flake update + hermes workaround for upstream bug

2026-04-08 17:48:27 +02:00
parent 6853bb3063
commit 6a58b3656a
46 changed files with 703 additions and 601 deletions
--- a/hosts/m3-hermes/secrets.nix
+++ b/hosts/m3-hermes/secrets.nix
@@ -4,9 +4,8 @@
      hermes-env = {
        file = ../../secrets/hermes-env.age;
      };
-      m3tam3re-secrets = {
-        file = ../../secrets/m3tam3re-secrets.age;
-        owner = "m3tam3re";
+      hermes-cloud-env = {
+        file = ../../secrets/hermes-cloud-env.age;
      };
    };
  };
--- a/hosts/m3-hermes/services/hermes-agent.nix
+++ b/hosts/m3-hermes/services/hermes-agent.nix
@@ -1,4 +1,8 @@
-{config, ...}: let
+{
+  config,
+  pkgs,
+  ...
+}: let
  # Default ElevenLabs voice: Bella (German-capable female)
  elevenlabsVoiceId = "hpp4J3VqNfWAUOO0d1Us";
 in {
@@ -7,17 +11,21 @@ in {
    addToSystemPackages = true;

    # Secrets via agenix
-    environmentFiles = [config.age.secrets."hermes-env".path];
+    environmentFiles = [
+      config.age.secrets."hermes-env".path
+      config.age.secrets."hermes-cloud-env".path
+    ];

    # Non-secret environment variables
    environment = {
-      #
+      GLM_BASE_URL = "https://api.z.ai/api/coding/paas/v4/";
    };

    # ── Container mode (podman) ──────────────────────────────────────────
    container = {
      enable = true;
      backend = "podman";
+      extraVolumes = ["/home/m3tam3re/p:/projects:rw"];
    };

    settings = {
@@ -25,7 +33,6 @@ in {
      model = {
        default = "glm-5.1";
        provider = "zai";
-        base_url = "https://api.z.ai/api/coding/paas/v4/";
      };

      credential_pool_strategies = {
@@ -188,4 +195,11 @@ in {
      };
    };
  };
+
+  users.users.hermes = {
+    isNormalUser = false;
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICAVF7jGP1S6vc5CxeBFD/UxiImHOgbPlKg8WYyNtOA3"
+    ];
+  };
 }