+m3-hermes

2026-04-07 06:19:05 +02:00
parent 38c27eff1c
commit 6853bb3063
12 changed files with 391 additions and 21 deletions
--- a/flake.lock
+++ b/flake.lock
@@ -26,14 +26,17 @@
        "nixpkgs": "nixpkgs_2"
      },
      "locked": {
-        "lastModified": 1774683796,
-        "narHash": "sha256-idEZ4OMgD27cWFJ+/6IF1F8BcmnpH9orGVhZUvzkDig=",
-        "path": "/home/m3tam3re/p/AI/AGENTS",
-        "type": "path"
+        "lastModified": 1774977190,
+        "narHash": "sha256-C4FJ0UhbHQngXqPZNPrNShb0tFXYXFdYdXSg1WezKes=",
+        "ref": "refs/heads/master",
+        "rev": "a05558b8112574fc4e8e82094ce1420ee02c0770",
+        "revCount": 67,
+        "type": "git",
+        "url": "https://code.m3ta.dev/m3tam3re/AGENTS"
      },
      "original": {
-        "path": "/home/m3tam3re/p/AI/AGENTS",
-        "type": "path"
+        "type": "git",
+        "url": "https://code.m3ta.dev/m3tam3re/AGENTS"
      }
    },
    "base16-schemes": {
@@ -429,14 +432,17 @@
        "openspec": "openspec"
      },
      "locked": {
-        "lastModified": 1775355384,
-        "narHash": "sha256-3XPJvNUjd5JXshjogwUy8T/N5ylHUd7tDBSxcAkEAcY=",
-        "path": "/home/m3tam3re/p/NIX/nixpkgs",
-        "type": "path"
+        "lastModified": 1775493495,
+        "narHash": "sha256-qnEmtTlLjZ3Ua/+hobZhVRhEhQHvZdVxmS5IN1Fi150=",
+        "ref": "refs/heads/master",
+        "rev": "715d06e83bdfd63dd16dda4a9533ddfe670862e2",
+        "revCount": 215,
+        "type": "git",
+        "url": "https://code.m3ta.dev/m3tam3re/nixpkgs"
      },
      "original": {
-        "path": "/home/m3tam3re/p/NIX/nixpkgs",
-        "type": "path"
+        "type": "git",
+        "url": "https://code.m3ta.dev/m3tam3re/nixpkgs"
      }
    },
    "nix-colors": {
@@ -776,16 +782,16 @@
        ]
      },
      "locked": {
-        "lastModified": 1774996501,
-        "narHash": "sha256-1sEkQDdV/qU4/N9oHR4mptllcRWt503k6HZ8Yp4EooE=",
+        "lastModified": 1775461158,
+        "narHash": "sha256-FiQzBj3C0sAnKU+WMktliqt0zM3YQDrgQbner1LOTi8=",
        "owner": "anomalyco",
        "repo": "opencode",
-        "rev": "892bdebaacbed3fc76976431c7aa7b81ab639fb6",
+        "rev": "517e6c9aa4c61dbc125e7654fc596f1d529f20d9",
        "type": "github"
      },
      "original": {
        "owner": "anomalyco",
-        "ref": "v1.3.12",
+        "ref": "v1.3.17",
        "repo": "opencode",
        "type": "github"
      }
--- a/flake.nix
+++ b/flake.nix
@@ -22,8 +22,8 @@
    nixpkgs-9e58ed7.url = "github:nixos/nixpkgs/9e58ed7ba759d81c98f033b7f5eba21ca68f53b0";
    nixpkgs-master.url = "github:nixos/nixpkgs/master";

-    # m3ta-nixpkgs.url = "git+https://code.m3ta.dev/m3tam3re/nixpkgs";
-    m3ta-nixpkgs.url = "path:/home/m3tam3re/p/NIX/nixpkgs";
+    m3ta-nixpkgs.url = "git+https://code.m3ta.dev/m3tam3re/nixpkgs";
+    # m3ta-nixpkgs.url = "path:/home/m3tam3re/p/NIX/nixpkgs";
    llm-agents.url = "github:numtide/llm-agents.nix";

    #
@@ -45,8 +45,8 @@
    nix-colors.url = "github:misterio77/nix-colors";

    agents = {
-      url = "path:/home/m3tam3re/p/AI/AGENTS";
-      # url = "git+https://code.m3ta.dev/m3tam3re/AGENTS";
+      # url = "path:/home/m3tam3re/p/AI/AGENTS";
+      url = "git+https://code.m3ta.dev/m3tam3re/AGENTS";
    };
    ## Skills
    skills-basecamp = {
@@ -146,6 +146,19 @@
