Compare commits
1 Commits
feat/texli
...
feat/herme
| Author | SHA1 | Date | |
|---|---|---|---|
| 6b33c3099a |
@@ -1,65 +0,0 @@
|
||||
FROM ghcr.io/astral-sh/uv:0.11.6-python3.13-trixie@sha256:b3c543b6c4f23a5f2df22866bd7857e5d304b67a564f4feab6ac22044dde719b AS uv_source
|
||||
FROM tianon/gosu:1.19-trixie@sha256:3b176695959c71e123eb390d427efc665eeb561b1540e82679c15e992006b8b9 AS gosu_source
|
||||
FROM debian:13.4
|
||||
|
||||
# Disable Python stdout buffering to ensure logs are printed immediately
|
||||
ENV PYTHONUNBUFFERED=1
|
||||
|
||||
# Store Playwright browsers outside the volume mount so the build-time
|
||||
# install survives the /opt/data volume overlay at runtime.
|
||||
ENV PLAYWRIGHT_BROWSERS_PATH=/opt/hermes/.playwright
|
||||
|
||||
# Install system dependencies in one layer, clear APT cache
|
||||
# tini reaps orphaned zombie processes (MCP stdio subprocesses, git, bun, etc.)
|
||||
# that would otherwise accumulate when hermes runs as PID 1. See #15012.
|
||||
RUN apt-get update && \
|
||||
apt-get install -y --no-install-recommends \
|
||||
build-essential nodejs npm python3 ripgrep ffmpeg gcc python3-dev libffi-dev procps git openssh-client docker-cli tini \
|
||||
curl poppler-utils imagemagick emacs-nox \
|
||||
texlive-latex-base texlive-latex-extra texlive-fonts-recommended texlive-xetex texlive-science && \
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
|
||||
# Non-root user for runtime; UID can be overridden via HERMES_UID at runtime
|
||||
RUN useradd -u 10000 -m -d /opt/data hermes
|
||||
|
||||
COPY --chmod=0755 --from=gosu_source /gosu /usr/local/bin/
|
||||
COPY --chmod=0755 --from=uv_source /usr/local/bin/uv /usr/local/bin/uvx /usr/local/bin/
|
||||
|
||||
WORKDIR /opt/hermes
|
||||
|
||||
# ---------- Layer-cached dependency install ----------
|
||||
# Copy only package manifests first so npm install + Playwright are cached
|
||||
# unless the lockfiles themselves change.
|
||||
COPY package.json package-lock.json ./
|
||||
COPY web/package.json web/package-lock.json web/
|
||||
|
||||
RUN npm install --prefer-offline --no-audit && \
|
||||
npx playwright install --with-deps chromium --only-shell && \
|
||||
(cd web && npm install --prefer-offline --no-audit) && \
|
||||
npm cache clean --force
|
||||
|
||||
# ---------- Source code ----------
|
||||
# .dockerignore excludes node_modules, so the installs above survive.
|
||||
COPY --chown=hermes:hermes . .
