gortium/compose
1
1
Fork 0
Code Issues Pull Requests 18 Actions Packages Projects Releases Wiki Activity
Files
6b33c3099ad8af7c89e83f9d3f4ced9e02d1b53d
compose/ai/compose.yml
Hermes 6b33c3099a feat: add Hermes Workspace alongside existing Hermes Agent 
- Add HERMES_DASHBOARD=1 env vars to existing hermes service
  (enables multi-agent dashboard API on port 9119)
- Add healthcheck to hermes service (required for workspace dep)
- Add hermes-workspace service (ghcr.io/outsourc-e/hermes-workspace:latest)
  - Connects to existing gateway at hermes:8642 and dashboard at hermes:9119
  - Shares Hermes data volume for config/sessions/skills/memory
  - Exposed via Traefik at workspace.lazyworkhorse.net (port 3000)
  - Requires HERMES_WORKSPACE_PASSWORD in .env (agenix)
- Networks: ai_backend + ai_net (for Traefik)
2026-05-19 20:03:34 -04:00

392 lines
13 KiB
YAML
Raw Blame History

version: "3.8"
services:
# webui:
# image: ghcr.io/open-webui/open-webui:main
# volumes:
# - /mnt/HoardingCow_docker_data/Ollama/open-webui:/app/backend/data
# restart: always
# environment:
# - OLLAMA_API_BASE_URL=http://ollama:11434/api
# networks:
# - ai_net
# - ai_backend
# labels:
# - "traefik.enable=true"
# # Router for HTTP + redirection to HTTPS
# - "traefik.http.routers.webui-http.rule=Host(`ai.lazyworkhorse.net`)"
# - "traefik.http.routers.webui-http.entrypoints=web"
# - "traefik.http.routers.webui-http.middlewares=redirect-to-https"
# # Router for HTTPS with TLS
# - "traefik.http.routers.webui-https.rule=Host(`ai.lazyworkhorse.net`)"
# - "traefik.http.routers.webui-https.entrypoints=websecure"
# - "traefik.http.routers.webui-https.tls=true"
# - "traefik.http.routers.webui-https.tls.certresolver=njalla"
hermes:
build:
context: ./hermes
ssh:
- default
container_name: hermes
entrypoint: ["/bin/bash", "-c",
"bash /opt/data/hermes-tools/install.sh && exec /usr/bin/tini -g -- /opt/hermes/docker/entrypoint.sh \"$@\"",
"hermes-entrypoint"]
restart: always
# Gateway run enables the internal API server on port 8642
command: gateway run
environment:
- OLLAMA_HOST=http://ollama:11434
- API_SERVER_ENABLED=true
- API_SERVER_PORT=8642
- API_SERVER_HOST=0.0.0.0
- API_SERVER_KEY=hermes_local_key
- GATEWAY_ALLOW_ALL_USERS=true
- OPENROUTER_API_KEY=${OPENROUTER_API_KEY}
# ROCm for GPU-accelerated faster-whisper STT
- HSA_OVERRIDE_GFX_VERSION=9.0.6
- HCC_AMDGPU_TARGET=gfx906
- HIP_VISIBLE_DEVICES=0,1
- ROCR_VISIBLE_DEVICES=0,1
- HSA_ENABLE_SDMA=0
- TZ=America/Montreal
# Hermes Workspace dashboard (port 9119) — enables multi-agent web UI
- HERMES_DASHBOARD=1
- HERMES_DASHBOARD_HOST=0.0.0.0
- HERMES_DASHBOARD_PORT=9119
volumes:
- /mnt/HoardingCow_docker_data/Hermes/data:/opt/data
# Syncthing-shared org files — read-only view of user's agenda
- /mnt/HoardingCow_docker_data/Syncthing/telos-ro:/opt/data/telos-ro:ro
# Syncthing-shared inbox — write tasks here, they sync to user's laptop
- /mnt/HoardingCow_docker_data/Syncthing/telos-rw:/opt/data/telos-rw:rw
devices:
- /dev/kfd:/dev/kfd
- /dev/dri:/dev/dri
group_add:
- "303"
- "26"
networks:
- ai_backend
healthcheck:
