m3tam3re/nixos-config
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix: make inputs self-contained

Browse Source
This commit is contained in:
m3ta-chiron
2026-06-06 13:15:27 +02:00
parent a5d321805b
commit 9bceb1c6d0
5 changed files with 557 additions and 176 deletions
Download Patch File Download Diff File Expand all files Collapse all files
hosts/m3-hermes/services/hermes-agent.nix
+130 -43
View File
@@ -8,44 +8,142 @@
# Edge TTS: Seraphina — friendly, multilingual German female voice (free, no API key)
edgeVoice = "de-DE-SeraphinaMultilingualNeural";
agentLock = builtins.fromJSON (builtins.readFile ../../../agent-sources.lock.json);
agentSkillSelections = {
m3ta-agents.exclude = [];
anthropic.exclude = ["pdf" "skill-creator" "xlsx"];
basecamp.exclude = [];
kestra.exclude = [];
mattpocock.exclude = ["grill-me" "caveman"];
superpowers.exclude = ["brainstorming" "systematic-debugging"];
vercel.exclude = [];
agentSkillExclusions = {
m3ta-agents = [];
anthropic = ["pdf" "skill-creator" "xlsx"];
basecamp = [];
kestra = [];
mattpocock = ["grill-me" "caveman"];
superpowers = ["brainstorming" "systematic-debugging"];
vercel = [];
};
sourceRoot = source:
builtins.fetchGit {
inherit (source) url rev;
agentLibSharedSkillsDir = ".agents/skills";
agentLibHomeManagerStub = {lib, ...}: {
options.home.homeDirectory = lib.mkOption {
type = lib.types.str;
default = "/var/lib/hermes";
};
options.home.file = lib.mkOption {
type = lib.types.attrsOf (lib.types.submodule ({name, ...}: {
options = {
enable = lib.mkOption {
type = lib.types.bool;
default = true;
};
executable = lib.mkOption {
type = lib.types.nullOr lib.types.bool;
default = null;
};
force = lib.mkOption {
type = lib.types.bool;
default = false;
};
ignorelinks = lib.mkOption {
type = lib.types.bool;
default = false;
};
onChange = lib.mkOption {
type = lib.types.lines;
default = "";
};
recursive = lib.mkOption {
type = lib.types.bool;
default = false;
};
source = lib.mkOption {
type = lib.types.nullOr lib.types.path;
default = null;
};
target = lib.mkOption {
type = lib.types.str;
default = name;
};
text = lib.mkOption {
type = lib.types.nullOr lib.types.lines;
default = null;
};
};
}));
default = {};
};
options.home.packages = lib.mkOption {
type = lib.types.listOf lib.types.package;
default = [];
};
options.assertions = lib.mkOption {
type = lib.types.listOf lib.types.attrs;
default = [];
};
};
selectedSkillNames = sourceName: let
source = agentLock.sources.${sourceName};
excluded = agentSkillSelections.${sourceName}.exclude;
in
lib.subtractLists excluded (builtins.attrNames source.items.skills);
agentLibSourceSelections =
lib.mapAttrs (_sourceName: exclude: {
skills = {
all = true;
inherit exclude;
};
})
agentSkillExclusions;
copySkill = sourceName: skillName: let
source = agentLock.sources.${sourceName};
item = source.items.skills.${skillName};
# Evaluate agent-lib's Hermes target renderer with a minimal Home Manager
# surface, then expose its selected shared-skill outputs as a single Nix store
# directory for hermes-agent's native `skills.external_dirs` setting. The full
# Home Manager module is not imported into this NixOS host because Hermes runs
# as a system service user rather than a managed login user's Home Manager
# generation.
agentLibEval = lib.evalModules {
specialArgs = {inherit pkgs;};
modules = [
agentLibHomeManagerStub
inputs.agent-lib.homeManagerModules.default
{
home.homeDirectory = "/var/lib/hermes";
programs.agent-lib = {
enable = true;
lockFile = ../../../agent-sources.lock.json;
shared.skillsDir = agentLibSharedSkillsDir;
targets.hermes.enable = true;
profiles.default.sources = agentLibSourceSelections;
};
}
];
};
agentLibFailedAssertions = lib.filter (assertion: !assertion.assertion) agentLibEval.config.assertions;
agentLibHomeFiles =
if agentLibFailedAssertions != []
then throw (builtins.head agentLibFailedAssertions).message
else agentLibEval.config.home.file;
hermesSkillHomeFiles =
lib.filterAttrs (
targetPath: file:
lib.hasPrefix "${agentLibSharedSkillsDir}/" targetPath
&& file ? source
&& file.source != null
)
agentLibHomeFiles;
linkHermesSkill = targetPath: file: let
skillName = lib.removePrefix "${agentLibSharedSkillsDir}/" targetPath;
in ''
cp -R ${sourceRoot source}/${source.root}/${item.path} $out/${skillName}
ln -s ${file.source} "$out"/${lib.escapeShellArg skillName}
'';
copySourceSkills = sourceName:
lib.concatMapStringsSep "\n" (copySkill sourceName) (selectedSkillNames sourceName);
# Build skills from the agent-lib lockfile instead of the legacy AGENTS flake.
hermesSkills = pkgs.runCommand "hermes-agent-lib-skills" {} ''
mkdir -p $out
${lib.concatMapStringsSep "\n" copySourceSkills (builtins.attrNames agentSkillSelections)}
'';
# Deterministic store renderer consumed directly by Hermes. Each entry is a
# symlink to the immutable skill directory selected by agent-lib, so
# `$out/<skill>/SKILL.md` exists without a mutable copy service.
hermesSkills =
if hermesSkillHomeFiles == {}
then throw "agent-lib: Hermes skill selection produced no skills"
else
pkgs.runCommand "hermes-agent-lib-skills" {} ''
mkdir -p $out
${lib.concatMapAttrsStringSep "\n" linkHermesSkill hermesSkillHomeFiles}
'';
in {
virtualisation.docker.enable = true;
@@ -63,18 +161,7 @@ in {
''}"
];
systemd.services.copy-hermes-skills = {
description = "Copy agent skills to hermes home directory";
wantedBy = ["hermes-agent.service"];
before = ["hermes-agent.service"];
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true;
script = ''
mkdir -p /var/lib/hermes/.agents
cp -rT ${hermesSkills} /var/lib/hermes/.agents/skills
chown -R hermes:hermes /var/lib/hermes/.agents
'';
};
systemd.services.hermes-agent.restartTriggers = [hermesSkills];
services.hermes-agent = {
enable = true;
@@ -175,7 +262,7 @@ in {
skills = {
external_dirs = [
"/var/lib/hermes/.agents/skills"
hermesSkills
];
};