Cradicle Explorer
hermes-agent
/ docker-compose.yml
docker-compose.yml
 1  #
 2  # docker-compose.yml for Hermes Agent
 3  #
 4  # Usage:
 5  #   HERMES_UID=$(id -u) HERMES_GID=$(id -g) docker compose up -d
 6  #
 7  # Set HERMES_UID / HERMES_GID to the host user that owns ~/.hermes so
 8  # files created inside the container stay readable/writable on the host.
 9  # The entrypoint remaps the internal `hermes` user to these values via
10  # usermod/groupmod + gosu.
11  #
12  # Security notes:
13  #   - The dashboard service binds to 127.0.0.1 by default. It stores API
14  #     keys; exposing it on LAN without auth is unsafe. If you want remote
15  #     access, use an SSH tunnel or put it behind a reverse proxy that
16  #     adds authentication — do NOT pass --insecure --host 0.0.0.0.
17  #   - The gateway's API server is off unless you uncomment API_SERVER_KEY
18  #     and API_SERVER_HOST. See docs/user-guide/api-server.md before doing
19  #     this on an internet-facing host.
20  #
21  services:
22    gateway:
23      build: .
24      image: hermes-agent
25      container_name: hermes
26      restart: unless-stopped
27      network_mode: host
28      volumes:
29        - ~/.hermes:/opt/data
30      environment:
31        - HERMES_UID=${HERMES_UID:-10000}
32        - HERMES_GID=${HERMES_GID:-10000}
33        # To expose the OpenAI-compatible API server beyond localhost,
34        # uncomment BOTH lines (API_SERVER_KEY is mandatory for auth):
35        # - API_SERVER_HOST=0.0.0.0
36        # - API_SERVER_KEY=${API_SERVER_KEY}
37        # Microsoft Teams — uncomment and fill in to enable Teams gateway.
38        # Register your bot at https://dev.botframework.com/ to get these values.
39        # - TEAMS_CLIENT_ID=${TEAMS_CLIENT_ID}
40        # - TEAMS_CLIENT_SECRET=${TEAMS_CLIENT_SECRET}
41        # - TEAMS_TENANT_ID=${TEAMS_TENANT_ID}
42        # - TEAMS_ALLOWED_USERS=${TEAMS_ALLOWED_USERS}
43        # - TEAMS_PORT=${TEAMS_PORT:-3978}
44      command: ["gateway", "run"]
45  
46    dashboard:
47      image: hermes-agent
48      container_name: hermes-dashboard
49      restart: unless-stopped
50      network_mode: host
51      depends_on:
52        - gateway
53      volumes:
54        - ~/.hermes:/opt/data
55      environment:
56        - HERMES_UID=${HERMES_UID:-10000}
57        - HERMES_GID=${HERMES_GID:-10000}
58      # Localhost-only. For remote access, tunnel via `ssh -L 9119:localhost:9119`.
59      command: ["dashboard", "--host", "127.0.0.1", "--no-open"]