From ccdb1c0931d1c1258a71699fe6a144dab6e8b7d6 Mon Sep 17 00:00:00 2001 From: Thierry Pouplier Date: Wed, 29 Apr 2026 21:16:44 +0000 Subject: [PATCH 1/2] feat(ai): add chromium browser automation support (PR 2/5) Add browser automation packages for Playwright/headless Chrome: - chromium: Headless browser - xvfb: Virtual framebuffer for headless operation - fonts-*: Font support for proper rendering - lib*-runtime: Chromium runtime dependencies Depends on PR #7 (curl, poppler-utils, imagemagick) --- ai/Dockerfile | 66 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 66 insertions(+) create mode 100644 ai/Dockerfile diff --git a/ai/Dockerfile b/ai/Dockerfile new file mode 100644 index 0000000..b4a38c5 --- /dev/null +++ b/ai/Dockerfile @@ -0,0 +1,66 @@ +FROM ghcr.io/astral-sh/uv:0.11.6-python3.13-trixie@sha256:b3c543b6c4f23a5f2df22866bd7857e5d304b67a564f4feab6ac22044dde719b AS uv_source +FROM tianon/gosu:1.19-trixie@sha256:3b176695959c71e123eb390d427efc665eeb561b1540e82679c15e992006b8b9 AS gosu_source +FROM debian:13.4 + +# Disable Python stdout buffering to ensure logs are printed immediately +ENV PYTHONUNBUFFERED=1 + +# Store Playwright browsers outside the volume mount so the build-time +# install survives the /opt/data volume overlay at runtime. +ENV PLAYWRIGHT_BROWSERS_PATH=/opt/hermes/.playwright + +# Install system dependencies in one layer, clear APT cache +# tini reaps orphaned zombie processes (MCP stdio subprocesses, git, bun, etc.) +# that would otherwise accumulate when hermes runs as PID 1. See #15012. +RUN apt-get update && \ + apt-get install -y --no-install-recommends \ + build-essential nodejs npm python3 ripgrep ffmpeg gcc python3-dev libffi-dev procps git openssh-client docker-cli tini \ + curl poppler-utils imagemagick \ + chromium xvfb fonts-noto-color-emoji fonts-unifont fonts-liberation fonts-ipafont-gothic fonts-wqy-zenhei fonts-tlwg-loma-otf fonts-freefont-ttf \ + libasound2t64 libatk-bridge2.0-0t64 libatk1.0-0t64 libatspi2.0-0t64 libcairo2 libcups2t64 libdbus-1-3 libdrm2 libgbm1 libglib2.0-0t64 libnspr4 libnss3 libpango-1.0-0 libx11-6 libxcb1 libxcomposite1 libxdamage1 libxext6 libxfixes3 libxkbcommon0 libxrandr2 && \ + rm -rf /var/lib/apt/lists/* + +# Non-root user for runtime; UID can be overridden via HERMES_UID at runtime +RUN useradd -u 10000 -m -d /opt/data hermes + +COPY --chmod=0755 --from=gosu_source /gosu /usr/local/bin/ +COPY --chmod=0755 --from=uv_source /usr/local/bin/uv /usr/local/bin/uvx /usr/local/bin/ + +WORKDIR /opt/hermes + +# ---------- Layer-cached dependency install ---------- +# Copy only package manifests first so npm install + Playwright are cached +# unless the lockfiles themselves change. +COPY package.json package-lock.json ./ +COPY web/package.json web/package-lock.json web/ + +RUN npm install --prefer-offline --no-audit && \ + npx playwright install --with-deps chromium --only-shell && \ + (cd web && npm install --prefer-offline --no-audit) && \ + npm cache clean --force + +# ---------- Source code ---------- +# .dockerignore excludes node_modules, so the installs above survive. +COPY --chown=hermes:hermes . . + +# Build web dashboard (Vite outputs to hermes_cli/web_dist/) +RUN cd web && npm run build + +# ---------- Permissions ---------- +# Make install dir world-readable so any HERMES_UID can read it at runtime. +# The venv needs to be traversable too. +USER root +RUN chmod -R a+rX /opt/hermes +# Start as root so the entrypoint can usermod/groupmod + gosu. +# If HERMES_UID is unset, the entrypoint drops to the default hermes user (10000). + +# ---------- Python virtualenv ---------- +RUN uv venv && \ + uv pip install --no-cache-dir -e ".[all]" + +# ---------- Runtime ---------- +ENV HERMES_WEB_DIST=/opt/hermes/hermes_cli/web_dist +ENV HERMES_HOME=/opt/data +ENV PATH="/opt/data/.local/bin:${PATH}" +VOLUME [ "/opt/data" ] +ENTRYPOINT [ "/usr/bin/tini", "-g", "--", "/opt/hermes/docker/entrypoint.sh" ] -- 2.49.1 From 29ac1e0d25bcbc6c732798854b302b080d8509c4 Mon Sep 17 00:00:00 2001 From: Hermes Date: Wed, 20 May 2026 13:57:13 -0400 Subject: [PATCH 2/2] feat: add DASHI dashboard stack --- dashi/compose.yml | 14 ++++++++++++++ network/compose.yml | 4 ++++ 2 files changed, 18 insertions(+) create mode 100644 dashi/compose.yml diff --git a/dashi/compose.yml b/dashi/compose.yml new file mode 100644 index 0000000..74fb04d --- /dev/null +++ b/dashi/compose.yml @@ -0,0 +1,14 @@ +services: + dashi: + image: jamjnsn/dashi:latest + container_name: dashi + expose: + - "8000" + restart: unless-stopped + networks: + - dashi_net + +networks: + dashi_net: + driver: bridge + name: dashi_net diff --git a/network/compose.yml b/network/compose.yml index 5a35eff..35ade73 100644 --- a/network/compose.yml +++ b/network/compose.yml @@ -41,6 +41,7 @@ services: - passman_net - tak_net - vc_net + - dashi_net ddns-updater: image: qmcgaw/ddns-updater @@ -114,6 +115,9 @@ networks: vc_net: external: true name: vc_net + dashi_net: + external: true + name: dashi_net # duckdns: # environment: -- 2.49.1