{ config, pkgs, inputs, ... }: let # Default ElevenLabs voice: Bella (German-capable female) elevenlabsVoiceId = "hpp4J3VqNfWAUOO0d1Us"; # Extra Python packages from the container's writable venv layer. # matrix-nio is installed via pip in /home/hermes/.venv but the hermes # process uses the read-only Nix store Python, so we inject the venv's # site-packages via PYTHONPATH and provide libstdc++ for libolm (e2e). venvSitePackages = "/home/hermes/.venv/lib/python3.11/site-packages"; gccLibPath = "${pkgs.stdenv.cc.cc.lib}/lib"; # Build skills using agents flake lib for hermes user hermesSkills = inputs.agents.lib.mkOpencodeSkills { inherit pkgs; customSkills = "${inputs.agents}/skills"; externalSkills = [ { src = inputs.skills-basecamp; skillsDir = "skills"; } { src = inputs.skills-anthropic; skillsDir = "skills"; } { src = inputs.skills-kestra; skillsDir = "skills"; } ]; }; in { virtualisation.docker.enable = true; systemd.tmpfiles.rules = [ "d /home/hermes/.config 0755 hermes hermes -" "d /home/hermes/.config/tea 0755 hermes hermes -" "L+ /home/hermes/.config/tea/yml - - - - ${pkgs.writeText "tea-yml" '' logins: - name: m3ta url: https://code.m3ta.dev token: ssh_host: code.m3ta.dev user: m3ta-chiron default: true ''}" "f /home/hermes/.gitconfig 0644 hermes hermes - ${pkgs.writeText "gitconfig" '' [user] name = m3ta-chiron email = m3ta-chiron@agentmail.to [init] defaultBranch = main ''}" ]; systemd.services.copy-hermes-skills = { description = "Copy agent skills to hermes home directory"; wantedBy = ["hermes-agent.service"]; before = ["hermes-agent.service"]; serviceConfig.Type = "oneshot"; serviceConfig.RemainAfterExit = true; script = '' mkdir -p /var/lib/hermes/.agents cp -rT ${hermesSkills} /var/lib/hermes/.agents/skills chown -R hermes:hermes /var/lib/hermes/.agents ''; }; services.hermes-agent = { enable = true; addToSystemPackages = true; extraPackages = with pkgs; [docker git tea]; # Secrets via agenix environmentFiles = [ config.age.secrets."hermes-env".path config.age.secrets."hermes-cloud-env".path ]; # Non-secret environment variables environment = { GLM_BASE_URL = "https://api.z.ai/api/coding/paas/v4/"; GIT_AUTHOR_NAME = "m3ta-chiron"; GIT_AUTHOR_EMAIL = "m3ta-chiron@agentmail.to"; GIT_COMMITTER_NAME = "m3ta-chiron"; GIT_COMMITTER_EMAIL = "m3ta-chiron@agentmail.to"; }; # ── Container mode (podman) ────────────────────────────────────────── container = { enable = false; backend = "podman"; extraVolumes = ["/home/m3tam3re/p:/projects:rw"]; extraOptions = [ "--env" "PYTHONPATH=${venvSitePackages}" "--env" "LD_LIBRARY_PATH=${gccLibPath}" ]; }; settings = { # ── Model ────────────────────────────────────────────────────────── model = { default = "glm-5.1"; provider = "zai"; }; credential_pool_strategies = { zai = "fill_first"; }; toolsets = ["all"]; # ── Agent ────────────────────────────────────────────────────────── agent = { max_turns = 90; gateway_timeout = 1800; tool_use_enforcement = "auto"; }; # ── Terminal ─────────────────────────────────────────────────────── terminal = { backend = "local"; modal_mode = "auto"; cwd = "."; timeout = 180; persistent_shell = true; }; # ── Browser ──────────────────────────────────────────────────────── browser = { inactivity_timeout = 120; command_timeout = 30; cloud_provider = "local"; }; # ── Checkpoints / Compression ────────────────────────────────────── checkpoints = { enabled = true; max_snapshots = 50; }; file_read_max_chars = 100000; compression = { enabled = true; threshold = 0.5; target_ratio = 0.2; protect_last_n = 20; }; # ── Display ──────────────────────────────────────────────────────── display = { compact = false; personality = "kawaii"; resume_display = "full"; busy_input_mode = "interrupt"; inline_diffs = true; skin = "default"; tool_progress = "all"; }; # ── TTS / STT / Voice ────────────────────────────────────────────── tts = { provider = "elevenlabs"; elevenlabs = { voice_id = elevenlabsVoiceId; model_id = "eleven_multilingual_v2"; }; }; stt = { enabled = true; provider = "local"; local = {model = "base";}; }; voice = { record_key = "ctrl+b"; max_recording_seconds = 120; silence_threshold = 200; silence_duration = 3.0; }; # ── Memory ───────────────────────────────────────────────────────── memory = { provider = "honcho"; memory_enabled = true; user_profile_enabled = true; memory_char_limit = 2200; user_char_limit = 1375; }; # ── Delegation ───────────────────────────────────────────────────── delegation = { max_iterations = 50; }; # ── Matrix ──────────────────────────────────────────────────────── matrix = { homeserver = "https://matrix.m3ta.dev"; user_id = "@chiron:m3ta.dev"; allowed_users = ["@m3tam3re:m3ta.dev"]; encryption = true; }; # ── Approvals / Security ─────────────────────────────────────────── approvals = { mode = "manual"; timeout = 60; }; security = { redact_secrets = true; tirith_enabled = true; tirith_fail_open = true; }; # ── Cron / Session ───────────────────────────────────────────────── cron = {wrap_response = true;}; session_reset = { mode = "both"; idle_minutes = 1440; at_hour = 4; }; # ── Web ──────────────────────────────────────────────────────────── web = {backend = "exa";}; }; }; users.users.hermes = { isNormalUser = false; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICAVF7jGP1S6vc5CxeBFD/UxiImHOgbPlKg8WYyNtOA3" ]; }; }