diff --git a/flake.lock b/flake.lock index 443207d..8239520 100644 --- a/flake.lock +++ b/flake.lock @@ -26,14 +26,17 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1774683796, - "narHash": "sha256-idEZ4OMgD27cWFJ+/6IF1F8BcmnpH9orGVhZUvzkDig=", - "path": "/home/m3tam3re/p/AI/AGENTS", - "type": "path" + "lastModified": 1774977190, + "narHash": "sha256-C4FJ0UhbHQngXqPZNPrNShb0tFXYXFdYdXSg1WezKes=", + "ref": "refs/heads/master", + "rev": "a05558b8112574fc4e8e82094ce1420ee02c0770", + "revCount": 67, + "type": "git", + "url": "https://code.m3ta.dev/m3tam3re/AGENTS" }, "original": { - "path": "/home/m3tam3re/p/AI/AGENTS", - "type": "path" + "type": "git", + "url": "https://code.m3ta.dev/m3tam3re/AGENTS" } }, "base16-schemes": { @@ -429,14 +432,17 @@ "openspec": "openspec" }, "locked": { - "lastModified": 1775355384, - "narHash": "sha256-3XPJvNUjd5JXshjogwUy8T/N5ylHUd7tDBSxcAkEAcY=", - "path": "/home/m3tam3re/p/NIX/nixpkgs", - "type": "path" + "lastModified": 1775493495, + "narHash": "sha256-qnEmtTlLjZ3Ua/+hobZhVRhEhQHvZdVxmS5IN1Fi150=", + "ref": "refs/heads/master", + "rev": "715d06e83bdfd63dd16dda4a9533ddfe670862e2", + "revCount": 215, + "type": "git", + "url": "https://code.m3ta.dev/m3tam3re/nixpkgs" }, "original": { - "path": "/home/m3tam3re/p/NIX/nixpkgs", - "type": "path" + "type": "git", + "url": "https://code.m3ta.dev/m3tam3re/nixpkgs" } }, "nix-colors": { @@ -776,16 +782,16 @@ ] }, "locked": { - "lastModified": 1774996501, - "narHash": "sha256-1sEkQDdV/qU4/N9oHR4mptllcRWt503k6HZ8Yp4EooE=", + "lastModified": 1775461158, + "narHash": "sha256-FiQzBj3C0sAnKU+WMktliqt0zM3YQDrgQbner1LOTi8=", "owner": "anomalyco", "repo": "opencode", - "rev": "892bdebaacbed3fc76976431c7aa7b81ab639fb6", + "rev": "517e6c9aa4c61dbc125e7654fc596f1d529f20d9", "type": "github" }, "original": { "owner": "anomalyco", - "ref": "v1.3.12", + "ref": "v1.3.17", "repo": "opencode", "type": "github" } diff --git a/flake.nix b/flake.nix index c4b6a96..34156bf 100644 --- a/flake.nix +++ b/flake.nix @@ -22,8 +22,8 @@ nixpkgs-9e58ed7.url = "github:nixos/nixpkgs/9e58ed7ba759d81c98f033b7f5eba21ca68f53b0"; nixpkgs-master.url = "github:nixos/nixpkgs/master"; - # m3ta-nixpkgs.url = "git+https://code.m3ta.dev/m3tam3re/nixpkgs"; - m3ta-nixpkgs.url = "path:/home/m3tam3re/p/NIX/nixpkgs"; + m3ta-nixpkgs.url = "git+https://code.m3ta.dev/m3tam3re/nixpkgs"; + # m3ta-nixpkgs.url = "path:/home/m3tam3re/p/NIX/nixpkgs"; llm-agents.url = "github:numtide/llm-agents.nix"; # @@ -45,8 +45,8 @@ nix-colors.url = "github:misterio77/nix-colors"; agents = { - url = "path:/home/m3tam3re/p/AI/AGENTS"; - # url = "git+https://code.m3ta.dev/m3tam3re/AGENTS"; + # url = "path:/home/m3tam3re/p/AI/AGENTS"; + url = "git+https://code.m3ta.dev/m3tam3re/AGENTS"; }; ## Skills skills-basecamp = { @@ -146,6 +146,19 @@ m3ta-nixpkgs.nixosModules.default ]; }; + m3-hermes = nixpkgs.lib.nixosSystem { + specialArgs = { + inherit inputs outputs; + system = "x86_64-linux"; + }; + modules = [ + ./hosts/m3-hermes + inputs.disko.nixosModules.disko + agenix.nixosModules.default + m3ta-nixpkgs.nixosModules.default + inputs.hermes-agent.nixosModules.default + ]; + }; }; homeConfigurations = { "m3tam3re@m3-daedalus" = home-manager.lib.homeManagerConfiguration { diff --git a/home/m3tam3re/m3-hermes.nix b/home/m3tam3re/m3-hermes.nix new file mode 100644 index 0000000..0f6c41d --- /dev/null +++ b/home/m3tam3re/m3-hermes.nix @@ -0,0 +1,17 @@ +{ + imports = [ + ../common + ../features/cli + ./home-server.nix + ]; + + features = { + cli = { + fish.enable = true; + fzf.enable = true; + nitch.enable = true; + secrets.enable = false; + starship.enable = true; + }; + }; +} diff --git a/hosts/m3-atlas/services/default.nix b/hosts/m3-atlas/services/default.nix index 47e2623..0e18ffb 100644 --- a/hosts/m3-atlas/services/default.nix +++ b/hosts/m3-atlas/services/default.nix @@ -4,7 +4,6 @@ ./containers ./gitea.nix ./gitea-actions-runner.nix - ./hermes-agent.nix ./minio.nix ./mysql.nix ./netbird.nix diff --git a/hosts/m3-hermes/configuration.nix b/hosts/m3-hermes/configuration.nix new file mode 100644 index 0000000..bde3173 --- /dev/null +++ b/hosts/m3-hermes/configuration.nix @@ -0,0 +1,43 @@ +{pkgs, ...