test: ["CMD-SHELL", "curl -fsS http://localhost:8642/health && curl -fsS http://localhost:9119/api/status || exit 1"]
interval: 15s
timeout: 5s
retries: 5
start_period: 60s
syncthing:
image: syncthing/syncthing:latest
container_name: syncthing
hostname: syncthing
restart: always
ports:
- "8384:8384"
- "22000:22000"
- "21027:21027/udp"
environment:
- TZ=America/Montreal
volumes:
- /mnt/HoardingCow_docker_data/Syncthing/config:/var/syncthing/config
- /mnt/HoardingCow_docker_data/Syncthing/telos-ro:/telos-ro
- /mnt/HoardingCow_docker_data/Syncthing/telos-rw:/telos-rw
networks:
- ai_backend
- ai_net
labels:
- "traefik.enable=true"
- "traefik.http.routers.syncthing-http.rule=Host(`syncthing.lazyworkhorse.net`)"
- "traefik.http.routers.syncthing-http.entrypoints=web"
- "traefik.http.routers.syncthing-http.middlewares=redirect-to-https"
- "traefik.http.routers.syncthing-https.rule=Host(`syncthing.lazyworkhorse.net`)"
- "traefik.http.routers.syncthing-https.entrypoints=websecure"
- "traefik.http.routers.syncthing-https.tls=true"
- "traefik.http.routers.syncthing-https.tls.certresolver=njalla"
- "traefik.http.services.syncthing.loadbalancer.server.port=8384"
ollama:
build:
context: ./ollama
dockerfile: Dockerfile
image: ollama/ollama:rocm-gfx906
container_name: ollama
tty: true
restart: always
ports:
- "127.0.0.1:11434:11434"
networks:
- ai_backend
volumes:
- /mnt/HoardingCow_docker_data/Ollama/ollama:/root/.ollama
environment:
- OLLAMA_VULKAN=0
- HSA_OVERRIDE_GFX_VERSION=9.0.6
- HCC_AMDGPU_TARGET=gfx906
- HIP_VISIBLE_DEVICES=0,1
- ROCR_VISIBLE_DEVICES=0,1
- HSA_ENABLE_SDMA=0
- OLLAMA_HOST=0.0.0.0
- OLLAMA_DEBUG=1
- OLLAMA_FLASH_ATTENTION=1
- OLLAMA_NUM_PARALLEL=2
devices:
# Map the render nodes and KFD for ROCm to work inside the container
- /dev/kfd:/dev/kfd
- /dev/dri:/dev/dri
group_add:
- "303"
- "26"
# ── Hermes Workspace ──────────────────────────────────────────
# Web UI for Hermes Agent — chat, memory, skills, terminal,
# multi-agent swarm orchestration. Connects to the existing
# hermes gateway (port 8642) and dashboard (port 9119).
hermes-workspace:
image: ghcr.io/outsourc-e/hermes-workspace:latest
container_name: hermes-workspace
restart: unless-stopped
depends_on:
hermes:
condition: service_healthy
environment:
HERMES_API_URL: http://hermes:8642
HERMES_DASHBOARD_URL: http://hermes:9119
HERMES_API_TOKEN: ${API_SERVER_KEY}
HERMES_PASSWORD: ${HERMES_WORKSPACE_PASSWORD:?must be set}
COOKIE_SECURE: "1"
volumes:
# Share the same Hermes data — workspace reads config, sessions,
# skills, memory from the agent's persistent volume
- /mnt/HoardingCow_docker_data/Hermes/data:/home/workspace/.hermes
networks:
- ai_backend
- ai_net
labels:
- "traefik.enable=true"
- "traefik.docker.network=ai_net"
- "traefik.http.routers.workspace-http.rule=Host(`workspace.lazyworkhorse.net`)"
- "traefik.http.routers.workspace-http.entrypoints=web"
- "traefik.http.routers.workspace-http.middlewares=redirect-to-https"
- "traefik.http.routers.workspace-https.rule=Host(`workspace.lazyworkhorse.net`)"
- "traefik.http.routers.workspace-https.entrypoints=websecure"
