m3tam3re/nixos-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

+m3-hermes

Browse Source
This commit is contained in:
sascha.koenig
2026-04-07 06:19:05 +02:00
parent 38c27eff1c
commit 6853bb3063
12 changed files with 391 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
flake.lock generated
View File

@@ -26,14 +26,17 @@
"nixpkgs": "nixpkgs_2" "nixpkgs": "nixpkgs_2"
}, },
"locked": { "locked": {
"lastModified": 1774683796, "lastModified": 1774977190,
"narHash": "sha256-idEZ4OMgD27cWFJ+/6IF1F8BcmnpH9orGVhZUvzkDig=", "narHash": "sha256-C4FJ0UhbHQngXqPZNPrNShb0tFXYXFdYdXSg1WezKes=",
"path": "/home/m3tam3re/p/AI/AGENTS", "ref": "refs/heads/master",
"type": "path" "rev": "a05558b8112574fc4e8e82094ce1420ee02c0770",
"revCount": 67,
"type": "git",
"url": "https://code.m3ta.dev/m3tam3re/AGENTS"
}, },
"original": { "original": {
"path": "/home/m3tam3re/p/AI/AGENTS", "type": "git",
"type": "path" "url": "https://code.m3ta.dev/m3tam3re/AGENTS"
} }
}, },
"base16-schemes": { "base16-schemes": {
@@ -429,14 +432,17 @@
"openspec": "openspec" "openspec": "openspec"
}, },
"locked": { "locked": {
"lastModified": 1775355384, "lastModified": 1775493495,
"narHash": "sha256-3XPJvNUjd5JXshjogwUy8T/N5ylHUd7tDBSxcAkEAcY=", "narHash": "sha256-qnEmtTlLjZ3Ua/+hobZhVRhEhQHvZdVxmS5IN1Fi150=",
"path": "/home/m3tam3re/p/NIX/nixpkgs", "ref": "refs/heads/master",
"type": "path" "rev": "715d06e83bdfd63dd16dda4a9533ddfe670862e2",
"revCount": 215,
"type": "git",
"url": "https://code.m3ta.dev/m3tam3re/nixpkgs"
}, },
"original": { "original": {
"path": "/home/m3tam3re/p/NIX/nixpkgs", "type": "git",
"type": "path" "url": "https://code.m3ta.dev/m3tam3re/nixpkgs"
} }
}, },
"nix-colors": { "nix-colors": {
@@ -776,16 +782,16 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1774996501, "lastModified": 1775461158,
"narHash": "sha256-1sEkQDdV/qU4/N9oHR4mptllcRWt503k6HZ8Yp4EooE=", "narHash": "sha256-FiQzBj3C0sAnKU+WMktliqt0zM3YQDrgQbner1LOTi8=",
"owner": "anomalyco", "owner": "anomalyco",
"repo": "opencode", "repo": "opencode",
"rev": "892bdebaacbed3fc76976431c7aa7b81ab639fb6", "rev": "517e6c9aa4c61dbc125e7654fc596f1d529f20d9",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "anomalyco", "owner": "anomalyco",
"ref": "v1.3.12", "ref": "v1.3.17",
"repo": "opencode", "repo": "opencode",
"type": "github" "type": "github"
} }

21
flake.nix
View File

@@ -22,8 +22,8 @@
nixpkgs-9e58ed7.url = "github:nixos/nixpkgs/9e58ed7ba759d81c98f033b7f5eba21ca68f53b0"; nixpkgs-9e58ed7.url = "github:nixos/nixpkgs/9e58ed7ba759d81c98f033b7f5eba21ca68f53b0";
nixpkgs-master.url = "github:nixos/nixpkgs/master"; nixpkgs-master.url = "github:nixos/nixpkgs/master";
# m3ta-nixpkgs.url = "git+https://code.m3ta.dev/m3tam3re/nixpkgs"; m3ta-nixpkgs.url = "git+https://code.m3ta.dev/m3tam3re/nixpkgs";
m3ta-nixpkgs.url = "path:/home/m3tam3re/p/NIX/nixpkgs"; # m3ta-nixpkgs.url = "path:/home/m3tam3re/p/NIX/nixpkgs";
llm-agents.url = "github:numtide/llm-agents.nix"; llm-agents.url = "github:numtide/llm-agents.nix";
# #
@@ -45,8 +45,8 @@
nix-colors.url = "github:misterio77/nix-colors"; nix-colors.url = "github:misterio77/nix-colors";
agents = { agents = {
url = "path:/home/m3tam3re/p/AI/AGENTS"; # url = "path:/home/m3tam3re/p/AI/AGENTS";
# url = "git+https://code.m3ta.dev/m3tam3re/AGENTS"; url = "git+https://code.m3ta.dev/m3tam3re/AGENTS";
}; };
## Skills ## Skills
skills-basecamp = { skills-basecamp = {
@@ -146,6 +146,19 @@
m3ta-nixpkgs.nixosModules.default m3ta-nixpkgs.nixosModules.default
]; ];
}; };
m3-hermes = nixpkgs.lib.nixosSystem {
specialArgs = {
inherit inputs outputs;
system = "x86_64-linux";
};
modules = [
./hosts/m3-hermes
inputs.disko.nixosModules.disko
agenix.nixosModules.default
m3ta-nixpkgs.nixosModules.default
inputs.hermes-agent.nixosModules.default
];
};
}; };
homeConfigurations = { homeConfigurations = {
"m3tam3re@m3-daedalus" = home-manager.lib.homeManagerConfiguration { "m3tam3re@m3-daedalus" = home-manager.lib.homeManagerConfiguration {

