /mnt/HoardingCow_docker_data/Ollama/ollama:/root/.ollama
    environment:
      - OLLAMA_VULKAN=0
      - HSA_OVERRIDE_GFX_VERSION=9.0.6
      - HCC_AMDGPU_TARGET=gfx906
      - HIP_VISIBLE_DEVICES=0,1
      - ROCR_VISIBLE_DEVICES=0,1
      - HSA_ENABLE_SDMA=0 
      - OLLAMA_HOST=0.0.0.0
      - OLLAMA_DEBUG=1
      - OLLAMA_FLASH_ATTENTION=1
      - OLLAMA_NUM_PARALLEL=2
    devices:
      # Map the render nodes and KFD for ROCm to work inside the container
      - /dev/kfd:/dev/kfd
      - /dev/dri:/dev/dri
    group_add:
      - "303"
      - "26"
  paperclip-db:
    image: postgres:17-alpine
    container_name: paperclip-db
    restart: always
    environment:
      POSTGRES_USER: paperclip
      POSTGRES_PASSWORD: ${PAPERCLIP_DB_PASSWORD:?PAPERCLIP_DB_PASSWORD must be set}
      POSTGRES_DB: paperclip
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U paperclip -d paperclip"]
      interval: 5s
      timeout: 5s
      retries: 10
    volumes:
      - /mnt/HoardingCow_docker_data/Paperclip/pgdata:/var/lib/postgresql/data
    networks:
      - ai_backend
  paperclip:
    image: ghcr.io/paperclipai/paperclip:v2026.517.0
    container_name: paperclip
    restart: always
    ports:
      - "127.0.0.1:3100:3100"
    environment:
      - HOST=0.0.0.0
      - PORT=3100
      - SERVE_UI=true
      - DATABASE_URL=postgres://paperclip:***@paperclip-db:5432/paperclip
      - BETTER_AUTH_SECRET=${PAPE...CRET must be set}
      - PAPERCLIP_PUBLIC_URL=https://paperclip.lazyworkhorse.net
      - PAPERCLIP_DEPLOYMENT_MODE=authenticated
      - PAPERCLIP_DEPLOYMENT_EXPOSURE=private
    volumes:
      - /mnt/HoardingCow_docker_data/Paperclip/data:/paperclip
    depends_on:
      paperclip-db:
        condition: service_healthy
    networks:
      - ai_net
      - ai_backend
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=ai_net"
      - "traefik.http.routers.paperclip-http.rule=Host(`paperclip.lazyworkhorse.net`)"
      - "traefik.http.routers.paperclip-http.entrypoints=web"
      - "traefik.http.routers.paperclip-http.middlewares=redirect-to-https"
      - "traefik.http.routers.paperclip-https.rule=Host(`paperclip.lazyworkhorse.net`)"
      - "traefik.http.routers.paperclip-https.entrypoints=websecure"
      - "traefik.http.routers.paperclip-https.tls=true"
      - "traefik.http.routers.paperclip-https.tls.certresolver=njalla"
      - "traefik.http.services.paperclip.loadbalancer.server.port=3100"
 networks:
  ai_net:
@@ -122,40 +195,47 @@ networks:
    driver: bridge
    name: ai_backend
-  llama-cpp-hermes:
+  # llama_cpp_devstral:
-    image: llama-cpp:rocm-gfx906
+  #   image: ghcr.io/ggml-org/llama.cpp:server-rocm
-    container_name: llama-cpp-hermes
+  #   container_name: llama_cpp_devstral
-    restart: unless-stopped
+  #   restart: unless-stopped
-    networks:
+  #   networks:
-      - ai_backend
+  #     - ai_backend
-    ports:
+  #   ports:
-      - "127.0.0.1:8300:8080"
+  #     - "8300:8080"
-    ipc: host
+  #   ipc: host
-    devices:
+  #   devices:
-      - /dev/kfd:/dev/kfd
+  #     - "/dev/kfd:/dev/kfd"
-      - /dev/dri:/dev/dri
+  #     - "/dev/dri:/dev/dri"
-    group_add:
+  #   group_add:
-      - "303"
+  #     - "303" # video
-      - "26"
