From 9bceb1c6d0be4266a44bd34fb66c9ba96c013bc6 Mon Sep 17 00:00:00 2001 From: m3ta-chiron Date: Sat, 6 Jun 2026 13:15:27 +0200 Subject: [PATCH] fix: make inputs self-contained --- flake.lock | 496 ++++++++++++++++++---- flake.nix | 19 +- hosts/m3-hermes/services/hermes-agent.nix | 173 ++++++-- secrets/hermes-api-server-key.age | 45 +- secrets/m3tam3re-secrets.age | Bin 1625 -> 1756 bytes 5 files changed, 557 insertions(+), 176 deletions(-) diff --git a/flake.lock b/flake.lock index 275f61e..de94dcd 100644 --- a/flake.lock +++ b/flake.lock @@ -44,32 +44,17 @@ }, "agent-lib": { "inputs": { - "nixpkgs": ["m3ta-home", "nixpkgs"] + "nixpkgs": [ + "m3ta-home", + "nixpkgs" + ] }, "locked": { - "lastModified": 1780681759, - "narHash": "sha256-eszNyFb1If4ePaJD1aQTvHFog8lvpwjCTl8F9rUlXnk=", + "lastModified": 1780736323, + "narHash": "sha256-b4CfjbWTT+5Z0XBI2/W2DnybwkYVwLxghCwXVmw9+Iw=", "ref": "refs/heads/master", - "rev": "9a4ee71b1a9008422266e4364a76ee2f08868b5a", - "revCount": 25, - "type": "git", - "url": "ssh://gitea@code.m3ta.dev/m3tam3re/agent-lib" - }, - "original": { - "type": "git", - "url": "ssh://gitea@code.m3ta.dev/m3tam3re/agent-lib" - } - }, - "agent-lib_2": { - "inputs": { - "nixpkgs": ["m3ta-home", "nixpkgs"] - }, - "locked": { - "lastModified": 1780157040, - "narHash": "sha256-j2d3nj3FvOlxQ+Zlse+rMo3qHD3m4Gick5uiwtTaA2o=", - "ref": "refs/heads/master", - "rev": "f63712a9ba03da6e2f591766d0f055aa65e6d237", - "revCount": 24, + "rev": "b0c832c9e02d8b3d8ad091f022c859382a037afd", + "revCount": 26, "type": "git", "url": "ssh://gitea@code.m3ta.dev/m3tam3re/agent-lib" }, @@ -162,7 +147,11 @@ }, "basecamp": { "inputs": { - "nixpkgs": ["m3ta-home", "m3ta-nixpkgs", "nixpkgs"] + "nixpkgs": [ + "m3ta-home", + "m3ta-nixpkgs", + "nixpkgs" + ] }, "locked": { "lastModified": 1774505501, @@ -181,7 +170,10 @@ }, "basecamp_2": { "inputs": { - "nixpkgs": ["m3ta-nixpkgs", "nixpkgs"] + "nixpkgs": [ + "m3ta-nixpkgs", + "nixpkgs" + ] }, "locked": { "lastModified": 1774505501, @@ -200,8 +192,14 @@ }, "blueprint": { "inputs": { - "nixpkgs": ["llm-agents", "nixpkgs"], - "systems": ["llm-agents", "systems"] + "nixpkgs": [ + "llm-agents", + "nixpkgs" + ], + "systems": [ + "llm-agents", + "systems" + ] }, "locked": { "lastModified": 1776249299, @@ -219,10 +217,22 @@ }, "bun2nix": { "inputs": { - "flake-parts": ["llm-agents", "flake-parts"], - "nixpkgs": ["llm-agents", "nixpkgs"], - "systems": ["llm-agents", "systems"], - "treefmt-nix": ["llm-agents", "treefmt-nix"] + "flake-parts": [ + "llm-agents", + "flake-parts" + ], + "nixpkgs": [ + "llm-agents", + "nixpkgs" + ], + "systems": [ + "llm-agents", + "systems" + ], + "treefmt-nix": [ + "llm-agents", + "treefmt-nix" + ] }, "locked": { "lastModified": 1778446047, @@ -240,7 +250,10 @@ }, "darwin": { "inputs": { - "nixpkgs": ["agenix", "nixpkgs"] + "nixpkgs": [ + "agenix", + "nixpkgs" + ] }, "locked": { "lastModified": 1744478979, @@ -259,7 +272,11 @@ }, "darwin_2": { "inputs": { - "nixpkgs": ["m3ta-home", "agenix", "nixpkgs"] + "nixpkgs": [ + "m3ta-home", + "agenix", + "nixpkgs" + ] }, "locked": { "lastModified": 1744478979, @@ -278,7 +295,9 @@ }, "disko": { "inputs": { - "nixpkgs": ["nixpkgs"] + "nixpkgs": [ + "nixpkgs" + ] }, "locked": { "lastModified": 1780290312, @@ -296,7 +315,10 @@ }, "dms": { "inputs": { - "nixpkgs": ["m3ta-home", "nixpkgs"], + "nixpkgs": [ + "m3ta-home", + "nixpkgs" + ], "quickshell": "quickshell" }, "locked": { @@ -316,7 +338,10 @@ }, "dms-plugin-registry": { "inputs": { - "nixpkgs": ["m3ta-home", "nixpkgs"] + "nixpkgs": [ + "m3ta-home", + "nixpkgs" + ] }, "locked": { "lastModified": 1780281921, @@ -334,7 +359,10 @@ }, "flake-parts": { "inputs": { - "nixpkgs-lib": ["hermes-agent", "nixpkgs"] + "nixpkgs-lib": [ + "hermes-agent", + "nixpkgs" + ] }, "locked": { "lastModified": 1772408722, @@ -352,7 +380,10 @@ }, "flake-parts_2": { "inputs": { - "nixpkgs-lib": ["llm-agents", "nixpkgs"] + "nixpkgs-lib": [ + "llm-agents", + "nixpkgs" + ] }, "locked": { "lastModified": 1778716662, @@ -370,7 +401,33 @@ }, "flake-parts_3": { "inputs": { - "nixpkgs-lib": ["m3ta-home", "nur", "nixpkgs"] + "nixpkgs-lib": [ + "m3ta-home", + "hermes-agent", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1772408722, + "narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_4": { + "inputs": { + "nixpkgs-lib": [ + "m3ta-home", + "nur", + "nixpkgs" + ] }, "locked": { "lastModified": 1733312601, @@ -386,9 +443,12 @@ "type": "github" } }, - "flake-parts_4": { + "flake-parts_5": { "inputs": { - "nixpkgs-lib": ["nur", "nixpkgs"] + "nixpkgs-lib": [ + "nur", + "nixpkgs" + ] }, "locked": { "lastModified": 1733312601, @@ -414,23 +474,52 @@ "uv2nix": "uv2nix_2" }, "locked": { - "lastModified": 1780061757, - "narHash": "sha256-0CmNH879jnsAAszo1nkkFm8RNE49xtwUditYdFIYBCM=", + "lastModified": 1780707343, + "narHash": "sha256-ngpkopVczNrT0bfCXHm38QjgrZT96Bm/rO89NA/ls3Y=", "owner": "NousResearch", "repo": "hermes-agent", - "rev": "77a1650c78a4cb1813d8a81fa1da40a15b6a3ec5", + "rev": "3c231eb3979ab9c57d5cd6d02f1d577a3b718b43", + "type": "github" + }, + "original": { + "owner": "NousResearch", + "ref": "v2026.6.5", + "repo": "hermes-agent", + "type": "github" + } + }, + "hermes-agent_2": { + "inputs": { + "flake-parts": "flake-parts_3", + "nixpkgs": [ + "m3ta-home", + "nixpkgs" + ], + "npm-lockfile-fix": "npm-lockfile-fix_2", + "pyproject-build-systems": "pyproject-build-systems_2", + "pyproject-nix": "pyproject-nix_5", + "uv2nix": "uv2nix_4" + }, + "locked": { + "lastModified": 1780733287, + "narHash": "sha256-cMm2PL8ymiizMnK2JAHVSMCfPsMAis2OcIbdYwR3ZSs=", + "owner": "NousResearch", + "repo": "hermes-agent", + "rev": "5af899c7ca753a56a4daeb6fa6ff3cbb113234b8", "type": "github" }, "original": { "owner": "NousResearch", - "ref": "v2026.5.29.2", "repo": "hermes-agent", "type": "github" } }, "home-manager": { "inputs": { - "nixpkgs": ["agenix", "nixpkgs"] + "nixpkgs": [ + "agenix", + "nixpkgs" + ] }, "locked": { "lastModified": 1745494811, @@ -448,14 +537,16 @@ }, "home-manager_2": { "inputs": { - "nixpkgs": ["nixpkgs"] + "nixpkgs": [ + "nixpkgs" + ] }, "locked": { - "lastModified": 1780593650, - "narHash": "sha256-CHo7k65YTL3HY+WQVedDTupji+LMgNlKCdrtRHZFAK4=", + "lastModified": 1780679734, + "narHash": "sha256-KmRNvpNOb7QEORa06bVgjW9kITcx0VhsI7w0vhmZyD8=", "owner": "nix-community", "repo": "home-manager", - "rev": "447fd9ff62501dae7206dfe180ee89f8de27b7d5", + "rev": "b2b7db486e06e098711dc291bb25db82850e1d16", "type": "github" }, "original": { @@ -466,7 +557,11 @@ }, "home-manager_3": { "inputs": { - "nixpkgs": ["m3ta-home", "agenix", "nixpkgs"] + "nixpkgs": [ + "m3ta-home", + "agenix", + "nixpkgs" + ] }, "locked": { "lastModified": 1745494811, @@ -484,7 +579,10 @@ }, "home-manager_4": { "inputs": { - "nixpkgs": ["m3ta-home", "nixpkgs"] + "nixpkgs": [ + "m3ta-home", + "nixpkgs" + ] }, "locked": { "lastModified": 1780099287, @@ -502,7 +600,10 @@ }, "hyprlang": { "inputs": { - "nixpkgs": ["rose-pine-hyprcursor", "nixpkgs"], + "nixpkgs": [ + "rose-pine-hyprcursor", + "nixpkgs" + ], "systems": "systems_4" }, "locked": { @@ -529,11 +630,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1780640554, - "narHash": "sha256-dgnL2gTgRoO1D4z6wkARGCO/gimq3/UE/mVFcQcWBn8=", + "lastModified": 1780723669, + "narHash": "sha256-1GqON+bTWMrA8tTfZ194tk5Fi8R4YWjBUaScB1mTkmA=", "owner": "numtide", "repo": "llm-agents.nix", - "rev": "f764eba1fdd162a1f2bc923f7e7034b894a22b4a", + "rev": "7aa0fff2d50775e8b79040824385eaf250a250a9", "type": "github" }, "original": { @@ -545,35 +646,38 @@ "m3ta-home": { "inputs": { "agenix": "agenix_2", - "agent-lib": "agent-lib_2", + "agent-lib": "agent-lib", "agents": "agents", "dms": "dms", "dms-plugin-registry": "dms-plugin-registry", + "hermes-agent": "hermes-agent_2", "home-manager": "home-manager_4", "m3ta-nixpkgs": "m3ta-nixpkgs", "nix-colors": "nix-colors", - "nixpkgs": ["nixpkgs"], + "nixpkgs": [ + "nixpkgs" + ], "nur": "nur" }, "locked": { - "lastModified": 1780420920, - "narHash": "sha256-dxcRmexgCX+DlmlFRE/eW3gzdohVU7+JTAkzUzvG/1Y=", - "ref": "refs/heads/master", - "rev": "19dea8277ef9c473e95e2dc3be367044dfa3f65c", - "revCount": 45, - "type": "git", - "url": "ssh://gitea@code.m3ta.dev/m3tam3re/m3ta-home" + "lastModified": 1780744454, + "narHash": "sha256-UMve8ATj7lb2aDEYs6ErYYl2zxoe+cTbZ3JZrJO7Whw=", + "path": "/home/m3tam3re/p/NIX/m3ta-home", + "type": "path" }, "original": { - "type": "git", - "url": "ssh://gitea@code.m3ta.dev/m3tam3re/m3ta-home" + "path": "/home/m3tam3re/p/NIX/m3ta-home", + "type": "path" } }, "m3ta-nixpkgs": { "inputs": { "agents": "agents_2", "basecamp": "basecamp", - "nixpkgs": ["m3ta-home", "nixpkgs"], + "nixpkgs": [ + "m3ta-home", + "nixpkgs" + ], "nixpkgs-master": "nixpkgs-master", "openspec": "openspec" }, @@ -813,11 +917,11 @@ }, "nixpkgs-master_3": { "locked": { - "lastModified": 1780675612, - "narHash": "sha256-0uf5rIKWl6ljqZtDdYhVpBru9cggmUyoOw+m7IZNKYk=", + "lastModified": 1780727454, + "narHash": "sha256-mkqXK8st0OlcseyZGon2n+k7SThg+P5LRt3jTza26E0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "a08eccd152a1534c8e01e69709fd21b108e5be2d", + "rev": "51d40d1b686a6bb543d2edc5f8919aa62d26f27e", "type": "github" }, "original": { @@ -829,11 +933,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1779796641, - "narHash": "sha256-ZsIrKmhp4vbBXoXXmR/tBXA/UCsAQiJL9vsgZEduhVY=", + "lastModified": 1780511130, + "narHash": "sha256-2v9lT4ya59Lh1FqPeLnz1MoX9y/wz2huqfe9RtQZITk=", "owner": "nixos", "repo": "nixpkgs", - "rev": "25f538306313eae3927264466c70d7001dcea1df", + "rev": "535f3e6942cb1cead3929c604320d3db54b542b9", "type": "github" }, "original": { @@ -989,7 +1093,32 @@ }, "npm-lockfile-fix": { "inputs": { - "nixpkgs": ["hermes-agent", "nixpkgs"] + "nixpkgs": [ + "hermes-agent", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1775903712, + "narHash": "sha256-2GV79U6iVH4gKAPWYrxUReB0S41ty/Y3dBLquU8AlaA=", + "owner": "jeslie0", + "repo": "npm-lockfile-fix", + "rev": "c6093acb0c0548e0f9b8b3d82918823721930fe8", + "type": "github" + }, + "original": { + "owner": "jeslie0", + "repo": "npm-lockfile-fix", + "type": "github" + } + }, + "npm-lockfile-fix_2": { + "inputs": { + "nixpkgs": [ + "m3ta-home", + "hermes-agent", + "nixpkgs" + ] }, "locked": { "lastModified": 1775903712, @@ -1007,7 +1136,7 @@ }, "nur": { "inputs": { - "flake-parts": "flake-parts_3", + "flake-parts": "flake-parts_4", "nixpkgs": "nixpkgs_6" }, "locked": { @@ -1026,15 +1155,17 @@ }, "nur_2": { "inputs": { - "flake-parts": "flake-parts_4", - "nixpkgs": ["nixpkgs"] + "flake-parts": "flake-parts_5", + "nixpkgs": [ + "nixpkgs" + ] }, "locked": { - "lastModified": 1780667345, - "narHash": "sha256-JkFBPvT91un8Hq2wrMJxcJgiWwpIl6X5frAH6E8f32M=", + "lastModified": 1780729463, + "narHash": "sha256-FUkUJB+l3QLMzp/egsfvEnLJWe/FxyY/pYSrkYY4gtY=", "owner": "nix-community", "repo": "NUR", - "rev": "c81bd4bb3912e373c17eaff12d67d478dfedf418", + "rev": "80e259e2523c4ef547419d437872278a01d5a387", "type": "github" }, "original": { @@ -1045,7 +1176,11 @@ }, "openspec": { "inputs": { - "nixpkgs": ["m3ta-home", "m3ta-nixpkgs", "nixpkgs"] + "nixpkgs": [ + "m3ta-home", + "m3ta-nixpkgs", + "nixpkgs" + ] }, "locked": { "lastModified": 1779302169, @@ -1063,7 +1198,10 @@ }, "openspec_2": { "inputs": { - "nixpkgs": ["m3ta-nixpkgs", "nixpkgs"] + "nixpkgs": [ + "m3ta-nixpkgs", + "nixpkgs" + ] }, "locked": { "lastModified": 1779302169, @@ -1081,7 +1219,10 @@ }, "pyproject-build-systems": { "inputs": { - "nixpkgs": ["hermes-agent", "nixpkgs"], + "nixpkgs": [ + "hermes-agent", + "nixpkgs" + ], "pyproject-nix": "pyproject-nix", "uv2nix": "uv2nix" }, @@ -1099,9 +1240,37 @@ "type": "github" } }, + "pyproject-build-systems_2": { + "inputs": { + "nixpkgs": [ + "m3ta-home", + "hermes-agent", + "nixpkgs" + ], + "pyproject-nix": "pyproject-nix_4", + "uv2nix": "uv2nix_3" + }, + "locked": { + "lastModified": 1772555609, + "narHash": "sha256-3BA3HnUvJSbHJAlJj6XSy0Jmu7RyP2gyB/0fL7XuEDo=", + "owner": "pyproject-nix", + "repo": "build-system-pkgs", + "rev": "c37f66a953535c394244888598947679af231863", + "type": "github" + }, + "original": { + "owner": "pyproject-nix", + "repo": "build-system-pkgs", + "type": "github" + } + }, "pyproject-nix": { "inputs": { - "nixpkgs": ["hermes-agent", "pyproject-build-systems", "nixpkgs"] + "nixpkgs": [ + "hermes-agent", + "pyproject-build-systems", + "nixpkgs" + ] }, "locked": { "lastModified": 1769936401, @@ -1119,7 +1288,10 @@ }, "pyproject-nix_2": { "inputs": { - "nixpkgs": ["hermes-agent", "nixpkgs"] + "nixpkgs": [ + "hermes-agent", + "nixpkgs" + ] }, "locked": { "lastModified": 1772865871, @@ -1137,7 +1309,79 @@ }, "pyproject-nix_3": { "inputs": { - "nixpkgs": ["hermes-agent", "uv2nix", "nixpkgs"] + "nixpkgs": [ + "hermes-agent", + "uv2nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1771518446, + "narHash": "sha256-nFJSfD89vWTu92KyuJWDoTQJuoDuddkJV3TlOl1cOic=", + "owner": "pyproject-nix", + "repo": "pyproject.nix", + "rev": "eb204c6b3335698dec6c7fc1da0ebc3c6df05937", + "type": "github" + }, + "original": { + "owner": "pyproject-nix", + "repo": "pyproject.nix", + "type": "github" + } + }, + "pyproject-nix_4": { + "inputs": { + "nixpkgs": [ + "m3ta-home", + "hermes-agent", + "pyproject-build-systems", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1769936401, + "narHash": "sha256-kwCOegKLZJM9v/e/7cqwg1p/YjjTAukKPqmxKnAZRgA=", + "owner": "nix-community", + "repo": "pyproject.nix", + "rev": "b0d513eeeebed6d45b4f2e874f9afba2021f7812", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "pyproject.nix", + "type": "github" + } + }, + "pyproject-nix_5": { + "inputs": { + "nixpkgs": [ + "m3ta-home", + "hermes-agent", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1772865871, + "narHash": "sha256-/ZTSg97aouL0SlPHaokA4r3iuH9QzHVuWPACD2CUCFY=", + "owner": "pyproject-nix", + "repo": "pyproject.nix", + "rev": "e537db02e72d553cea470976b9733581bcf5b3ed", + "type": "github" + }, + "original": { + "owner": "pyproject-nix", + "repo": "pyproject.nix", + "type": "github" + } + }, + "pyproject-nix_6": { + "inputs": { + "nixpkgs": [ + "m3ta-home", + "hermes-agent", + "uv2nix", + "nixpkgs" + ] }, "locked": { "lastModified": 1771518446, @@ -1155,7 +1399,11 @@ }, "quickshell": { "inputs": { - "nixpkgs": ["m3ta-home", "dms", "nixpkgs"] + "nixpkgs": [ + "m3ta-home", + "dms", + "nixpkgs" + ] }, "locked": { "lastModified": 1776854048, @@ -1216,7 +1464,9 @@ }, "rustfs": { "inputs": { - "nixpkgs": ["nixpkgs"] + "nixpkgs": [ + "nixpkgs" + ] }, "locked": { "lastModified": 1780564157, @@ -1309,7 +1559,10 @@ }, "treefmt-nix": { "inputs": { - "nixpkgs": ["llm-agents", "nixpkgs"] + "nixpkgs": [ + "llm-agents", + "nixpkgs" + ] }, "locked": { "lastModified": 1780220602, @@ -1345,7 +1598,11 @@ }, "uv2nix": { "inputs": { - "nixpkgs": ["hermes-agent", "pyproject-build-systems", "nixpkgs"], + "nixpkgs": [ + "hermes-agent", + "pyproject-build-systems", + "nixpkgs" + ], "pyproject-nix": [ "hermes-agent", "pyproject-build-systems", @@ -1368,7 +1625,10 @@ }, "uv2nix_2": { "inputs": { - "nixpkgs": ["hermes-agent", "nixpkgs"], + "nixpkgs": [ + "hermes-agent", + "nixpkgs" + ], "pyproject-nix": "pyproject-nix_3" }, "locked": { @@ -1384,6 +1644,58 @@ "repo": "uv2nix", "type": "github" } + }, + "uv2nix_3": { + "inputs": { + "nixpkgs": [ + "m3ta-home", + "hermes-agent", + "pyproject-build-systems", + "nixpkgs" + ], + "pyproject-nix": [ + "m3ta-home", + "hermes-agent", + "pyproject-build-systems", + "pyproject-nix" + ] + }, + "locked": { + "lastModified": 1770770348, + "narHash": "sha256-A2GzkmzdYvdgmMEu5yxW+xhossP+txrYb7RuzRaqhlg=", + "owner": "pyproject-nix", + "repo": "uv2nix", + "rev": "5d1b2cb4fe3158043fbafbbe2e46238abbc954b0", + "type": "github" + }, + "original": { + "owner": "pyproject-nix", + "repo": "uv2nix", + "type": "github" + } + }, + "uv2nix_4": { + "inputs": { + "nixpkgs": [ + "m3ta-home", + "hermes-agent", + "nixpkgs" + ], + "pyproject-nix": "pyproject-nix_6" + }, + "locked": { + "lastModified": 1773039484, + "narHash": "sha256-+boo33KYkJDw9KItpeEXXv8+65f7hHv/earxpcyzQ0I=", + "owner": "pyproject-nix", + "repo": "uv2nix", + "rev": "b68be7cfeacbed9a3fa38a2b5adc0cfb81d9bb1f", + "type": "github" + }, + "original": { + "owner": "pyproject-nix", + "repo": "uv2nix", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 3706094..59a9758 100644 --- a/flake.nix +++ b/flake.nix @@ -25,7 +25,6 @@ m3ta-nixpkgs.url = "git+ssh://gitea@code.m3ta.dev/m3tam3re/nixpkgs"; llm-agents.url = "github:numtide/llm-agents.nix"; - # nur = { url = "github:nix-community/NUR"; inputs.nixpkgs.follows = "nixpkgs"; @@ -43,28 +42,12 @@ nix-colors.url = "github:misterio77/nix-colors"; m3ta-home = { - url = "git+ssh://gitea@code.m3ta.dev/m3tam3re/m3ta-home"; - # url = "path:/home/m3tam3re/p/NIX/m3ta-home"; -<<<<<<< HEAD -||||||| a9ffe3e # url = "git+ssh://gitea@code.m3ta.dev/m3tam3re/m3ta-home"; url = "path:/home/m3tam3re/p/NIX/m3ta-home"; inputs.nixpkgs.follows = "nixpkgs"; }; - agent-lib = { - url = "path:/home/m3tam3re/p/NIX/agent-lib"; -======= - inputs.nixpkgs.follows = "nixpkgs"; - }; - - agent-lib = { - url = "git+ssh://gitea@code.m3ta.dev/m3tam3re/agent-lib"; ->>>>>>> feature/agent-lib-m3-kratos - inputs.nixpkgs.follows = "nixpkgs"; - }; - - hermes-agent.url = "github:NousResearch/hermes-agent/v2026.5.29.2"; + hermes-agent.url = "github:NousResearch/hermes-agent/v2026.6.5"; rustfs = { url = "github:rustfs/rustfs-flake"; diff --git a/hosts/m3-hermes/services/hermes-agent.nix