hermes-agent/deploy/hermes-gateway.service

# systemd unit — Hermes Gateway (messaging platform adapter)
#
# Install:
#   sudo cp hermes-gateway.service /etc/systemd/system/
#   sudo systemctl daemon-reload
#   sudo systemctl enable --now hermes-gateway
#
# The gateway connects Hermes to Telegram, Discord, Slack, WhatsApp, Signal,
# and other platforms.  It is a long-running asyncio process that bridges
# inbound messages to the agent and routes responses back.
#
# See DEPLOY.md for environment variable configuration.

[Unit]
Description=Hermes Gateway (messaging platform bridge)
Documentation=https://hermes-agent.nousresearch.com/docs/user-guide/messaging
After=network-online.target
Wants=network-online.target

[Service]
Type=simple
User=hermes
Group=hermes

WorkingDirectory=/home/hermes

# Load environment (API keys, platform tokens, etc.) from the data directory.
EnvironmentFile=/home/hermes/.hermes/.env

# --replace clears stale PID/lock files from an unclean previous shutdown.
ExecStart=/home/hermes/.local/bin/hermes gateway start --replace

# Pre-start hook: write a timestamped marker so rollback can diff against it.
ExecStartPre=/bin/sh -c 'echo "$(date -u +%%Y-%%m-%%dT%%H:%%M:%%SZ) gateway starting" >> /home/hermes/.hermes/logs/deploy.log'

# Post-stop hook: log shutdown time for audit trail.
ExecStopPost=/bin/sh -c 'echo "$(date -u +%%Y-%%m-%%dT%%H:%%M:%%SZ) gateway stopped" >> /home/hermes/.hermes/logs/deploy.log'

ExecStop=/bin/kill -TERM $MAINPID
TimeoutStopSec=30

Restart=on-failure
RestartSec=5s
StartLimitBurst=5
StartLimitIntervalSec=60s

# Security hardening.
NoNewPrivileges=true
PrivateTmp=true
ProtectSystem=strict
ProtectHome=read-only
ReadWritePaths=/home/hermes/.hermes /home/hermes/.local/share/hermes

StandardOutput=journal
StandardError=journal
SyslogIdentifier=hermes-gateway

[Install]
WantedBy=multi-user.target