          m3ta-nixpkgs.nixosModules.default
        ];
      };
+      m3-hermes = nixpkgs.lib.nixosSystem {
+        specialArgs = {
+          inherit inputs outputs;
+          system = "x86_64-linux";
+        };
+        modules = [
+          ./hosts/m3-hermes
+          inputs.disko.nixosModules.disko
+          agenix.nixosModules.default
+          m3ta-nixpkgs.nixosModules.default
+          inputs.hermes-agent.nixosModules.default
+        ];
+      };
    };
    homeConfigurations = {
      "m3tam3re@m3-daedalus" = home-manager.lib.homeManagerConfiguration {
--- a/home/m3tam3re/m3-hermes.nix
+++ b/home/m3tam3re/m3-hermes.nix
@@ -0,0 +1,17 @@
+{
+  imports = [
+    ../common
+    ../features/cli
+    ./home-server.nix
+  ];
+
+  features = {
+    cli = {
+      fish.enable = true;
+      fzf.enable = true;
+      nitch.enable = true;
+      secrets.enable = false;
+      starship.enable = true;
+    };
+  };
+}
--- a/hosts/m3-atlas/services/default.nix
+++ b/hosts/m3-atlas/services/default.nix
@@ -4,7 +4,6 @@
    ./containers
    ./gitea.nix
    ./gitea-actions-runner.nix
-    ./hermes-agent.nix
    ./minio.nix
    ./mysql.nix
    ./netbird.nix
--- a/hosts/m3-hermes/configuration.nix
+++ b/hosts/m3-hermes/configuration.nix
@@ -0,0 +1,43 @@
+{pkgs, ...}: {
+  imports = [
+    ./disko-config.nix
+    ./hardware-configuration.nix
+  ];
+
+  # Bootloader.
+  boot.loader.grub = {
+    efiSupport = true;
+    efiInstallAsRemovable = true;
+  };
+
+  networking.hostName = "m3-hermes";
+  networking.hostId = "a1b2c3d4"; # TODO: Generate unique hostId
+  networking.networkmanager.enable = true;
+  time.timeZone = "Europe/Berlin";
+  i18n.defaultLocale = "en_US.UTF-8";
+
+  environment.systemPackages = with pkgs; [neovim git];
+
+  services.openssh = {
+    enable = true;
+    settings = {
+      PermitRootLogin = "no";
+      PasswordAuthentication = false;
+    };
+  };
+
+  services.fstrim = {
+    enable = true;
+    interval = "weekly";
+  };
+
+  # Firewall: outbound only, SSH inbound
+  networking.firewall = {
+    enable = true;
+    allowedTCPPorts = [22]; # SSH only
+    allowedUDPPorts = [];
+    allowPing = false;
+  };
+
+  system.stateVersion = "25.05";
+}
--- a/hosts/m3-hermes/default.nix
+++ b/hosts/m3-hermes/default.nix
@@ -0,0 +1,16 @@
+{
+  imports = [
+    ../common
+    ./configuration.nix
+    ./programs.nix
+    ./secrets.nix
+    ./services
+  ];
+
+  extraServices = {
+    flatpak.enable = false;
+    ollama.enable = false;
+    podman.enable = true;
+    virtualisation.enable = false;
+  };
+}
--- a/hosts/m3-hermes/disko-config.nix
+++ b/hosts/m3-hermes/disko-config.nix
@@ -0,0 +1,39 @@
+{
+  disko.devices = {
+    disk = {
+      main = {
+        type = "disk";
+        device = "/dev/sda";
+        content = {
+          type = "gpt";
+          partitions = {
+            boot = {
+              size = "1M";
+              type = "EF02"; # for GRUB MBR
+              priority = 1;
+            };
+            esp = {
+              size = "512M";
+              type = "EF00";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+                mountOptions = ["defaults" "umask=0077"];
+              };
+            };
+            root = {
+              size = "100%";
+              content = {
+                type = "filesystem";
