services: hermes-gateway: image: hermes-agent-local:v2026.4.16-ssh build: context: . dockerfile: Dockerfile container_name: hermes-gateway restart: unless-stopped init: true command: gateway run security_opt: - no-new-privileges:true cap_drop: - ALL cap_add: - CHOWN - SETUID - SETGID pids_limit: 256 environment: TZ: ${TZ:-Europe/Berlin} HERMES_HOME: /opt/data dns: - 192.168.178.58 - 1.1.1.1 - 8.8.8.8 volumes: - /mnt/user/appdata/hermes-agent/data:/opt/data - /mnt/user/appdata/hermes-agent/ssh:/home/hermes/.ssh - /mnt/user/appdata/secrets/hermes_runner_id_ed25519:/home/hermes/.ssh/id_ed25519:ro expose: - "8642" networks: - hermes_net healthcheck: test: ["CMD", "python3", "-c", "import urllib.request; urllib.request.urlopen('http://127.0.0.1:8642/health', timeout=3).read()"] interval: 30s timeout: 5s retries: 5 start_period: 60s hermes-dashboard: image: hermes-agent-local:v2026.4.16-ssh build: context: . dockerfile: Dockerfile container_name: hermes-dashboard profiles: - dashboard restart: unless-stopped init: true command: dashboard --host 0.0.0.0 security_opt: - no-new-privileges:true cap_drop: - ALL cap_add: - CHOWN - SETUID - SETGID pids_limit: 128 depends_on: hermes-gateway: condition: service_healthy environment: TZ: ${TZ:-Europe/Berlin} HERMES_HOME: /opt/data GATEWAY_HEALTH_URL: http://hermes-gateway:8642 dns: - 192.168.178.58 - 1.1.1.1 - 8.8.8.8 volumes: - /mnt/user/appdata/hermes-agent/data:/opt/data:ro networks: - hermes_net - frontend_net labels: - traefik.enable=true - traefik.docker.network=frontend_net - traefik.http.routers.hermes-dashboard.rule=Host(`${HERMES_DASHBOARD_HOST}`) - traefik.http.routers.hermes-dashboard.entrypoints=websecure - traefik.http.routers.hermes-dashboard.tls=true - traefik.http.routers.hermes-dashboard.tls.certresolver=le - traefik.http.routers.hermes-dashboard.middlewares=authelia@file,secure-headers@file - traefik.http.services.hermes-dashboard.loadbalancer.server.port=9119 networks: frontend_net: external: true hermes_net: name: hermes_net driver: bridge