|
||||
|
||||
# Build web dashboard (Vite outputs to hermes_cli/web_dist/)
|
||||
RUN cd web && npm run build
|
||||
|
||||
# ---------- Permissions ----------
|
||||
# Make install dir world-readable so any HERMES_UID can read it at runtime.
|
||||
# The venv needs to be traversable too.
|
||||
USER root
|
||||
RUN chmod -R a+rX /opt/hermes
|
||||
# Start as root so the entrypoint can usermod/groupmod + gosu.
|
||||
# If HERMES_UID is unset, the entrypoint drops to the default hermes user (10000).
|
||||
|
||||
# ---------- Python virtualenv ----------
|
||||
RUN uv venv && \
|
||||
uv pip install --no-cache-dir -e ".[all]"
|
||||
|
||||
# ---------- Runtime ----------
|
||||
ENV HERMES_WEB_DIST=/opt/hermes/hermes_cli/web_dist
|
||||
ENV HERMES_HOME=/opt/data
|
||||
ENV PATH="/opt/data/.local/bin:${PATH}"
|
||||
VOLUME [ "/opt/data" ]
|
||||
ENTRYPOINT [ "/usr/bin/tini", "-g", "--", "/opt/hermes/docker/entrypoint.sh" ]
|
||||
@@ -52,6 +52,10 @@ services:
|
||||
- ROCR_VISIBLE_DEVICES=0,1
|
||||
- HSA_ENABLE_SDMA=0
|
||||
- TZ=America/Montreal
|
||||
# Hermes Workspace dashboard (port 9119) — enables multi-agent web UI
|
||||
- HERMES_DASHBOARD=1
|
||||
- HERMES_DASHBOARD_HOST=0.0.0.0
|
||||
- HERMES_DASHBOARD_PORT=9119
|
||||
volumes:
|
||||
- /mnt/HoardingCow_docker_data/Hermes/data:/opt/data
|
||||
# Syncthing-shared org files — read-only view of user's agenda
|
||||
@@ -66,6 +70,12 @@ services:
|
||||
- "26"
|
||||
networks:
|
||||
- ai_backend
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "curl -fsS http://localhost:8642/health && curl -fsS http://localhost:9119/api/status || exit 1"]
|
||||
interval: 15s
|
||||
timeout: 5s
|
||||
retries: 5
|
||||
start_period: 60s
|
||||
|
||||
syncthing:
|
||||
image: syncthing/syncthing:latest
|
||||
@@ -129,6 +139,46 @@ services:
|
||||
- "303"
|
||||
- "26"
|
||||
|
||||
# ── Hermes Workspace ──────────────────────────────────────────
|
||||
# Web UI for Hermes Agent — chat, memory, skills, terminal,
|
||||
# multi-agent swarm orchestration. Connects to the existing
|
||||
# hermes gateway (port 8642) and dashboard (port 9119).
|
||||
hermes-workspace:
|
||||
image: ghcr.io/outsourc-e/hermes-workspace:latest
|
||||
container_name: hermes-workspace
|
||||
restart: unless-stopped
|
||||
depends_on:
|
||||
hermes:
|
||||
condition: service_healthy
|
||||
environment:
|
||||
HERMES_API_URL: http://hermes:8642
|
||||
HERMES_DASHBOARD_URL: http://hermes:9119
|
||||
HERMES_API_TOKEN: ${API_SERVER_KEY}
|
||||
HERMES_PASSWORD: ${HERMES_WORKSPACE_PASSWORD:?must be set}
|
||||
COOKIE_SECURE: "1"
|
||||
volumes:
|
||||
# Share the same Hermes data — workspace reads config, sessions,
|
||||
# skills, memory from the agent's persistent volume
|
||||
- /mnt/HoardingCow_docker_data/Hermes/data:/home/workspace/.hermes
|
||||
networks:
|
||||
- ai_backend
|
||||
- ai_net
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.docker.network=ai_net"
|
||||
|
||||
- "traefik.http.routers.workspace-http.rule=Host(`workspace.lazyworkhorse.net`)"
|
||||
- "traefik.http.routers.workspace-http.entrypoints=web"
|
||||
- "traefik.http.routers.workspace-http.middlewares=redirect-to-https"
|
||||
|
||||
- "traefik.http.routers.workspace-https.rule=Host(`workspace.lazyworkhorse.net`)"
|
||||
- "traefik.http.routers.workspace-https.entrypoints=websecure"
|
||||
- "traefik.http.routers.workspace-https.tls=true"
|
||||
- "traefik.http.routers.workspace-https.tls.certresolver=njalla"
|
||||
|
||||
- "traefik.http.services.workspace.loadbalancer.server.port=3000"
|
||||
# ─────────────────────────────────────────────────────────────
|
||||
|
||||
networks:
|
||||
ai_net:
|
||||
external: true
|
||||
|
||||
Reference in New Issue
Block a user