+                format = "ext4";
+                mountpoint = "/";
+                mountOptions = ["noatime" "nodiratime" "discard"];
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+}
--- a/hosts/m3-hermes/hardware-configuration.nix
+++ b/hosts/m3-hermes/hardware-configuration.nix
@@ -0,0 +1,17 @@
+# Do not modify this file!  It was generated by 'nixos-generate-config'
+# and may be overwritten by future invocations.  Please make changes
+# to configuration.nix instead.
+{config, lib, pkgs, modulesPath, ...}: {
+  imports = [
+    (modulesPath + "/profiles/qemu-guest.nix")
+  ];
+
+  boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"];
+  boot.initrd.kernelModules = [];
+  boot.kernelModules = [];
+  boot.extraModulePackages = [];
+
+  networking.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}
--- a/hosts/m3-hermes/programs.nix
+++ b/hosts/m3-hermes/programs.nix
@@ -0,0 +1,11 @@
+{pkgs, ...}: {
+  programs.nix-ld.enable = true;
+  programs.nix-ld.libraries = with pkgs; [];
+  programs.fish.enable = true;
+  programs.nh = {
+    enable = true;
+    clean.enable = true;
+    clean.extraArgs = "--keep-since 4d --keep 3";
+    flake = "/home/m3tam3re/p/nix/nixos-config";
+  };
+}
--- a/hosts/m3-hermes/secrets.nix
+++ b/hosts/m3-hermes/secrets.nix
@@ -0,0 +1,13 @@
+{
+  age = {
+    secrets = {
+      hermes-env = {
+        file = ../../secrets/hermes-env.age;
+      };
+      m3tam3re-secrets = {
+        file = ../../secrets/m3tam3re-secrets.age;
+        owner = "m3tam3re";
+      };
+    };
+  };
+}
--- a/hosts/m3-hermes/services/default.nix
+++ b/hosts/m3-hermes/services/default.nix
@@ -0,0 +1,5 @@
+{
+  imports = [
+    ./hermes-agent.nix
+  ];
+}
--- a/hosts/m3-hermes/services/hermes-agent.nix
+++ b/hosts/m3-hermes/services/hermes-agent.nix
@@ -0,0 +1,191 @@
+{config, ...}: let
+  # Default ElevenLabs voice: Bella (German-capable female)
+  elevenlabsVoiceId = "hpp4J3VqNfWAUOO0d1Us";
+in {
+  services.hermes-agent = {
+    enable = true;
+    addToSystemPackages = true;
+
+    # Secrets via agenix
+    environmentFiles = [config.age.secrets."hermes-env".path];
+
+    # Non-secret environment variables
+    environment = {
+      #
+    };
+
+    # ── Container mode (podman) ──────────────────────────────────────────
+    container = {
+      enable = true;
+      backend = "podman";
+    };
+
+    settings = {
+      # ── Model ──────────────────────────────────────────────────────────
+      model = {
+        default = "glm-5.1";
+        provider = "zai";
+        base_url = "https://api.z.ai/api/coding/paas/v4/";
+      };
+
+      credential_pool_strategies = {
+        zai = "fill_first";
+      };
+
+      toolsets = ["all"];
+
+      # ── Agent ──────────────────────────────────────────────────────────
+      agent = {
+        max_turns = 90;
+        gateway_timeout = 1800;
+        tool_use_enforcement = "auto";
+      };
+
+      # ── Terminal ───────────────────────────────────────────────────────
+      terminal = {
+        backend = "local";
+        modal_mode = "auto";
+        cwd = ".";
+        timeout = 180;
+        persistent_shell = true;
+      };
+
+      # ── Browser ────────────────────────────────────────────────────────
+      browser = {
+        inactivity_timeout = 120;
+        command_timeout = 30;
