m3ta-chiron
a615ab61e8
Add pkgs.uv to systemd.services.hermes-agent.path so that CronJobs and terminal sessions can execute PEP 723 scripts via 'uv run' (e.g. garmin-daily.py for Garmin Connect health data). Also adds uv to environment.systemPackages for general availability.
258 lines
8.4 KiB
Nix
258 lines
8.4 KiB
Nix
{
|
|
config,
|
|
pkgs,
|
|
inputs,
|
|
...
|
|
}: let
|
|
# Default ElevenLabs voice: Bella (German-capable female)
|
|
elevenlabsVoiceId = "hpp4J3VqNfWAUOO0d1Us";
|
|
|
|
# Extra Python packages from the container's writable venv layer.
|
|
# matrix-nio is installed via pip in /home/hermes/.venv but the hermes
|
|
# process uses the read-only Nix store Python, so we inject the venv's
|
|
# site-packages via PYTHONPATH and provide libstdc++ for libolm (e2e).
|
|
venvSitePackages = "/home/hermes/.venv/lib/python3.11/site-packages";
|
|
gccLibPath = "${pkgs.stdenv.cc.cc.lib}/lib";
|
|
|
|
# Build skills using agents flake lib for hermes user
|
|
hermesSkills = inputs.agents.lib.mkOpencodeSkills {
|
|
inherit pkgs;
|
|
customSkills = "${inputs.agents}/skills";
|
|
externalSkills = [
|
|
{
|
|
src = inputs.skills-basecamp;
|
|
skillsDir = "skills";
|
|
}
|
|
{
|
|
src = inputs.skills-anthropic;
|
|
skillsDir = "skills";
|
|
}
|
|
{
|
|
src = inputs.skills-kestra;
|
|
skillsDir = "skills";
|
|
}
|
|
];
|
|
};
|
|
in {
|
|
virtualisation.docker.enable = true;
|
|
|
|
systemd.tmpfiles.rules = [
|
|
"d /home/hermes/.config 0755 hermes hermes -"
|
|
"d /home/hermes/.config/tea 0755 hermes hermes -"
|
|
"L+ /home/hermes/.config/tea/yml - - - - ${pkgs.writeText "tea-yml" ''
|
|
logins:
|
|
- name: m3ta
|
|
url: https://code.m3ta.dev
|
|
token:
|
|
ssh_host: code.m3ta.dev
|
|
user: m3ta-chiron
|
|
default: true
|
|
''}"
|
|
"f /home/hermes/.gitconfig 0644 hermes hermes - ${pkgs.writeText "gitconfig" ''
|
|
[user]
|
|
name = m3ta-chiron
|
|
email = m3ta-chiron@agentmail.to
|
|
[init]
|
|
defaultBranch = main
|
|
''}"
|
|
];
|
|
|
|
systemd.services.copy-hermes-skills = {
|
|
description = "Copy agent skills to hermes home directory";
|
|
wantedBy = ["hermes-agent.service"];
|
|
before = ["hermes-agent.service"];
|
|
serviceConfig.Type = "oneshot";
|
|
serviceConfig.RemainAfterExit = true;
|
|
script = ''
|
|
mkdir -p /var/lib/hermes/.agents
|
|
cp -rT ${hermesSkills} /var/lib/hermes/.agents/skills
|
|
chown -R hermes:hermes /var/lib/hermes/.agents
|
|
'';
|
|
};