}: { + imports = [ + ./disko-config.nix + ./hardware-configuration.nix + ]; + + # Bootloader. + boot.loader.grub = { + efiSupport = true; + efiInstallAsRemovable = true; + }; + + networking.hostName = "m3-hermes"; + networking.hostId = "a1b2c3d4"; # TODO: Generate unique hostId + networking.networkmanager.enable = true; + time.timeZone = "Europe/Berlin"; + i18n.defaultLocale = "en_US.UTF-8"; + + environment.systemPackages = with pkgs; [neovim git]; + + services.openssh = { + enable = true; + settings = { + PermitRootLogin = "no"; + PasswordAuthentication = false; + }; + }; + + services.fstrim = { + enable = true; + interval = "weekly"; + }; + + # Firewall: outbound only, SSH inbound + networking.firewall = { + enable = true; + allowedTCPPorts = [22]; # SSH only + allowedUDPPorts = []; + allowPing = false; + }; + + system.stateVersion = "25.05"; +} diff --git a/hosts/m3-hermes/default.nix b/hosts/m3-hermes/default.nix new file mode 100644 index 0000000..699d1b7 --- /dev/null +++ b/hosts/m3-hermes/default.nix @@ -0,0 +1,16 @@ +{ + imports = [ + ../common + ./configuration.nix + ./programs.nix + ./secrets.nix + ./services + ]; + + extraServices = { + flatpak.enable = false; + ollama.enable = false; + podman.enable = true; + virtualisation.enable = false; + }; +} diff --git a/hosts/m3-hermes/disko-config.nix b/hosts/m3-hermes/disko-config.nix new file mode 100644 index 0000000..ed8a8b6 --- /dev/null +++ b/hosts/m3-hermes/disko-config.nix @@ -0,0 +1,39 @@ +{ + disko.devices = { + disk = { + main = { + type = "disk"; + device = "/dev/sda"; + content = { + type = "gpt"; + partitions = { + boot = { + size = "1M"; + type = "EF02"; # for GRUB MBR + priority = 1; + }; + esp = { + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = ["defaults" "umask=0077"]; + }; + }; + root = { + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + mountOptions = ["noatime" "nodiratime" "discard"]; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/hosts/m3-hermes/hardware-configuration.nix b/hosts/m3-hermes/hardware-configuration.nix new file mode 100644 index 0000000..419024b --- /dev/null +++ b/hosts/m3-hermes/hardware-configuration.nix @@ -0,0 +1,17 @@ +# Do not modify this file! It was generated by 'nixos-generate-config' +# and may be overwritten by future invocations. Please make changes +# to configuration.nix instead. +{config, lib, pkgs, modulesPath, ...}: { + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"]; + boot.initrd.kernelModules = []; + boot.kernelModules = []; + boot.extraModulePackages = []; + + networking.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/hosts/m3-hermes/programs.nix b/hosts/m3-hermes/programs.nix new file mode 100644 index 0000000..92f7c2d --- /dev/null +++ b/hosts/m3-hermes/programs.nix @@ -0,0 +1,11 @@ +{pkgs, ...}: { + programs.nix-ld.enable = true; + programs.nix-ld.libraries = with pkgs; []; + programs.fish.enable = true; + programs.nh = { + enable = true; + clean.enable = true; + clean.extraArgs = "--keep-since 4d --keep 3"; + flake = "/home/m3tam3re/p/nix/nixos-config"; + }; +} diff --git a/hosts/m3-hermes/secrets.nix b/hosts/m3-hermes/secrets.nix new file mode 100644 index 0000000..ff8dbb1 --- /dev/null +++ b/hosts/m3-hermes/secrets.nix @@ -0,0 +1,13 @@ +{ + age = { + secrets = { + hermes-env = { + file = ../../secrets/hermes-env.age; + }; + m3tam3re-secrets = { + file = ../../secrets/m3tam3re-secrets.age; + owner = "m3tam3re"; + }; + }; + }; +} diff --git a/hosts/m3-hermes/services/default.nix b/hosts/m3-hermes/services/default.nix new file mode 100644 index 0000000..ea6a2d3 --- /dev/null +++ b/hosts/m3-hermes/services/default.nix @@ -0,0 +1,5 @@ +{ + imports = [ + ./hermes-agent.nix + ]; +} diff --git a/hosts/m3-hermes/services/hermes-agent.nix b/hosts/m3-hermes/services/hermes-agent.nix new file mode 100644 index 0000000..8c72954 --- /dev/null +++ b/hosts/m3-hermes/services/hermes-agent.nix @@ -0,0 +1,191 @@ +{config, ...