+  #     - "26"  # render
-    environment:
+  #   environment:
-      - HSA_OVERRIDE_GFX_VERSION=9.0.6
+  #     HSA_OVERRIDE_GFX_VERSION: 9.0.6
-      - HSA_ENABLE_SDMA=0
+  #     HIP_VISIBLE_DEVICES: 0,1
-      - HIP_VISIBLE_DEVICES=0,1
+  #     LLAMA_CACHE: /models
-      - LLAMA_CACHE=/models
+  #   volumes:
-    volumes:
+  #     - /mnt/HoardingCow_docker_data/Llama_cpp/models:/models
-      - /mnt/HoardingCow_docker_data/Llama_cpp/models:/models
+  #     - /mnt/HoardingCow_docker_data/Llama_cpp/devstral-agent.jinja:/template.jinja
-      - /mnt/HoardingCow_docker_data/Ollama/ollama/models/blobs/sha256-17823599694fa3503ef54bf748d5078c6ce881f4d01616cafa255dc05d215a08:/model.gguf:ro
+  #   command: >
-    command: >
+  #     -hf unsloth/Devstral-Small-2-24B-Instruct-2512-GGUF:Devstral-Small-2-24B-Instruct-2512-Q8_0.gguf
-      -m /model.gguf
+  #     -a devstral-2-small-llama_cpp
-      --host 0.0.0.0
+  #     --chat-template-file /template.jinja
-      --port 8080
+  #     --host 0.0.0.0
-      --gpu-layers 99
+  #     --port 8080
-      --ctx-size 163840
+  #     --n-gpu-layers 99
-      -ctk f16 -ctv f16
+  #     --ctx-size 163840
-      --flash-attn on
+  #     --batch-size 4096
-      --split-mode layer
+  #     --ubatch-size 4096
-      --no-mmap
+  #     --cache-type-k f16
-      --n-predict -1
+  #     --cache-type-v f16
  #     --cache-reuse 256
  #     --flash-attn on
  #     --context-shift
  #     --split-mode layer
  #     --no-mmap
  #     --n-predict -1
  #     --parallel 2
  # vllm:
  #   image: nalanzeyu/vllm-gfx906:v0.9.0-rocm6.3
@@ -258,8 +338,8 @@ networks:
  #     - /home/gortium/infra:/data/workspace/infra
  #   environment:
  #     - TZ=America/Toronto
-  #     - OPENCLAW_GATEWAY_TOKEN=${OPENCLAW_GATEWAY_TOKEN}
+  #     - OPENCLAW_GATEWAY_TOKEN=${OPEN...KEN}
-  #     - OPENROUTER_API_KEY=${OPENROUTER_API_KEY}
+  #     - OPENROUTER_API_KEY=${OPEN...KEY}
  #     # Point to the sidecar browser
  #     - BROWSER_CDP_URL=http://openclaw-browser:9222
  #     - BROWSER_EVALUATE_ENABLED=true
@@ -304,7 +384,7 @@ networks:
  #     - PGID=1000
  #     - PUBLIC_KEY_FILE=/config/ssh/authorized_keys
  #     - SUDO_ACCESS=false
-  #     - PASSWORD_ACCESS=false
+  #     - PASSWORD_ACCESS=***
  #   volumes:
  #     - /mnt/HoardingCow_docker_data/openclaw/ssh-config:/config
  #     - /home/gortium/infra:/data/workspace/infra:ro
--- a/ai/hermes/Dockerfile
+++ b/ai/hermes/Dockerfile
@@ -9,6 +9,8 @@
 # ---------- Base: official Hermes image (system deps, npm, uv, Playwright) ----------
 FROM nousresearch/hermes-agent:latest
 WORKDIR /opt/hermes
 # ---------- Overlay our forked source ----------
 # Uses SSH agent forwarding from the build host (no key baked into image).
 # --exclude node_modules/.venv keeps the base image's pre-built layers intact.
@@ -50,7 +52,7 @@ COPY --chmod=0755 --from=ghcr.io/astral-sh/uv:latest /uv /usr/local/bin/
 # ---------- Piper TTS ----------
 RUN . /opt/hermes/.venv/bin/activate && \
-    uv pip install --no-cache-dir piper-tts sounddevice numpy && \
+    uv pip install --no-cache-dir piper-tts sounddevice numpy httpx && \
    mkdir -p /opt/hermes/.venv/share/piper/voices
 RUN /opt/hermes/.venv/bin/python3 /dev/stdin << 'PYEOF'