|
|
|
|
# Ensure 'uv' is in the hermes-agent service PATH so CronJobs and terminal
|
|
# sessions can use 'uv run' for PEP 723 scripts (e.g. garmin-daily.py).
|
|
systemd.services.hermes-agent.path = [pkgs.uv];
|
|
|
|
services.hermes-agent = {
|
|
enable = true;
|
|
addToSystemPackages = true;
|
|
|
|
extraPackages = with pkgs; [docker git tea];
|
|
|
|
# Secrets via agenix
|
|
environmentFiles = [
|
|
config.age.secrets."hermes-env".path
|
|
config.age.secrets."hermes-cloud-env".path
|
|
];
|
|
|
|
# Non-secret environment variables
|
|
environment = {
|
|
GLM_BASE_URL = "https://api.z.ai/api/coding/paas/v4/";
|
|
GIT_AUTHOR_NAME = "m3ta-chiron";
|
|
GIT_AUTHOR_EMAIL = "m3ta-chiron@agentmail.to";
|
|
GIT_COMMITTER_NAME = "m3ta-chiron";
|
|
GIT_COMMITTER_EMAIL = "m3ta-chiron@agentmail.to";
|
|
};
|
|
|
|
# ── Container mode (podman) ──────────────────────────────────────────
|
|
container = {
|
|
enable = false;
|
|
backend = "podman";
|
|
extraVolumes = ["/home/m3tam3re/p:/projects:rw"];
|
|
extraOptions = [
|
|
"--env"
|
|
"PYTHONPATH=${venvSitePackages}"
|
|
"--env"
|
|
"LD_LIBRARY_PATH=${gccLibPath}"
|
|
];
|
|
};
|
|
|
|
settings = {
|
|
# ── Model ──────────────────────────────────────────────────────────
|
|
model = {
|
|
default = "glm-5.1";
|
|
provider = "zai";
|
|
};
|
|
|
|
credential_pool_strategies = {
|
|
zai = "fill_first";
|
|
};
|
|
|
|
toolsets = ["all"];
|
|
|
|
# ── Agent ──────────────────────────────────────────────────────────
|
|
agent = {
|
|
max_turns = 90;
|
|
gateway_timeout = 1800;
|
|
tool_use_enforcement = "auto";
|
|
};
|
|
|
|
# ── Skills ─────────────────────────────────────────────────────────
|
|
|
|
skills = {
|
|
external_dirs = [
|
|
"/var/lib/hermes/.agents/skills"
|
|
];
|
|
};
|
|
|
|
# ── Terminal ───────────────────────────────────────────────────────
|
|
terminal = {
|
|
backend = "local";
|
|
modal_mode = "auto";
|
|
cwd = ".";
|
|
timeout = 180;
|
|
persistent_shell = true;
|
|
};
|
|
|
|
# ── Browser ────────────────────────────────────────────────────────
|
|
browser = {
|
|
inactivity_timeout = 120;
|
|
command_timeout = 30;
|
|
cloud_provider = "local";
|
|
};
|
|
|
|
# ── Checkpoints / Compression ──────────────────────────────────────
|
|
checkpoints = {
|
|
enabled = true;
|
|
max_snapshots = 50;
|
|
};
|
|
|
|
file_read_max_chars = 100000;
|
|
|
|
compression = {
|
|
enabled = true;
|
|
threshold = 0.5;
|
|
target_ratio = 0.2;
|
|
protect_last_n = 20;
|
|
};
|
|
|
|
# ── Display ────────────────────────────────────────────────────────
|
|
display = {
|
|
compact = false;
|
|
personality = "kawaii";
|
|
resume_display = "full";
|
|
busy_input_mode = "interrupt";
|
|
inline_diffs = true;
|
|
skin = "default";
|
|
tool_progress = "all";
|
|
};
|
|
|
|
# ── TTS / STT / Voice ──────────────────────────────────────────────
|
|
tts = {
|
|
provider = "elevenlabs";
|
|
elevenlabs = {
|
|
voice_id = elevenlabsVoiceId;
|
|
model_id = "eleven_multilingual_v2";
|
|
};
|
|
};
|
|
|
|
stt = {
|
|
enabled = true;
|
|
provider = "local";
|
|
local = {model = "base";};
|
|
};
|
|
|
|
voice = {
|
|
record_key = "ctrl+b";
|
|
max_recording_seconds = 120;
|
|
silence_threshold = 200;
|
|
silence_duration = 3.0;
|
|
};
|
|
|
|
# ── Memory ─────────────────────────────────────────────────────────
|
|
memory = {
|
|
provider = "honcho";
|
|
memory_enabled = true;
|
|
user_profile_enabled = true;
|
|
memory_char_limit = 2200;
|
|
user_char_limit = 1375;
|
|
};
|
|
|
|
# ── Delegation ─────────────────────────────────────────────────────
|
|
delegation = {
|
|
max_iterations = 50;
|
|
};
|
|
|
|
# ── Matrix ────────────────────────────────────────────────────────
|
|
matrix = {
|
|
homeserver = "https://matrix.m3ta.dev";
|
|
user_id = "@chiron:m3ta.dev";
|
|
allowed_users = ["@m3tam3re:m3ta.dev"];
|
|
encryption = true;
|
|
};
|
|
|
|
# ── Approvals / Security ───────────────────────────────────────────
|
|
approvals = {
|
|
mode = "manual";
|
|
timeout = 60;
|
|
};
|
|
|
|
security = {
|
|
redact_secrets = true;
|
|
tirith_enabled = true;
|
|
tirith_fail_open = true;
|
|
};
|
|
|
|
# ── Cron / Session ─────────────────────────────────────────────────
|
|
cron = {wrap_response = true;};
|
|
|
|
session_reset = {
|
|
mode = "both";
|
|
idle_minutes = 1440;
|
|
at_hour = 4;
|
|
};
|
|
|
|
# ── Web ────────────────────────────────────────────────────────────
|
|
web = {backend = "exa";};
|
|
};
|
|
};
|
|
|
|
users.users.hermes = {
|
|
isNormalUser = false;
|
|
openssh.authorizedKeys.keys = [
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICAVF7jGP1S6vc5CxeBFD/UxiImHOgbPlKg8WYyNtOA3"
|
|
];
|
|
};
|
|
}
|