17
home/m3tam3re/m3-hermes.nix Normal file
View File

@@ -0,0 +1,17 @@
{
imports = [
../common
../features/cli
./home-server.nix
];
features = {
cli = {
fish.enable = true;
fzf.enable = true;
nitch.enable = true;
secrets.enable = false;
starship.enable = true;
};
};
}

1
hosts/m3-atlas/services/default.nix
View File

@@ -4,7 +4,6 @@
./containers ./containers
./gitea.nix ./gitea.nix
./gitea-actions-runner.nix ./gitea-actions-runner.nix
./hermes-agent.nix
./minio.nix ./minio.nix
./mysql.nix ./mysql.nix
./netbird.nix ./netbird.nix

43
hosts/m3-hermes/configuration.nix Normal file
View File

@@ -0,0 +1,43 @@
{pkgs, ...}: {
imports = [
./disko-config.nix
./hardware-configuration.nix
];
# Bootloader.
boot.loader.grub = {
efiSupport = true;
efiInstallAsRemovable = true;
};
networking.hostName = "m3-hermes";
networking.hostId = "a1b2c3d4"; # TODO: Generate unique hostId
networking.networkmanager.enable = true;
time.timeZone = "Europe/Berlin";
i18n.defaultLocale = "en_US.UTF-8";
environment.systemPackages = with pkgs; [neovim git];
services.openssh = {
enable = true;
settings = {
PermitRootLogin = "no";
PasswordAuthentication = false;
};
};
services.fstrim = {
enable = true;
interval = "weekly";
};
# Firewall: outbound only, SSH inbound
networking.firewall = {
enable = true;
allowedTCPPorts = [22]; # SSH only
allowedUDPPorts = [];
allowPing = false;
};
system.stateVersion = "25.05";
}

16
hosts/m3-hermes/default.nix Normal file
View File

@@ -0,0 +1,16 @@
{
imports = [
../common
./configuration.nix
./programs.nix
./secrets.nix
./services
];
extraServices = {
flatpak.enable = false;
ollama.enable = false;
podman.enable = true;
virtualisation.enable = false;
};
}

39
hosts/m3-hermes/disko-config.nix Normal file
View File

@@ -0,0 +1,39 @@
{
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/sda";
content = {
type = "gpt";
partitions = {
boot = {
size = "1M";
type = "EF02"; # for GRUB MBR
priority = 1;
};
esp = {
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = ["defaults" "umask=0077"];
};
};
root = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
mountOptions = ["noatime" "nodiratime" "discard"];
};
};
};
};
};
};
};
}

17
hosts/m3-hermes/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,17 @@
# Do not modify this file! It was generated by 'nixos-generate-config'
# and may be overwritten by future invocations. Please make changes
# to configuration.nix instead.
{config, lib, pkgs, modulesPath, ...}: {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = [];
boot.extraModulePackages = [];
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

11
hosts/m3-hermes/programs.nix Normal file
View File

@@ -0,0 +1,11 @@
{pkgs, ...}: {
programs.nix-ld.enable = true;
programs.nix-ld.libraries = with pkgs; [];
programs.fish.enable = true;
programs.nh = {
enable = true;
clean.enable = true;
clean.extraArgs = "--keep-since 4d --keep 3";
flake = "/home/m3tam3re/p/nix/nixos-config";
};
}

