Note Content (Markdown) # Inactive Hermes Host Preparation This package is designed for the existing GCE VM that hosts the `n8n project`. It deliberately stops before any agent activation or integration. ## Current Deployment Status Remote preparation was completed on the confirmed GCE host: - Project: `n8n-hosting-452913` - Instance: `instance-20250306-165614` - Zone: `us-central1-c` - SSH: `admin@34.27.189.109` with `~/.ssh/easier_validation_gce_ed25519` - Prepared path: `/srv/easier-hermes` - Durable ops package path: `/srv/easier-hermes/ops` - Hermes source: `/srv/easier-hermes/source/hermes-agent`, pinned to `v2026.5.16` No Hermes image, container, port, gateway, connector, provider credential or cron job was created. ## Preparation Boundary Running `prepare-hermes-host.sh` on the VM will: - record a small Docker/disk/memory preflight report; - create `/srv/easier-hermes/{source,data,vault,audit}`; - clone the official Hermes source at tag `v2026.5.16`; - optionally build a local Docker image from that pinned source only when `HERMES_BUILD_IMAGE=1` is set; - copy an inactive Hermes configuration and empty Obsidian vault skeleton if they do not yet exist. The eventual Hermes process runs inside its own locked-down container. Its terminal backend is therefore `local` inside that container; the package does not grant access to the host Docker socket or the existing n8n containers. It will not: - start a Hermes container; - call a model provider or request credentials; - expose an API port; - start the messaging gateway; - configure MCP, n8n, Notion or any external integration; - index, read or ingest business information; - change the existing n8n containers or network. ## Intended Transfer and Preparation The initial preparation has already been run with image building disabled: ```bash sudo HERMES_BUILD_IMAGE=0 bash ./prepare-hermes-host.sh ``` The image build is intentionally off by default. On the current `e2-medium` host, building should wait until there is enough disk/memory headroom or a quiet maintenance window. The Compose service is protected by the `activate` profile. This command is safe to use for validation because it renders configuration without starting Hermes: ```bash docker compose -f ./compose.yaml --profile activate config ``` Do not run `docker compose --profile activate up` or rebuild the image until the activation phase has been reviewed, credentials have been configured outside the vault, backups are established and tool permissions are chosen. ## Later Activation Checklist 1. Check existing n8n containers, volumes, resource utilisation, firewall and snapshot/backup state on the actual instance. 2. Decide how the Obsidian vault syncs to the server and is backed up. 3. Review `config/config.yaml.template` and replace it deliberately. 4. Configure a model provider interactively without placing secrets in this workspace or the vault. 5. Test Hermes on public/synthetic notes in CLI mode only. 6. Evaluate QMD retrieval after real vault material is present. 7. Consider integrations individually, read-only first and with approval before any external side effect.

Save Changes