b/hosts/m3-hermes/services/hermes-agent.nix index 9a350c3..504c669 100644 --- a/hosts/m3-hermes/services/hermes-agent.nix +++ b/hosts/m3-hermes/services/hermes-agent.nix @@ -8,44 +8,142 @@ # Edge TTS: Seraphina — friendly, multilingual German female voice (free, no API key) edgeVoice = "de-DE-SeraphinaMultilingualNeural"; - agentLock = builtins.fromJSON (builtins.readFile ../../../agent-sources.lock.json); - - agentSkillSelections = { - m3ta-agents.exclude = []; - anthropic.exclude = ["pdf" "skill-creator" "xlsx"]; - basecamp.exclude = []; - kestra.exclude = []; - mattpocock.exclude = ["grill-me" "caveman"]; - superpowers.exclude = ["brainstorming" "systematic-debugging"]; - vercel.exclude = []; + agentSkillExclusions = { + m3ta-agents = []; + anthropic = ["pdf" "skill-creator" "xlsx"]; + basecamp = []; + kestra = []; + mattpocock = ["grill-me" "caveman"]; + superpowers = ["brainstorming" "systematic-debugging"]; + vercel = []; }; - sourceRoot = source: - builtins.fetchGit { - inherit (source) url rev; + agentLibSharedSkillsDir = ".agents/skills"; + + agentLibHomeManagerStub = {lib, ...}: { + options.home.homeDirectory = lib.mkOption { + type = lib.types.str; + default = "/var/lib/hermes"; }; + options.home.file = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { + options = { + enable = lib.mkOption { + type = lib.types.bool; + default = true; + }; + executable = lib.mkOption { + type = lib.types.nullOr lib.types.bool; + default = null; + }; + force = lib.mkOption { + type = lib.types.bool; + default = false; + }; + ignorelinks = lib.mkOption { + type = lib.types.bool; + default = false; + }; + onChange = lib.mkOption { + type = lib.types.lines; + default = ""; + }; + recursive = lib.mkOption { + type = lib.types.bool; + default = false; + }; + source = lib.mkOption { + type = lib.types.nullOr lib.types.path; + default = null; + }; + target = lib.mkOption { + type = lib.types.str; + default = name; + }; + text = lib.mkOption { + type = lib.types.nullOr lib.types.lines; + default = null; + }; + }; + })); + default = {}; + }; + options.home.packages = lib.mkOption { + type = lib.types.listOf lib.types.package; + default = []; + }; + options.assertions = lib.mkOption { + type = lib.types.listOf lib.types.attrs; + default = []; + }; + }; - selectedSkillNames = sourceName: let - source = agentLock.sources.${sourceName}; - excluded = agentSkillSelections.${sourceName}.exclude; - in - lib.subtractLists excluded (builtins.attrNames source.items.skills); + agentLibSourceSelections = + lib.mapAttrs (_sourceName: exclude: { + skills = { + all = true; + inherit exclude; + }; + }) + agentSkillExclusions; - copySkill = sourceName: skillName: let - source = agentLock.sources.${sourceName}; - item = source.items.skills.${skillName}; + # Evaluate agent-lib's Hermes target renderer with a minimal Home Manager + # surface, then expose its selected shared-skill outputs as a single Nix store + # directory for hermes-agent's native `skills.external_dirs` setting. The full + # Home Manager module is not imported into this NixOS host because Hermes runs + # as a system service user rather than a managed login user's Home Manager + # generation. + agentLibEval = lib.evalModules { + specialArgs = {inherit pkgs;}; + modules = [ + agentLibHomeManagerStub + inputs.agent-lib.homeManagerModules.default + { + home.homeDirectory = "/var/lib/hermes"; + programs.agent-lib = { + enable = true; + lockFile = ../../../agent-sources.lock.json; + shared.skillsDir = agentLibSharedSkillsDir; + targets.hermes.enable = true; + profiles.default.sources = agentLibSourceSelections; + }; + } + ]; + }; + + agentLibFailedAssertions = lib.filter (assertion: !assertion.assertion) agentLibEval.config.assertions; + + agentLibHomeFiles = + if agentLibFailedAssertions != [] + then throw (builtins.head agentLibFailedAssertions).message + else agentLibEval.config.home.file; + + hermesSkillHomeFiles = + lib.filterAttrs ( + targetPath: file: + lib.hasPrefix "${agentLibSharedSkillsDir}/" targetPath + && file ? source + && file.source != null + ) + agentLibHomeFiles; + + linkHermesSkill = targetPath: file: let + skillName = lib.removePrefix "${agentLibSharedSkillsDir}/" targetPath; in '' - cp -R ${sourceRoot source}/${source.root}/${item.path} $out/${skillName} + ln -s ${file.source} "$out"/${lib.escapeShellArg skillName} ''; - copySourceSkills = sourceName: - lib.concatMapStringsSep "\n" (copySkill sourceName) (selectedSkillNames sourceName); - - # Build skills from the agent-lib lockfile instead of the legacy AGENTS flake. - hermesSkills = pkgs.runCommand "hermes-agent-lib-skills" {} '' - mkdir -p $out - ${lib.concatMapStringsSep "\n" copySourceSkills (builtins.attrNames agentSkillSelections)} - ''; + # Deterministic store renderer consumed directly by Hermes. Each entry is a + # symlink to the immutable skill directory selected by agent-lib, so + # `$out//SKILL.md` exists without a mutable copy service. + hermesSkills = + if hermesSkillHomeFiles == {} + then throw "agent-lib: Hermes skill selection produced no skills" + else + pkgs.runCommand "hermes-agent-lib-skills" {} '' + mkdir -p $out + ${lib.concatMapAttrsStringSep "\n" linkHermesSkill hermesSkillHomeFiles} + ''; in { virtualisation.docker.enable = true; @@ -63,18 +161,7 @@ in { ''}" ]; - systemd.services.copy-hermes-skills = { - description = "Copy agent skills to hermes home directory"; - wantedBy = ["hermes-agent.service"]; - before = ["hermes-agent.service"]; - serviceConfig.Type = "oneshot"; - serviceConfig.RemainAfterExit = true; - script = '' - mkdir -p /var/lib/hermes/.agents - cp -rT ${hermesSkills} /var/lib/hermes/.agents/skills - chown -R hermes:hermes /var/lib/hermes/.agents - ''; - }; + systemd.services.hermes-agent.restartTriggers = [hermesSkills]; services.hermes-agent = { enable = true; @@ -175,7 +262,7 @@ in { skills = { external_dirs = [ - "/var/lib/hermes/.agents/skills" + hermesSkills ]; }; diff --git a/secrets/hermes-api-server-key.age b/secrets/hermes-api-server-key.age index f848e08..777f7c0 100644 --- a/secrets/hermes-api-server-key.age +++ b/secrets/hermes-api-server-key.age @@ -1,26 +1,25 @@ age-encryption.org/v1 --> ssh-ed25519 4NLKrw 2TwbZwX9SwWg4SVC0A2ICmyRjSfO+xtfBcBOK1lh3T4 -DSf4DrOAvW7L49lh6cq5IqrMM7gqXv2+67rR3ttn+CE --> ssh-ed25519 5kwcsA K1hqFOAxq2T+oLp3bQjLYpXtlQVkA7RHCM/8ETMGbwU -xIE4xz50LB5vbDTTLKVcx9vC2iXIsRLThHYYxGjcJyY --> ssh-ed25519 9d4YIQ bXYb62OM/N+EXpMOZZ6zEbpfaH10Vz62PuUdGODXolw -j64kKzOn8CmSnykEuWnXHZ0nfqwOfOxX4FPR4GSouR0 --> ssh-ed25519 3Bcr1w C4alN6ud7q0K4I7NHuBgC77D6zeTfZVGjNS3EKpvL00 -NpjOsg3eJ5LvX0lV7NYuVHLeqeYylHdmw60H+KeG1GY --> ssh-ed25519 c4NQlA In5wsg4+LTIEbP75B83GMXPCItSPGwKWUW8QO+QjXyY -oK1kikhr4RMq6QMv9kjNjiKrf5srlGh7hGbU2qns2rM +-> ssh-ed25519 4NLKrw 42tBp6EbDJpC7EBt0++QxmF3N9rQJ/AP+7A/S174rCs +bRzpQku0GLEBvANvCdeH3L4Kf06k6w2C4FfZCOp2QWI +-> ssh-ed25519 5kwcsA YAYkQzsxfbHwrCPMW2eqLS9mRuuxr+EjHKl7MV3DDEo +dN3TitETbdPbXzBtIDBglienhY4oDsFGgfe0VYdsP1o +-> ssh-ed25519 9d4YIQ 2vTWMSuLrgpgaTWeu0ARoUOukLBKupCfMdqJhLvTqwA +Lzk2Uo2U3tUJiq29on/a5zYfuUjgOZvCHhZYuFGSDG4 +-> ssh-ed25519 3Bcr1w x689Z0/TsOLLk1JNPXg2jj6y5ucaH37zRt46d/Z1l2w +Bkzg3umkDYFBemmgev/M5LUFuobFugXe0u85mLmsDSo +-> ssh-ed25519 c4NQlA 5Dn6e8bILaYl9FVt+ZwuZ6rOC0k0Kg1+KOSP4JakyWI +AT6LeCo+P7RjgNhRex04kJ/7NHD2DAWRqs33uOJ7e5E -> ssh-rsa DQlE7w -tcP4yPgGWqHYeE1gw/KD6cswik+9WU2s2f7hg5mK78085sQ7npXRsBVAz2OCRn07 -foeAAmnY4YmKriBh421JOVNBDOXHR5dfaIKY9b663L+rYj99ic0rfW26C+dqKitF -SnvveL3Zf16nqg6duSVA7LIcIFgkIlA+RXnHPVho+P4GwEH7W8nCf/4kUquuhB7B -F4Hx1qOknmGyNBJBFi27D04ZDDk/ZVxioYsO6P6TUu7MuaGmQCoVKREDl5RRh4zO -XD8/TFDRsJLqqcbCKIlU+6CN1+L0r4FN4K0UaTjwPNzGvn5EEjBKw9RpOhdvI28I -WlAQ+w6gdQiz9Ju4e5p7Doz2MbNb6894DimawHjzl968Xy5ifX2XA+FBdcW5hU9A -u+7VXKZmbfMyvRA7lmKRoi4SurJAyQd6iXBrVKfTwFc53V/tJi48bsKcE3yXxHH+ -lKGuZFNGDDkqCruycjvz94WaIHy3fv5hhmBdgwoCZK1VGSLAnwdm1rG4B9m3t/K8 +M9pUnzZDa1v6X5UbQOE6HILaGU36VkQtnfXaJJdxJSRQ/sE9R3ZQoLjRZAw+UhUf +09JwLkS55477xaar3bpvvOxeP4MrtTHLJ7593eEkFT3i45FfVmxutq6EYckZrCJB +WjrCG7Cbvc20o6s54PYiF4Xk8AuPxt+SElRxBtcOK+SPba84f+WWHqrBA1YRzTDK +fsM15eKWsJgzaz5y36grv4xSj4KbWMFtmEt5V5BEW32+zXBU5CPhonO59TxEQgh4 +hI2+gNmAzKQja7xbuxCyr3jcXWJz7IuXcrklr+2ZjF1wx3BDll1z+vxSX0C88MCc +OLKDfnUiDa6BlgUfLK90dLIia8v0oIPXs4OWRfYs7SC/Z3QOPpSO62Ky9dKYRrod +PHvCgxX28QvROE4TekL9PV81AfAbMVJrnkRiybg6id8CscldtDmgaKqoaIoJlAuF +g5/LGd+FPfmlv2iNfGUn2Glhui8SkrBK1MzGJpeQw+l4CXLH33yQzHX0m6TdQBzr --> ssh-ed25519 CSMyhg FNYYdEIJYcxkjMuM5lnIs9gIilvgD44uazZE8CjNeho -QHeghlsOOlYNMwhMHT4o7DeuyxGP/3wyqm94HUHjn44 ---- zRG6aCTS+X18VpeN+tz38kaUoilk1kN5KrWTWYZ6pV4 -rX _q껿H#pf}(A(|?0yJkSD\Jm&u &95+ʅ!v%Y~$ZӰ jz\ß1,Vf -1z# \ No newline at end of file +-> ssh-ed25519 CSMyhg 5YHqBNbkkUFVhDEfOM4P2tAxT2t1rDn5KItUcjUs4DY +oWEKUGiIVkRQvEkY33PpOUcoqsmacgHAaX58H6sRpP4 +--- KH+IYh4+bS3JMeEmFYakwIceMxOrlEZj0Fqt3VMgFRk +96nϬuk!߱1NItN8EwĹ]3S*0>!9zc(2O;I.^jC&$\WtN#Հ3cMuAߢ<)Mard'pggP5OQNf1AZ|1v\4F 6;TJ6W>IKG zGFPCZYk{AEXIi>O20Ntkb>lVw#}Ri$HIer{fok*}+-VNq4Ck)LInaj1TJd0|NT z#E;_PVV1rnxs{Io8Ghx)mZoNf;RgOr!TxE%?nNdB5hgB9;RTsR<>ow1ZN$EiGNlGefd0Dk43S(=uGM4D?fzQqzLGT!XT?s&afX3$u(Wa?10ZQyo(c z!rk)%JtOnWw37@gjIt^M{0iIx%99;)@(Ud&pJf!UFAl8=G%YO;2rzOkHTOt&N{@;t zD)9GkNi6p$4hs$NDbd$Y%C@K~HB2w&Dsf4QDzeB83Jq~AEXhwXGK|y@_34*fTYbdfQw^JN=QVgOGIH&nXzR?qBoakWMWEMm5XJOi)B(_Mqa(MX;xZR zYFAYj+e2kQ)zL2epOUxS#khZKtVxZzQ4I&NuW`onR|YkTWEf^ad}>-S8`aAPo{Bb zNVs-MPNu&>RzOZll53KIze`4Xn!BNIRE2SVmWO8q7c6QIbi7p(B^OpQ%rTM_HbQYj(MF zNt9WZnX^S%N?t&QTeeGJSfq2lVO4IJzF}@=RX&%luC790o^yIpkynL&YGIkSK~6+K zva^e2eR*zap_^;Ad6u`fVM?f1m8)M~cCsUv#x+G%e>;FFRT~f*Jx!duka{A;IMVF7w*4mveVI5>7#klOzEvD}q!&nw-u{#`arzMx?BwJ7`N^-> zqT2l0|7RUce<>|h?<4mq_T!=0$>09Fn6$O|L|f-y*!=yP-Y@BZB(8&1{j0@X`*;l* zHk9q_{Im+Y<^c4^Dh4_3q&Ed?!^vaM? zC2W-)vTUqT${I_j>ux^V@f_ z6lAqez`Fac*m28K^Np6Di8cMop>gzn{SCI|=T4t(=1}YCKVZ0 z#E;_PsoBL5=22-*sTmfoj#WjbC8a*DuI70b+I|K}t}bD&M&W)2q0Yv>P6ifShUrF? z?(UW09?qWSJ_bJFPL*MqM!DfBN#4Z~CN8B>0oj&O-Wk3go`%Jf;~B-nJu552O(Hx? zOtLdgBLb3gd?L&|9m4}l5(^4Eiv#lvJPNAH3-oi+von3U!a}05o!z|jbAmm6D)mbX z-BSxvO5M_ZtBNaveKOsBf^$MW5(CTA%5yy@pJf!U_wjHp@-qr|caAc53yexH4DdF~ zP0S25EX}SA%5utys_@J)t1NIf^>okYstB>nH1l8Zq^rAxhb zNMd1TRDgLznL&PX?a}$zYffRN zzd>b~f0%xryJLDtQmSF1QFcJNyJdxCc6g|(kF#+x7c6Pk)dUFs(F#WQ+lX=hAUU1aaxsoaao3!yQgnh zesYOXMq!#kcuIspXsC0zsb^tUp>c7!cSLZZXE~RyuC78vK#@s!az$`uVt~1Ed7x#0 zw_!*{y`e#{NIaZUMs<~qBjZ@+Y znxAyfs%#6NRUx?h?h%H)0;{B(bZi1@1lUTS^&Zw=8~R1BGw)8vr6_^BHz!EsSxSX; zTuDf}{Z;hV_sp4-<(6?QQ}yEf())O8&BsT{CB#R^h$ZHpE{~5Ewmb=F1-1l zcI1&zs)1+9gwP)=|4QF0?ozSg=@D+6v{B@D7Wcl3+T1aR4)1+>^