13
hosts/m3-hermes/secrets.nix Normal file
View File

@@ -0,0 +1,13 @@
{
age = {
secrets = {
hermes-env = {
file = ../../secrets/hermes-env.age;
};
m3tam3re-secrets = {
file = ../../secrets/m3tam3re-secrets.age;
owner = "m3tam3re";
};
};
};
}

5
hosts/m3-hermes/services/default.nix Normal file
View File

@@ -0,0 +1,5 @@
{
imports = [
./hermes-agent.nix
];
}

191
hosts/m3-hermes/services/hermes-agent.nix Normal file
View File

@@ -0,0 +1,191 @@
{config, ...}: let
# Default ElevenLabs voice: Bella (German-capable female)
elevenlabsVoiceId = "hpp4J3VqNfWAUOO0d1Us";
in {
services.hermes-agent = {
enable = true;
addToSystemPackages = true;
# Secrets via agenix
environmentFiles = [config.age.secrets."hermes-env".path];
# Non-secret environment variables
environment = {
#
};
# ── Container mode (podman) ──────────────────────────────────────────
container = {
enable = true;
backend = "podman";
};
settings = {
# ── Model ──────────────────────────────────────────────────────────
model = {
default = "glm-5.1";
provider = "zai";
base_url = "https://api.z.ai/api/coding/paas/v4/";
};
credential_pool_strategies = {
zai = "fill_first";
};
toolsets = ["all"];
# ── Agent ──────────────────────────────────────────────────────────
agent = {
max_turns = 90;
gateway_timeout = 1800;
tool_use_enforcement = "auto";
};
# ── Terminal ───────────────────────────────────────────────────────
terminal = {
backend = "local";
modal_mode = "auto";
cwd = ".";
timeout = 180;
persistent_shell = true;
};
# ── Browser ────────────────────────────────────────────────────────
browser = {
inactivity_timeout = 120;
command_timeout = 30;
cloud_provider = "local";
};
# ── Checkpoints / Compression ──────────────────────────────────────
checkpoints = {
enabled = true;
max_snapshots = 50;
};
file_read_max_chars = 100000;
compression = {
enabled = true;
threshold = 0.5;
target_ratio = 0.2;
protect_last_n = 20;
};
# ── Display ────────────────────────────────────────────────────────
display = {
compact = false;
personality = "kawaii";
resume_display = "full";
busy_input_mode = "interrupt";
inline_diffs = true;
skin = "default";
tool_progress = "all";
};
# ── TTS / STT / Voice ──────────────────────────────────────────────
tts = {
provider = "elevenlabs";
elevenlabs = {
voice_id = elevenlabsVoiceId;
model_id = "eleven_multilingual_v2";
};
};
stt = {
enabled = true;
provider = "local";
local = {model = "base";};
};
voice = {
record_key = "ctrl+b";
max_recording_seconds = 120;
silence_threshold = 200;
silence_duration = 3.0;
};
# ── Memory ─────────────────────────────────────────────────────────
memory = {
memory_enabled = true;
user_profile_enabled = true;
memory_char_limit = 2200;
user_char_limit = 1375;
};
# ── Delegation ─────────────────────────────────────────────────────
delegation = {
max_iterations = 50;
};
# ── Discord ────────────────────────────────────────────────────────
discord = {
require_mention = true;
auto_thread = true;
reactions = true;
};
# ── Approvals / Security ───────────────────────────────────────────
approvals = {
mode = "manual";
timeout = 60;
};
security = {
redact_secrets = true;
tirith_enabled = true;
tirith_fail_open = true;
};
# ── Cron / Session ─────────────────────────────────────────────────
cron = {wrap_response = true;};
session_reset = {
mode = "both";
idle_minutes = 1440;
at_hour = 4;
};
# ── Web ────────────────────────────────────────────────────────────
web = {backend = "exa";};
# ── Platform Toolsets ──────────────────────────────────────────────
platform_toolsets = {
cli = [
"browser"
"clarify"
"code_execution"
"cronjob"
"delegation"
"file"
"image_gen"
"memory"
"session_search"
"skills"
"terminal"
"todo"
"tts"
"vision"
"web"
];
telegram = [
"browser"
"clarify"
"code_execution"
"cronjob"
"delegation"
"file"
"image_gen"
"memory"
"session_search"
"skills"
"terminal"
"todo"
"tts"
"vision"
"web"
];
};
};
};
}