+        cloud_provider = "local";
+      };
+
+      # ── Checkpoints / Compression ──────────────────────────────────────
+      checkpoints = {
+        enabled = true;
+        max_snapshots = 50;
+      };
+
+      file_read_max_chars = 100000;
+
+      compression = {
+        enabled = true;
+        threshold = 0.5;
+        target_ratio = 0.2;
+        protect_last_n = 20;
+      };
+
+      # ── Display ────────────────────────────────────────────────────────
+      display = {
+        compact = false;
+        personality = "kawaii";
+        resume_display = "full";
+        busy_input_mode = "interrupt";
+        inline_diffs = true;
+        skin = "default";
+        tool_progress = "all";
+      };
+
+      # ── TTS / STT / Voice ──────────────────────────────────────────────
+      tts = {
+        provider = "elevenlabs";
+        elevenlabs = {
+          voice_id = elevenlabsVoiceId;
+          model_id = "eleven_multilingual_v2";
+        };
+      };
+
+      stt = {
+        enabled = true;
+        provider = "local";
+        local = {model = "base";};
+      };
+
+      voice = {
+        record_key = "ctrl+b";
+        max_recording_seconds = 120;
+        silence_threshold = 200;
+        silence_duration = 3.0;
+      };
+
+      # ── Memory ─────────────────────────────────────────────────────────
+      memory = {
+        memory_enabled = true;
+        user_profile_enabled = true;
+        memory_char_limit = 2200;
+        user_char_limit = 1375;
+      };
+
+      # ── Delegation ─────────────────────────────────────────────────────
+      delegation = {
+        max_iterations = 50;
+      };
+
+      # ── Discord ────────────────────────────────────────────────────────
+      discord = {
+        require_mention = true;
+        auto_thread = true;
+        reactions = true;
+      };
+
+      # ── Approvals / Security ───────────────────────────────────────────
+      approvals = {
+        mode = "manual";
+        timeout = 60;
+      };
+
+      security = {
+        redact_secrets = true;
+        tirith_enabled = true;
+        tirith_fail_open = true;
+      };
+
+      # ── Cron / Session ─────────────────────────────────────────────────
+      cron = {wrap_response = true;};
+
+      session_reset = {
+        mode = "both";
+        idle_minutes = 1440;
+        at_hour = 4;
+      };
+
+      # ── Web ────────────────────────────────────────────────────────────
+      web = {backend = "exa";};
+
+      # ── Platform Toolsets ──────────────────────────────────────────────
+      platform_toolsets = {
+        cli = [
+          "browser"
+          "clarify"
+          "code_execution"
+          "cronjob"
+          "delegation"
+          "file"
+          "image_gen"
+          "memory"
+          "session_search"
+          "skills"
+          "terminal"
+          "todo"
+          "tts"
+          "vision"
+          "web"
+        ];
+        telegram = [
+          "browser"
+          "clarify"
+          "code_execution"
+          "cronjob"
+          "delegation"
+          "file"
+          "image_gen"
+          "memory"
+          "session_search"
+          "skills"
+          "terminal"
+          "todo"
+          "tts"
+          "vision"
+          "web"
+        ];
+      };
+    };
+  };
+}