hermes-agent-packer/README.md

# Hermes Agent Vultr Marketplace — Packer Image Build

One-shot install for Hermes Agent on Ubuntu 24.04 with Vultr Inference, ttyd, code-server, Docker, Caddy, and Homebrew.

## Architecture

Bare-metal install via Packer → Vultr snapshot.

### File layout

```
├── Jenkinsfile              # Pipeline: validate → install packer → init → build
├── hermes.pkr.hcl           # Packer HCL template (Vultr plugin)
├── scripts/
│   ├── provision.sh         # Bake-time: system deps, hermes, docker, caddy, ttyd
│   └── cloud-init.yaml      # Deploy-time: metadata fetch, config, caddy TLS
├── install-hermes.sh        # Standalone installer (for manual deploys)
└── README.md
```

### Bake-time (Packer snapshot)

Everything slow and static:
- `apt` packages (build-essential, curl, git, jq, python3-venv, zsh, ttyd, …)
- Hermes Agent from GitHub (v0.7.0)
- Docker CE
- Caddy (disabled until configured)
- code-server
- Oh My Zsh + Homebrew
- UFW with ssh/http/https/7681/8080 allowed
- Dedicated `hermes` system user with `~/.hermes/` pre-created
- ttyd and code-server systemd services created

### Deploy-time (cloud-init)

Per-instance secrets and activation:
1. Fetch `app-password`, `app-inf_api_key`, `app-domain` from Vultr metadata
2. Write `/home/hermes/.hermes/.env` with Vultr Inference API key
3. Write `/home/hermes/.hermes/config.yaml` with model/provider config
4. Configure code-server with password
5. Start ttyd and code-server services
6. Write `/etc/caddy/Caddyfile` with domain, ZeroSSL TLS, basic auth
7. Start Caddy and wait for cert issuance
8. Shred the temp env file

### Access URLs (after deploy)

- **Hermes Terminal:** `https://your-domain.com/` (via ttyd)
- **VS Code:** `https://your-domain.com/code/`
- **Basic Auth:** Username `hermes`, password from Vultr metadata

### Jenkins parameters

| Parameter | Default | Description |
|---|---|---|
| `HERMES_VERSION` | `v0.7.0` | Hermes Agent git tag |
| `VULTR_REGION` | `ewr` | Build region |
| `VULTR_PLAN` | `vc2-2c-4gb` | Build instance size |
| `VULTR_OS_ID` | `2284` | Ubuntu 24.04 LTS |

### Credentials needed in Jenkins

| Credential ID | Type | Purpose |
|---|---|---|
| `VULTR_API_KEY` | Secret text | Vultr API key for Packer to provision + snapshot |

### Vultr Marketplace Metadata Variables

Configure these in the Vultr marketplace app:

| Variable | Description |
|----------|-------------|
| `app-password` | Password for basic auth and code-server |
| `app-inf_api_key` | Vultr Inference API key |
| `app-domain` | Domain for TLS certificate |


## Available Models (Vultr Inference)

| Model ID | Context | Notes |
|----------|---------|-------|
| `zai-org/GLM-5-FP8` | 200K | Default, reasoning-capable |
| `deepseek-ai/DeepSeek-V3.2` | 128K | Reasoning-capable |
| `google/gemma-4-31B-it` | 256K | Reasoning-capable |
| `Qwen/Qwen2.5-Coder-32B-Instruct` | 131K | Code-focused |
| `MiniMaxAI/MiniMax-M2.5` | 128K | General purpose |
| `moonshotai/Kimi-K2.5` | 128K | General purpose |

## Manual Installation

For manual deploys without Packer, use the standalone installer:

```bash
# Without domain (HTTP only)
curl -fsSL https://raw.githubusercontent.com/.../install-hermes.sh | bash

# With domain (HTTPS via Caddy)
curl -fsSL https://raw.githubusercontent.com/.../install-hermes.sh | bash -s -- your-domain.com
```

## Services

| Service | Port | Description |
|---------|------|-------------|
| `ttyd-hermes` | 7681 | Hermes terminal (web) |
| `code-server-hermes` | 8080 | VS Code (web) |
| `caddy` | 80/443 | Reverse proxy with auto-HTTPS |
| `docker` | - | Container runtime |

## Notes

- ttyd runs as root, drops privileges to hermes user via `-u`/`-g` flags
- code-server runs as hermes user
- Homebrew installed at `/home/linuxbrew/.linuxbrew`
- `HOME` and `PATH` environment variables set in systemd services for brew compatibility
- Caddyfile uses ZeroSSL primary (avoids LE rate limits), Let's Encrypt fallback