T-Gander/ProxmoxVEDHelperScripts
1
0
Fork 0
Code Issues Pull Requests Actions 5 Packages Projects Releases Wiki Activity

feat(hermesagent): replace shim+system-unit pattern with hermes-native user services

Browse Source 
The previous approach used a /usr/bin/hermes shim to proxy commands from root
to the hermes user, and a hand-crafted system-level systemd unit for the
gateway. This worked for the default profile but broke down for named profiles:

- hermes profile create <name> generates an alias script in
  ~/.local/bin/<name> that calls hermes with -p <name>. These aliases live
  in the hermes user's PATH, not root's, so root could not invoke them.
- Maintaining parity would require per-profile shims, a watcher daemon to
  create/remove them, and system-unit mirrors for each profile gateway — all
  of which would need to stay in sync with hermes internals across updates.

New approach — work with hermes, not around it:

- loginctl enable-linger hermes: ensures the hermes user's systemd session
  starts at boot and persists without login. All user-unit gateways (default
  and per-profile) now survive reboots automatically.
- Gateway service management delegated entirely to hermes: 'hermes gateway
  install' / 'hermes setup' create and enable the user unit natively.
  The install script no longer pre-installs the gateway; hermes prompts the
  user to do so at the end of 'hermes setup'.
- hermes-dashboard.service remains a system unit (no native install command
  exists for it). Its After= no longer references hermes-gateway.service
  since there is no system-unit gateway to depend on.
- /usr/bin/hermes shim removed. Root is guided to 'su - hermes' via a two-
  line /etc/profile.d/hermes-hint.sh message on login, with a one-liner to
  make the switch automatic. Once logged in as hermes, all hermes commands,
  profile aliases, and gateway management work natively.
- update_script simplified: only hermes-dashboard (our unit) is stopped and
  restarted. hermes update --yes handles gateway service lifecycle itself.
This commit is contained in:
Stephen Chin
2026-05-03 15:22:11 -07:00
parent 8afb182095
commit a0bffe7a4f
2 changed files with 8 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
ct/hermesagent.sh
View File

@@ -31,7 +31,6 @@ function update_script() {
msg_info "Stopping Services" msg_info "Stopping Services"
systemctl stop hermes-dashboard systemctl stop hermes-dashboard
systemctl stop hermes-gateway
msg_ok "Stopped Services" msg_ok "Stopped Services"
msg_info "Updating ${APP}" msg_info "Updating ${APP}"
@@ -43,7 +42,6 @@ function update_script() {
msg_ok "Updated ${APP}" msg_ok "Updated ${APP}"
msg_info "Starting Services" msg_info "Starting Services"
systemctl start hermes-gateway
systemctl start hermes-dashboard systemctl start hermes-dashboard
msg_ok "Started Services" msg_ok "Started Services"
msg_ok "Updated successfully!" msg_ok "Updated successfully!"
@@ -58,6 +56,7 @@ msg_ok "Completed successfully!\n"
echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}" echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
echo -e "${INFO}${YW} Connect via SSH and configure your LLM provider:${CL}" echo -e "${INFO}${YW} Connect via SSH and configure your LLM provider:${CL}"
echo -e "${TAB}${GATEWAY}${BGN}ssh root@${IP}${CL}" echo -e "${TAB}${GATEWAY}${BGN}ssh root@${IP}${CL}"
echo -e "${TAB}${BGN}su - hermes${CL}"
echo -e "${TAB}${BGN}hermes setup${CL}" echo -e "${TAB}${BGN}hermes setup${CL}"
echo -e "${INFO}${YW} API Server (OpenAI-compatible):${CL}" echo -e "${INFO}${YW} API Server (OpenAI-compatible):${CL}"
echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:8642/v1${CL}" echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:8642/v1${CL}"

44
install/hermesagent-install.sh
View File

@@ -22,6 +22,7 @@ NODE_VERSION="22" setup_nodejs
msg_info "Creating Hermes User" msg_info "Creating Hermes User"
useradd -m -s /bin/bash hermes useradd -m -s /bin/bash hermes
loginctl enable-linger hermes
msg_ok "Created Hermes User" msg_ok "Created Hermes User"
msg_info "Installing Hermes Agent" msg_info "Installing Hermes Agent"
@@ -60,38 +61,11 @@ chmod 750 /home/hermes
chmod 700 /home/hermes/.hermes chmod 700 /home/hermes/.hermes
msg_ok "Configured API Server" msg_ok "Configured API Server"
msg_info "Creating Service"
cat <<EOF >/etc/systemd/system/hermes-gateway.service
[Unit]
Description=Hermes Agent Gateway
After=network-online.target
Wants=network-online.target
[Service]
Type=simple
User=hermes
Group=hermes
UMask=0077
WorkingDirectory=/home/hermes
ExecStart=/home/hermes/.local/bin/hermes gateway run --replace
Environment="HERMES_HOME=/home/hermes/.hermes"
Environment="HOME=/home/hermes"
Restart=on-failure
RestartSec=5
ProtectProc=invisible
ProcSubset=pid
[Install]
WantedBy=multi-user.target
EOF
systemctl enable -q --now hermes-gateway
msg_ok "Created Service"
msg_info "Creating Dashboard Service" msg_info "Creating Dashboard Service"
cat <<EOF >/etc/systemd/system/hermes-dashboard.service cat <<EOF >/etc/systemd/system/hermes-dashboard.service
[Unit] [Unit]
Description=Hermes Agent Web Dashboard Description=Hermes Agent Web Dashboard
After=network-online.target hermes-gateway.service After=network-online.target
Wants=network-online.target Wants=network-online.target
[Service] [Service]
@@ -116,18 +90,14 @@ EOF
systemctl enable -q --now hermes-dashboard systemctl enable -q --now hermes-dashboard
msg_ok "Created Dashboard Service" msg_ok "Created Dashboard Service"
msg_info "Creating Hermes Shim" msg_info "Configuring Login Guidance"
cat <<'EOF' >/usr/bin/hermes cat <<'EOF' >/etc/profile.d/hermes-hint.sh
#!/bin/bash
cd /home/hermes
if [[ "$(id -u)" -eq 0 ]]; then if [[ "$(id -u)" -eq 0 ]]; then
exec runuser -u hermes -- /home/hermes/.local/bin/hermes "$@" echo " Run 'su - hermes' to manage Hermes Agent and profiles."
else echo " To auto-switch on login: echo 'exec su - hermes' >> /root/.bash_profile"
exec /home/hermes/.local/bin/hermes "$@"
fi fi
EOF EOF
chmod +x /usr/bin/hermes msg_ok "Configured Login Guidance"
msg_ok "Created Hermes Shim"
motd_ssh motd_ssh
customize customize