- "traefik.http.routers.workspace-https.tls=true"
- "traefik.http.routers.workspace-https.tls.certresolver=njalla"
- "traefik.http.services.workspace.loadbalancer.server.port=3000"
# ─────────────────────────────────────────────────────────────
networks:
ai_net:
external: true
name: ai_net
ai_backend:
driver: bridge
name: ai_backend
# llama_cpp_devstral:
# image: ghcr.io/ggml-org/llama.cpp:server-rocm
# container_name: llama_cpp_devstral
# restart: unless-stopped
# networks:
# - ai_backend
# ports:
# - "8300:8080"
# ipc: host
# devices:
# - "/dev/kfd:/dev/kfd"
# - "/dev/dri:/dev/dri"
# group_add:
# - "303" # video
# - "26" # render
# environment:
# HSA_OVERRIDE_GFX_VERSION: 9.0.6
# HIP_VISIBLE_DEVICES: 0,1
# LLAMA_CACHE: /models
# volumes:
# - /mnt/HoardingCow_docker_data/Llama_cpp/models:/models
# - /mnt/HoardingCow_docker_data/Llama_cpp/devstral-agent.jinja:/template.jinja
# command: >
# -hf unsloth/Devstral-Small-2-24B-Instruct-2512-GGUF:Devstral-Small-2-24B-Instruct-2512-Q8_0.gguf
# -a devstral-2-small-llama_cpp
# --chat-template-file /template.jinja
# --host 0.0.0.0
# --port 8080
# --n-gpu-layers 99
# --ctx-size 163840
# --batch-size 4096
# --ubatch-size 4096
# --cache-type-k f16
# --cache-type-v f16
# --cache-reuse 256
# --flash-attn on
# --context-shift
# --split-mode layer
# --no-mmap
# --n-predict -1
# --parallel 2
# vllm:
# image: nalanzeyu/vllm-gfx906:v0.9.0-rocm6.3
# container_name: vllm
# # Required for multi-GPU communication (NCCL)
# ipc: host
# init: true
# shm_size: '2g'
# networks:
# - ai_backend
# ports:
# - "8300:8000"
# devices:
# - "/dev/kfd:/dev/kfd"
# - "/dev/dri:/dev/dri"
# group_add:
# - "303"
# - "26"
# environment:
# HSA_OVERRIDE_GFX_VERSION: 9.0.6
# HSA_ENABLE_SDMA: 0
# HIP_VISIBLE_DEVICES: 0,1
# NCCL_P2P_DISABLE: 1
# VLLM_WORKER_MULTIPROC_METHOD: spawn
# VLLM_USE_TRITON_FLASH_ATTN: 0
# VLLM_USE_ROCM_CUSTOM_PAGED_ATTN: 0
# VLLM_ATTENTION_BACKEND: ROPE_NAIVE
# VLLM_SKIP_WARMUP: 1
# VLLM_USE_V1: 0
# HF_TOKEN: ${HF_TOKEN}
# command: >
# vllm serve "mistralai/Devstral-Small-2-24B-Instruct-2512"
# --tensor-parallel-size 2
# --max-model-len 8192
# --gpu-memory-utilization 0.90
# --tokenizer_mode mistral
# --config_format auto
# --load-format auto
# --enforce-eager
# --disable-custom-all-reduce
# --trust-remote-code
# --task generate
# --block-size 16
# volumes:
# - /mnt/HoardingCow_docker_data/vllm/models:/root/.cache/huggingface
# restart: unless-stopped
# n8n:
# image: n8nio/n8n:latest
# container_name: n8n
# restart: unless-stopped
# networks:
# - ai_net
# environment:
# - N8N_HOST=n8n.lazyworkhorse.net
# - N8N_PORT=5678
# - N8N_PROTOCOL=https
# - NODE_ENV=production
# - N8N_ENCRYPTION_KEY=${N8N_ENCRYPTION_KEY}
# - WEBHOOK_URL=https://n8n.lazyworkhorse.net/
# - GENERIC_TIMEZONE=America/New_York # Adjust to your timezone
# - N8N_BLOCK_EXTERNAL_STORAGE_ACCESS=false
# - N8N_NODES_PYTHON_CAN_IMPORT_MODULES=true
# - N8N_NATIVE_PYTHON_RUNNER=true
# - N8N_PYTHON_ALLOW_STDLIB=uuid,re,os,json
# - N8N_PYTHON_ALLOW_EXTERNAL=requests,pandas
# - NODE_FUNCTION_ALLOW_EXTERNAL=uuid,requests
