T-Gander/ProxmoxVEDHelperScripts
1
0
Fork 0
Code Issues Pull Requests Actions 5 Packages Projects Releases Wiki Activity
Files
a0bffe7a4f6acd4f7717fb751744cb9e917f9484
ProxmoxVEDHelperScripts/install/hermesagent-install.sh
Stephen Chin a0bffe7a4f feat(hermesagent): replace shim+system-unit pattern with hermes-native user services 
The previous approach used a /usr/bin/hermes shim to proxy commands from root
to the hermes user, and a hand-crafted system-level systemd unit for the
gateway. This worked for the default profile but broke down for named profiles:

- hermes profile create <name> generates an alias script in
  ~/.local/bin/<name> that calls hermes with -p <name>. These aliases live
  in the hermes user's PATH, not root's, so root could not invoke them.
- Maintaining parity would require per-profile shims, a watcher daemon to
  create/remove them, and system-unit mirrors for each profile gateway — all
  of which would need to stay in sync with hermes internals across updates.

New approach — work with hermes, not around it:

- loginctl enable-linger hermes: ensures the hermes user's systemd session
  starts at boot and persists without login. All user-unit gateways (default
  and per-profile) now survive reboots automatically.
- Gateway service management delegated entirely to hermes: 'hermes gateway
  install' / 'hermes setup' create and enable the user unit natively.
  The install script no longer pre-installs the gateway; hermes prompts the
  user to do so at the end of 'hermes setup'.
- hermes-dashboard.service remains a system unit (no native install command
  exists for it). Its After= no longer references hermes-gateway.service
  since there is no system-unit gateway to depend on.
- /usr/bin/hermes shim removed. Root is guided to 'su - hermes' via a two-
  line /etc/profile.d/hermes-hint.sh message on login, with a one-liner to
  make the switch automatic. Once logged in as hermes, all hermes commands,
  profile aliases, and gateway management work natively.
- update_script simplified: only hermes-dashboard (our unit) is stopped and
  restarted. hermes update --yes handles gateway service lifecycle itself.
2026-05-03 15:22:11 -07:00

105 lines
3.0 KiB
Bash
Raw Blame History

#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: Stephen Chin (steveonjava)
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
# Source: https://hermes-agent.nousresearch.com/
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
msg_info "Installing Dependencies"
$STD apt install -y \
git
msg_ok "Installed Dependencies"
NODE_VERSION="22" setup_nodejs
msg_info "Creating Hermes User"
useradd -m -s /bin/bash hermes
loginctl enable-linger hermes
msg_ok "Created Hermes User"
msg_info "Installing Hermes Agent"
$STD setsid --wait env \
HOME=/home/hermes \
PATH=/home/hermes/.local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin \
bash <(curl -fsSL https://hermes-agent.nousresearch.com/install.sh) --skip-setup --hermes-home /home/hermes/.hermes --dir /home/hermes/.hermes/hermes-agent
if [[ ! -x /home/hermes/.local/bin/hermes ]]; then
msg_error "Hermes binary not found after installation"
exit 1
fi
chown -R hermes:hermes /home/hermes
git config --system --add safe.directory /home/hermes/.hermes/hermes-agent 2>/dev/null || true
msg_ok "Installed Hermes Agent"
msg_info "Installing Web Dashboard"
$STD runuser -u hermes -- \
env HOME=/home/hermes VIRTUAL_ENV=/home/hermes/.hermes/hermes-agent/venv \
/home/hermes/.local/bin/uv pip install 'hermes-agent[web,pty]'
msg_ok "Installed Web Dashboard"
msg_info "Configuring API Server"
API_SERVER_KEY=$(openssl rand -base64 32 | tr -dc 'a-zA-Z0-9' | cut -c1-32)
cat <<EOF >/home/hermes/.hermes/.env
API_SERVER_ENABLED=true
API_SERVER_HOST=0.0.0.0
API_SERVER_PORT=8642
API_SERVER_KEY=${API_SERVER_KEY}
HERMES_REDACT_SECRETS=true
EOF
chmod 600 /home/hermes/.hermes/.env
chown hermes:hermes /home/hermes/.hermes/.env
chmod 750 /home/hermes
chmod 700 /home/hermes/.hermes
msg_ok "Configured API Server"
msg_info "Creating Dashboard Service"
cat <<EOF >/etc/systemd/system/hermes-dashboard.service
[Unit]
Description=Hermes Agent Web Dashboard
After=network-online.target
Wants=network-online.target
[Service]
Type=simple
User=hermes
Group=hermes
UMask=0077
WorkingDirectory=/home/hermes
ExecStart=/home/hermes/.local/bin/hermes dashboard --host 127.0.0.1 --port 9119 --no-open
Environment="HERMES_HOME=/home/hermes/.hermes"
Environment="HOME=/home/hermes"
Environment="PATH=/home/hermes/.local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
Environment="NODE_OPTIONS=--max-old-space-size=3072"
Restart=on-failure
RestartSec=5
ProtectProc=invisible
ProcSubset=pid
[Install]
WantedBy=multi-user.target
EOF
systemctl enable -q --now hermes-dashboard
msg_ok "Created Dashboard Service"
msg_info "Configuring Login Guidance"
cat <<'EOF' >/etc/profile.d/hermes-hint.sh
if [[ "$(id -u)" -eq 0 ]]; then
echo " Run 'su - hermes' to manage Hermes Agent and profiles."
echo " To auto-switch on login: echo 'exec su - hermes' >> /root/.bash_profile"
fi
EOF
msg_ok "Configured Login Guidance"
motd_ssh
customize
cleanup_lxc
Reference in New Issue View Git Blame Copy Permalink