feat: add Hermes Agent LXC
Adds container scripts for Hermes Agent (Nous Research), a self-improving AI agent with LLM provider integration, terminal execution, web browsing, and multi-platform messaging support. Files: - ct/hermes-agent.sh - install/hermes-agent-install.sh - json/hermes-agent.json - ct/headers/hermes-agent Deviations from standard patterns (justified): 1. Uses upstream installer (curl-pipe) instead of fetch_and_deploy_gh_release: Hermes is a uv-managed Python application with complex dependency resolution, virtualenv management, and binary placement—not a single binary or tarball from GitHub Releases. 2. Dedicated 'hermes' service user (not running as root): The agent executes arbitrary terminal commands on behalf of the user. Running as root would give the AI unrestricted system access. This follows the protonmail-bridge service-user pattern for isolation. 3. Dashboard (port 9119) bound to localhost only, requiring SSH tunnel: The web UI provides admin access to an AI that can execute commands. SSH tunnel provides an authentication/authorization boundary. 4. /usr/bin/hermes shim script: The hermes CLI validates cwd permissions; running 'hermes' as root from /root fails. The shim cd's to /home/hermes and exec's as the hermes user via runuser. 5. setsid --wait wrapping of upstream installer: The upstream installer probes /dev/tty for interactive prompts even with --skip-setup; setsid detaches the controlling terminal.
This commit is contained in:
6
ct/headers/hermes-agent
Normal file
6
ct/headers/hermes-agent
Normal file
@@ -0,0 +1,6 @@
|
||||
__ __ ___ __
|
||||
/ / / /__ _________ ___ ___ _____ / | ____ ____ ____ / /_
|
||||
/ /_/ / _ \/ ___/ __ `__ \/ _ \/ ___/ / /| |/ __ `/ _ \/ __ \/ __/
|
||||
/ __ / __/ / / / / / / / __(__ ) / ___ / /_/ / __/ / / / /_
|
||||
/_/ /_/\___/_/ /_/ /_/ /_/\___/____/ /_/ |_\__, /\___/_/ /_/\__/
|
||||
/____/
|
||||
68
ct/hermes-agent.sh
Normal file
68
ct/hermes-agent.sh
Normal file
@@ -0,0 +1,68 @@
|
||||
#!/usr/bin/env bash
|
||||
source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVED/main/misc/build.func)
|
||||
# Copyright (c) 2021-2026 community-scripts ORG
|
||||
# Author: Stephen Chin (steveonjava)
|
||||
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
|
||||
# Source: https://hermes-agent.nousresearch.com/
|
||||
|
||||
APP="Hermes Agent"
|
||||
var_tags="${var_tags:-ai;automation;agent}"
|
||||
var_cpu="${var_cpu:-2}"
|
||||
var_ram="${var_ram:-4096}"
|
||||
var_disk="${var_disk:-20}"
|
||||
var_os="${var_os:-debian}"
|
||||
var_version="${var_version:-13}"
|
||||
var_unprivileged="${var_unprivileged:-1}"
|
||||
|
||||
header_info "$APP"
|
||||
variables
|
||||
color
|
||||
catch_errors
|
||||
|
||||
function update_script() {
|
||||
header_info
|
||||
check_container_storage
|
||||
check_container_resources
|
||||
|
||||
if [[ ! -x /home/hermes/.local/bin/hermes ]]; then
|
||||
msg_error "No ${APP} Installation Found!"
|
||||
exit
|
||||
fi
|
||||
|
||||
msg_info "Stopping Services"
|
||||
systemctl stop hermes-dashboard
|
||||
systemctl stop hermes-gateway
|
||||
msg_ok "Stopped Services"
|
||||
|
||||
msg_info "Updating ${APP}"
|
||||
$STD env \
|
||||
HOME=/home/hermes \
|
||||
HERMES_HOME=/home/hermes/.hermes \
|
||||
/home/hermes/.local/bin/hermes update
|
||||
chown -R hermes:hermes /home/hermes
|
||||
msg_ok "Updated ${APP}"
|
||||
|
||||
msg_info "Starting Services"
|
||||
systemctl start hermes-gateway
|
||||
systemctl start hermes-dashboard
|
||||
msg_ok "Started Services"
|
||||
msg_ok "Updated successfully!"
|
||||
exit
|
||||
}
|
||||
|
||||
start
|
||||
build_container
|
||||
description
|
||||
|
||||
msg_ok "Completed successfully!\n"
|
||||
echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
|
||||
echo -e "${INFO}${YW} Connect via SSH and configure your LLM provider:${CL}"
|
||||
echo -e "${TAB}${GATEWAY}${BGN}ssh hermes@${IP}${CL}"
|
||||
echo -e "${TAB}${BGN}hermes setup${CL}"
|
||||
echo -e "${INFO}${YW} API Server (OpenAI-compatible):${CL}"
|
||||
echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:8642/v1${CL}"
|
||||
echo -e "${INFO}${YW} API key stored at:${CL}"
|
||||
echo -e "${TAB}${BGN}/home/hermes/.hermes/.env${CL}"
|
||||
echo -e "${INFO}${YW} Web Dashboard (via SSH tunnel):${CL}"
|
||||
echo -e "${TAB}${BGN}ssh -L 9119:localhost:9119 hermes@${IP}${CL}"
|
||||
echo -e "${TAB}${BGN}Then open: http://localhost:9119${CL}"
|
||||
Reference in New Issue
Block a user