diff --git a/flake.lock b/flake.lock index 86b6204..b930981 100644 --- a/flake.lock +++ b/flake.lock @@ -406,16 +406,16 @@ "uv2nix": "uv2nix_2" }, "locked": { - "lastModified": 1778170968, - "narHash": "sha256-YQQUEDUim2CiYpL3uG7Wi1fWPsT2wtIqoBeJuAj9hUk=", + "lastModified": 1778925537, + "narHash": "sha256-d9qhrTy45Q5UsmjapqMHOVi9e+gR9zE8Nq9Z0wObLmc=", "owner": "NousResearch", "repo": "hermes-agent", - "rev": "498bfc7bc12a937621b4215312049b1000726df3", + "rev": "a91a57fa5a13d516c38b07a141a9ce8a3daabeb0", "type": "github" }, "original": { "owner": "NousResearch", - "ref": "v2026.5.7", + "ref": "v2026.5.16", "repo": "hermes-agent", "type": "github" } diff --git a/flake.nix b/flake.nix index 1f2744e..38392fa 100644 --- a/flake.nix +++ b/flake.nix @@ -73,7 +73,7 @@ url = "github:vercel-labs/skills"; flake = false; }; - hermes-agent.url = "github:NousResearch/hermes-agent/v2026.5.7"; + hermes-agent.url = "github:NousResearch/hermes-agent/v2026.5.16"; rustfs = { url = "github:rustfs/rustfs-flake"; diff --git a/hosts/m3-hermes/services/hermes-agent.nix b/hosts/m3-hermes/services/hermes-agent.nix index 91e7e92..b1df9f6 100644 --- a/hosts/m3-hermes/services/hermes-agent.nix +++ b/hosts/m3-hermes/services/hermes-agent.nix @@ -7,13 +7,30 @@ # Edge TTS: Seraphina — friendly, multilingual German female voice (free, no API key) edgeVoice = "de-DE-SeraphinaMultilingualNeural"; - # Extra Python packages from the container's writable venv layer. - # matrix-nio is installed via pip in /home/hermes/.venv but the hermes - # process uses the read-only Nix store Python, so we inject the venv's - # site-packages via PYTHONPATH and provide libstdc++ for libolm (e2e). - # NOTE: v0.13.0 upgraded to Python 3.12 — path updated accordingly. - venvSitePackages = "/home/hermes/.venv/lib/python3.12/site-packages"; - gccLibPath = "${pkgs.stdenv.cc.cc.lib}/lib"; + # Hermes v0.14 moved Matrix from matrix-nio to lazy-installed mautrix. + # Lazy pip installs cannot work in the read-only Nix Python environment, so + # provide the Matrix runtime deps declaratively and put their site-packages on + # the gateway process PYTHONPATH at interpreter startup. + matrixPython = pkgs.python312.withPackages (ps: let + # Hermes lazy_deps pins this exact version. nixpkgs currently ships an + # older aiosqlite, and lazy_deps treats version mismatches as missing. + aiosqlite_0_22_1 = ps.aiosqlite.overridePythonAttrs (_old: rec { + version = "0.22.1"; + src = pkgs.fetchFromGitHub { + owner = "omnilib"; + repo = "aiosqlite"; + tag = "v${version}"; + hash = "sha256-voOOFo1OwaRQ3JsDHlBrngP+8ajf0kTNKXJyOaJiTs4="; + }; + }); + in [ + (ps.mautrix.override {withOlm = true;}) + ps.markdown + aiosqlite_0_22_1 + ps.asyncpg + ps.aiohttp-socks + ]); + matrixPythonPath = "${matrixPython}/lib/python3.12/site-packages"; # Build skills using agents flake lib for hermes user hermesSkills = inputs.agents.lib.mkSkills { @@ -37,6 +54,13 @@ in { virtualisation.docker.enable = true; + # Matrix E2EE uses libolm via python-olm. libolm is archived upstream and + # marked insecure in nixpkgs, but Hermes Matrix encrypted rooms currently + # still require it through mautrix[encryption]. + nixpkgs.config.permittedInsecurePackages = [ + "olm-3.2.16" + ]; + systemd.tmpfiles.rules = [ "d /home/hermes/.config 0755 hermes hermes -" "d /home/hermes/.config/tea 0755 hermes hermes -" @@ -66,7 +90,12 @@ in { # Ensure 'uv' is in the hermes-agent service PATH so CronJobs and terminal # sessions can use 'uv run' for PEP 723 scripts (e.g. garmin-daily.py). - systemd.services.hermes-agent.path = [pkgs.uv]; + systemd.services.hermes-agent = { + path = [pkgs.uv]; + environment = { + PYTHONPATH = matrixPythonPath; + }; + }; services.hermes-agent = { enable = true; @@ -113,12 +142,7 @@ in { enable = false; backend = "podman"; extraVolumes = ["/home/m3tam3re/p:/projects:rw"]; - extraOptions = [ - "--env" - "PYTHONPATH=${venvSitePackages}" - "--env" - "LD_LIBRARY_PATH=${gccLibPath}" - ]; + extraOptions = []; }; settings = {