}: let + # Default ElevenLabs voice: Bella (German-capable female) + elevenlabsVoiceId = "hpp4J3VqNfWAUOO0d1Us"; +in { + services.hermes-agent = { + enable = true; + addToSystemPackages = true; + + # Secrets via agenix + environmentFiles = [config.age.secrets."hermes-env".path]; + + # Non-secret environment variables + environment = { + # + }; + + # ── Container mode (podman) ────────────────────────────────────────── + container = { + enable = true; + backend = "podman"; + }; + + settings = { + # ── Model ────────────────────────────────────────────────────────── + model = { + default = "glm-5.1"; + provider = "zai"; + base_url = "https://api.z.ai/api/coding/paas/v4/"; + }; + + credential_pool_strategies = { + zai = "fill_first"; + }; + + toolsets = ["all"]; + + # ── Agent ────────────────────────────────────────────────────────── + agent = { + max_turns = 90; + gateway_timeout = 1800; + tool_use_enforcement = "auto"; + }; + + # ── Terminal ─────────────────────────────────────────────────────── + terminal = { + backend = "local"; + modal_mode = "auto"; + cwd = "."; + timeout = 180; + persistent_shell = true; + }; + + # ── Browser ──────────────────────────────────────────────────────── + browser = { + inactivity_timeout = 120; + command_timeout = 30; + cloud_provider = "local"; + }; + + # ── Checkpoints / Compression ────────────────────────────────────── + checkpoints = { + enabled = true; + max_snapshots = 50; + }; + + file_read_max_chars = 100000; + + compression = { + enabled = true; + threshold = 0.5; + target_ratio = 0.2; + protect_last_n = 20; + }; + + # ── Display ──────────────────────────────────────────────────────── + display = { + compact = false; + personality = "kawaii"; + resume_display = "full"; + busy_input_mode = "interrupt"; + inline_diffs = true; + skin = "default"; + tool_progress = "all"; + }; + + # ── TTS / STT / Voice ────────────────────────────────────────────── + tts = { + provider = "elevenlabs"; + elevenlabs = { + voice_id = elevenlabsVoiceId; + model_id = "eleven_multilingual_v2"; + }; + }; + + stt = { + enabled = true; + provider = "local"; + local = {model = "base";}; + }; + + voice = { + record_key = "ctrl+b"; + max_recording_seconds = 120; + silence_threshold = 200; + silence_duration = 3.0; + }; + + # ── Memory ───────────────────────────────────────────────────────── + memory = { + memory_enabled = true; + user_profile_enabled = true; + memory_char_limit = 2200; + user_char_limit = 1375; + }; + + # ── Delegation ───────────────────────────────────────────────────── + delegation = { + max_iterations = 50; + }; + + # ── Discord ──────────────────────────────────────────────────────── + discord = { + require_mention = true; + auto_thread = true; + reactions = true; + }; + + # ── Approvals / Security ─────────────────────────────────────────── + approvals = { + mode = "manual"; + timeout = 60; + }; + + security = { + redact_secrets = true; + tirith_enabled = true; + tirith_fail_open = true; + }; + + # ── Cron / Session ───────────────────────────────────────────────── + cron = {wrap_response = true;}; + + session_reset = { + mode = "both"; + idle_minutes = 1440; + at_hour = 4; + }; + + # ── Web ──────────────────────────────────────────────────────────── + web = {backend = "exa";}; + + # ── Platform Toolsets ────────────────────────────────────────────── + platform_toolsets = { + cli = [ + "browser" + "clarify" + "code_execution" + "cronjob" + "delegation" + "file" + "image_gen" + "memory" + "session_search" + "skills" + "terminal" + "todo" + "tts" + "vision" + "web" + ]; + telegram = [ + "browser" + "clarify" + "code_execution" + "cronjob" + "delegation" + "file" + "image_gen" + "memory" + "session_search" + "skills" + "terminal" + "todo" + "tts" + "vision" + "web" + ]; + }; + }; + }; +}