5d6b2a4572
Some checks failed
Implements the full Bezalel Epic-002 deployment suite: - deploy/docker-compose.yml: Docker Compose stack for hermes-agent with healthcheck, named volume, resource limits, and log rotation. - deploy/docker-compose.override.yml.example: Local dev override template. - deploy/hermes-agent.service: systemd unit for headless CLI/agent. - deploy/hermes-gateway.service: systemd unit for messaging gateway with pre/post hooks for deploy audit logging. - scripts/deploy-validate: Dry-run pre-flight validator that checks .env completeness, LLM key presence, gateway runtime state, port conflicts, and secret hygiene. Exit code 1 on blocking errors. - DEPLOY.md: Full deployment runbook — bare OS to running Hermes in < 30 min, covering secret injection, health checks, zero-downtime restart (systemd reload + blue/green), rollback with data backup, and Docker Compose update procedure. - gateway/platforms/api_server.py: Enhanced /health endpoint to return meaningful status: version, uptime_seconds, gateway_state, and per- platform connection states sourced from gateway_state.json. Fixes #146 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
86 lines
2.6 KiB
YAML
86 lines
2.6 KiB
YAML
# Hermes Agent — Docker Compose Stack
|
|
# Brings up the agent + messaging gateway as a single unit.
|
|
#
|
|
# Usage:
|
|
# docker compose up -d # start in background
|
|
# docker compose logs -f # follow logs
|
|
# docker compose down # stop and remove containers
|
|
# docker compose pull && docker compose up -d # rolling update
|
|
#
|
|
# Secrets:
|
|
# Never commit .env to version control. Copy .env.example → .env and fill it in.
|
|
# See DEPLOY.md for the full environment-variable reference.
|
|
|
|
services:
|
|
hermes:
|
|
image: ghcr.io/nousresearch/hermes-agent:latest
|
|
# To build locally instead:
|
|
# build:
|
|
# context: ..
|
|
# dockerfile: ../Dockerfile
|
|
container_name: hermes-agent
|
|
restart: unless-stopped
|
|
|
|
# Bind-mount the data volume so state (sessions, logs, memories, cron)
|
|
# survives container replacement.
|
|
volumes:
|
|
- hermes_data:/opt/data
|
|
|
|
# Load secrets from the .env file next to docker-compose.yml.
|
|
# The file is bind-mounted at runtime; it is NOT baked into the image.
|
|
env_file:
|
|
- ../.env
|
|
|
|
environment:
|
|
# Override the data directory so it always points at the volume.
|
|
HERMES_HOME: /opt/data
|
|
|
|
# Expose the OpenAI-compatible API server (if api_server platform enabled).
|
|
# Comment out or remove if you are not using the API server.
|
|
ports:
|
|
- "127.0.0.1:8642:8642"
|
|
|
|
healthcheck:
|
|
# Hits the API server's /health endpoint. The gateway writes its own
|
|
# health state to /opt/data/gateway_state.json — checked by the
|
|
# health-check script in scripts/deploy-validate.
|
|
test: ["CMD", "python3", "-c",
|
|
"import urllib.request; urllib.request.urlopen('http://localhost:8642/health', timeout=5)"]
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 3
|
|
start_period: 60s
|
|
|
|
# The container does not need internet on a private network;
|
|
# restrict egress as needed via your host firewall.
|
|
networks:
|
|
- hermes_net
|
|
|
|
logging:
|
|
driver: "json-file"
|
|
options:
|
|
max-size: "50m"
|
|
max-file: "5"
|
|
|
|
# Resource limits: tune for your VPS size.
|
|
# 2 GB RAM and 1.5 CPUs work for most conversational workloads.
|
|
deploy:
|
|
resources:
|
|
limits:
|
|
cpus: "1.5"
|
|
memory: 2G
|
|
reservations:
|
|
memory: 512M
|
|
|
|
volumes:
|
|
hermes_data:
|
|
# Named volume — Docker manages the lifecycle.
|
|
# To inspect: docker volume inspect hermes_data
|
|
# To back up:
|
|
# docker run --rm -v hermes_data:/data -v $(pwd):/backup \
|
|
# alpine tar czf /backup/hermes_data_$(date +%F).tar.gz /data
|
|
|
|
networks:
|
|
hermes_net:
|
|
driver: bridge
|