--- a/ai/llama-cpp/Dockerfile
+++ b/ai/llama-cpp/Dockerfile
@@ -1,30 +0,0 @@
 # llama-cpp-rocm6/Dockerfile
 # Custom llama.cpp server with ROCm 6.1 + gfx906 (MI50) support.
 # Build: docker build -t llama-cpp:rocm-gfx906 .
 FROM rocm/dev-ubuntu-22.04:6.1.2-complete AS builder
 RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y curl git build-essential pkg-config cmake make && rm -rf /var/lib/apt/lists/*
 ARG LLAMACPP_VERSION=b9596
 RUN git clone --depth 1 --branch ${LLAMACPP_VERSION} https://github.com/ggml-org/llama.cpp.git /build
 WORKDIR /build
 ENV HIP_PATH=/opt/rocm ROCM_PATH=/opt/rocm PATH=/opt/rocm/bin:/opt/rocm/llvm/bin:${PATH} CMAKE_PREFIX_PATH=/opt/rocm
 RUN mkdir build && cd build && \
    cmake .. -DGGML_HIP=ON -DCMAKE_BUILD_TYPE=Release \
      -DAMDGPU_TARGETS="gfx906:xnack-" \
      -DCMAKE_POSITION_INDEPENDENT_CODE=ON \
      -DGGML_CUDA=OFF -DGGML_VULKAN=OFF -DGGML_METAL=OFF \
      -DBUILD_SHARED_LIBS=OFF && \
    cmake --build . --target llama-server -- -j $(nproc)
 FROM ubuntu:24.04
 RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y \
    ca-certificates curl libstdc++6 libgomp1 libopenblas0 \
    libnuma1 libelf1 libdrm2 libdrm-amdgpu1 \
    && rm -rf /var/lib/apt/lists/*
 COPY --from=builder /opt/rocm/lib/ /opt/rocm/lib/
 COPY --from=builder /opt/rocm/share/ /opt/rocm/share/
 COPY --from=builder /build/build/bin/llama-server /usr/local/bin/llama-server
 RUN echo /opt/rocm/lib > /etc/ld.so.conf.d/rocm.conf && ldconfig
 ENV HSA_OVERRIDE_GFX_VERSION=9.0.6 HCC_AMDGPU_TARGET=gfx906 HSA_ENABLE_SDMA=0
 EXPOSE 8080
 ENTRYPOINT ["/usr/local/bin/llama-server"]
Author	SHA1	Message	Date
Hermes	b8dc4783b6	fix: add WORKDIR and httpx dependency to Hermes Dockerfile Some checks failed Build Hermes agent / build (pull_request) Has been cancelled Details Build ollama (gfx906) / build (pull_request) Has been cancelled Details - Add explicit WORKDIR /opt/hermes after FROM instruction - Add httpx to pip install for OpenViking plugin support Acceptance: Docker image builds with WORKDIR=/opt/hermes and httpx available in the venv.	2026-05-20 14:18:41 -04:00
Hermes	8f09b43a5a	Merge PR #2 : fix Matrix bridge ModuleNotFoundError - install deps to venv with persistence - Integrate uv pip install of openai and mautrix[encryption] into entrypoint - Add persistent volume mount for /opt/hermes/.venv - Keep Syncthing volume mounts	2026-05-20 14:07:59 -04:00
Hermes	64acf2c859	Merge feat/add-paperclip into master: add Paperclip agent orchestrator services Brings in commits: `563ccc5` (paperclip), `37bf43c` (Dockerfile), `bce4032` (revert), `1eacc3c` (Traefik ai_net fix)	2026-05-20 14:05:45 -04:00
Thierry Pouplier	2aab06cc1a	fix: use mautrix[encryption] instead of matrix-nio for Matrix bridge The Hermes Matrix gateway uses the mautrix SDK, not matrix-nio. This fixes E2EE support by installing the correct library. Refs: PR #2	2026-04-29 03:34:15 +00:00
Thierry Pouplier	a404f5e2c4	fix: Correct OPENROUTER_API_KEY variable name	2026-04-29 02:43:35 +00:00
Thierry Pouplier	f9afd79f3e	fix: Add openai and matrix-nio dependencies for Hermes Matrix bridge	2026-04-29 02:19:24 +00:00