2026-05-23 08:16:36 +02:00
3 changed files with 43 additions and 19 deletions
@@ -406,16 +406,16 @@
        "uv2nix": "uv2nix_2"
      },
      "locked": {
-        "lastModified": 1778170968,
-        "narHash": "sha256-YQQUEDUim2CiYpL3uG7Wi1fWPsT2wtIqoBeJuAj9hUk=",
+        "lastModified": 1778925537,
+        "narHash": "sha256-d9qhrTy45Q5UsmjapqMHOVi9e+gR9zE8Nq9Z0wObLmc=",
        "owner": "NousResearch",
        "repo": "hermes-agent",
-        "rev": "498bfc7bc12a937621b4215312049b1000726df3",
+        "rev": "a91a57fa5a13d516c38b07a141a9ce8a3daabeb0",
        "type": "github"
      },
      "original": {
        "owner": "NousResearch",
-        "ref": "v2026.5.7",
+        "ref": "v2026.5.16",
        "repo": "hermes-agent",
        "type": "github"
      }
@@ -73,7 +73,7 @@
      url = "github:vercel-labs/skills";
      flake = false;
    };
-    hermes-agent.url = "github:NousResearch/hermes-agent/v2026.5.7";
+    hermes-agent.url = "github:NousResearch/hermes-agent/v2026.5.16";

    rustfs = {
      url = "github:rustfs/rustfs-flake";
@@ -7,13 +7,30 @@
  # Edge TTS: Seraphina — friendly, multilingual German female voice (free, no API key)
  edgeVoice = "de-DE-SeraphinaMultilingualNeural";

-  # Extra Python packages from the container's writable venv layer.
-  # matrix-nio is installed via pip in /home/hermes/.venv but the hermes
-  # process uses the read-only Nix store Python, so we inject the venv's
-  # site-packages via PYTHONPATH and provide libstdc++ for libolm (e2e).
-  # NOTE: v0.13.0 upgraded to Python 3.12 — path updated accordingly.
-  venvSitePackages = "/home/hermes/.venv/lib/python3.12/site-packages";
-  gccLibPath = "${pkgs.stdenv.cc.cc.lib}/lib";
+  # Hermes v0.14 moved Matrix from matrix-nio to lazy-installed mautrix.
+  # Lazy pip installs cannot work in the read-only Nix Python environment, so
+  # provide the Matrix runtime deps declaratively and put their site-packages on
+  # the gateway process PYTHONPATH at interpreter startup.
+  matrixPython = pkgs.python312.withPackages (ps: let
+    # Hermes lazy_deps pins this exact version. nixpkgs currently ships an
+    # older aiosqlite, and lazy_deps treats version mismatches as missing.
+    aiosqlite_0_22_1 = ps.aiosqlite.overridePythonAttrs (_old: rec {
+      version = "0.22.1";
+      src = pkgs.fetchFromGitHub {
+        owner = "omnilib";
+        repo = "aiosqlite";
+        tag = "v${version}";
+        hash = "sha256-voOOFo1OwaRQ3JsDHlBrngP+8ajf0kTNKXJyOaJiTs4=";
+      };
+    });
+  in [
+    (ps.mautrix.override {withOlm = true;})
+    ps.markdown
+    aiosqlite_0_22_1
+    ps.asyncpg
+    ps.aiohttp-socks
+  ]);
+  matrixPythonPath = "${matrixPython}/lib/python3.12/site-packages";

  # Build skills using agents flake lib for hermes user
  hermesSkills = inputs.agents.lib.mkSkills {
@@ -37,6 +54,13 @@
 in {
  virtualisation.docker.enable = true;

+  # Matrix E2EE uses libolm via python-olm. libolm is archived upstream and
+  # marked insecure in nixpkgs, but Hermes Matrix encrypted rooms currently
+  # still require it through mautrix[encryption].
+  nixpkgs.config.permittedInsecurePackages = [
+    "olm-3.2.16"
+  ];
+
  systemd.tmpfiles.rules = [
    "d /home/hermes/.config 0755 hermes hermes -"
    "d /home/hermes/.config/tea 0755 hermes hermes -"
@@ -66,7 +90,12 @@ in {

  # Ensure 'uv' is in the hermes-agent service PATH so CronJobs and terminal
  # sessions can use 'uv run' for PEP 723 scripts (e.g. garmin-daily.py).
-  systemd.services.hermes-agent.path = [pkgs.uv];
+  systemd.services.hermes-agent = {
+    path = [pkgs.uv];
+    environment = {
+      PYTHONPATH = matrixPythonPath;
+    };
+  };

  services.hermes-agent = {
    enable = true;
@@ -113,12 +142,7 @@ in {
      enable = false;
      backend = "podman";
      extraVolumes = ["/home/m3tam3re/p:/projects:rw"];
-      extraOptions = [
-        "--env"
-        "PYTHONPATH=${venvSitePackages}"
-        "--env"
-        "LD_LIBRARY_PATH=${gccLibPath}"
-      ];
+      extraOptions = [];
    };

    settings = {