# volumes:
# - /mnt/HoardingCow_docker_data/n8n:/home/node/.n8n
# labels:
# - "traefik.enable=true"
# # Router for HTTP + redirection to HTTPS
# - "traefik.http.routers.n8n-http.rule=Host(`n8n.lazyworkhorse.net`)"
# - "traefik.http.routers.n8n-http.entrypoints=web"
# - "traefik.http.routers.n8n-http.middlewares=redirect-to-https"
# # Router for HTTPS with TLS
# - "traefik.http.routers.n8n-https.rule=Host(`n8n.lazyworkhorse.net`)"
# - "traefik.http.routers.n8n-https.entrypoints=websecure"
# - "traefik.http.routers.n8n-https.tls=true"
# - "traefik.http.routers.n8n-https.tls.certresolver=njalla"
# # Service Loadbalancer (n8n default port)
# - "traefik.http.services.n8n.loadbalancer.server.port=5678"
# openclaw:
# image: coollabsio/openclaw:latest
# container_name: openclaw
# restart: unless-stopped
# expose:
# - "8080" # WebUI
# - "18789" # Gateway/WebSocket
# - "8788" # Nextcloud Webhook
# networks:
# - ai_net
# - ai_backend
# volumes:
# - /mnt/HoardingCow_docker_data/openclaw/data:/data
# - /home/gortium/infra:/data/workspace/infra
# environment:
# - TZ=America/Toronto
# - OPENCLAW_GATEWAY_TOKEN=${OPENCLAW_GATEWAY_TOKEN}
# - OPENROUTER_API_KEY=${OPENROUTER_API_KEY}
# # Point to the sidecar browser
# - BROWSER_CDP_URL=http://openclaw-browser:9222
# - BROWSER_EVALUATE_ENABLED=true
# - OPENCLAW_GATEWAY_HOST=0.0.0.0
# - OPENCLAW_ALLOWED_ORIGINS=https://claw.lazyworkhorse.net
# labels:
# - "traefik.enable=true"
# - "traefik.http.routers.openclaw-http.rule=Host(`claw.lazyworkhorse.net`)"
# - "traefik.http.routers.openclaw-http.entrypoints=web"
# - "traefik.http.routers.openclaw-http.middlewares=redirect-to-https"
# - "traefik.http.routers.openclaw-https.rule=Host(`claw.lazyworkhorse.net`)"
# - "traefik.http.routers.openclaw-https.priority=50"
# - "traefik.http.routers.openclaw-https.entrypoints=websecure"
# - "traefik.http.routers.openclaw-https.tls=true"
# - "traefik.http.routers.openclaw-https.tls.certresolver=njalla"
# - "traefik.http.services.openclaw.loadbalancer.server.port=8080"
# depends_on:
# - openclaw-browser
# openclaw-browser:
# image: ghcr.io/browserless/chromium:latest
# restart: always
# expose:
# - "3000"
# environment:
# - MAX_CONCURRENT_SESSIONS=10
# - CONNECTION_TIMEOUT=300000
# - PREBOOT_CHROME=true
# - DEMO_MODE=false
# networks:
# ai_backend:
# aliases:
# - browser
# openclaw-ssh:
# image: linuxserver/openssh-server:latest
# container_name: openclaw-ssh
# environment:
# - PUID=1000
# - PGID=1000
# - PUBLIC_KEY_FILE=/config/ssh/authorized_keys
# - SUDO_ACCESS=false
# - PASSWORD_ACCESS=false
# volumes:
# - /mnt/HoardingCow_docker_data/openclaw/ssh-config:/config
# - /home/gortium/infra:/data/workspace/infra:ro
# restart: unless-stopped
# networks:
# - ai_backend
# labels:
# - "traefik.enable=true"
# - "traefik.tcp.routers.openclaw-ssh.rule=HostSNI(*)"
# - "traefik.tcp.routers.openclaw-ssh.entrypoints=sshnode"
# - "traefik.tcp.routers.openclaw-ssh.tls.passthrough=false"
# - "traefik.tcp.services.openclaw-ssh.loadbalancer.server.port=2222"
Reference in New Issue View Git Blame Copy Permalink