Move Hermes config into volume, add pre-deploy sync check

Config.yaml was bind-mounted, blocking runtime writes (/sethome).
Move it into the Docker volume via docker cp instead. Add
hermes-sync Makefile target that diffs remote config against local
before deploying, to catch runtime changes.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Makefile

@@ -1,4 +1,4 @@
-.PHONY: build serve deploy ssh setup miniflux gitea goatcounter hermes hermes-chat enrich
+.PHONY: build serve deploy ssh setup miniflux gitea goatcounter hermes hermes-sync hermes-chat enrich
 
 # Load .env if it exists
 -include .env
@@ -37,10 +37,30 @@ goatcounter:
 	@test -n "$(MONOTROPE_HOST)" || (echo "Error: MONOTROPE_HOST is not set"; exit 1)
 	ansible-playbook -i "$(MONOTROPE_HOST)," -u root infra/ansible/playbook.yml --tags goatcounter
 
-hermes:
+hermes: hermes-sync
 	@test -n "$(MONOTROPE_HOST)" || (echo "Error: MONOTROPE_HOST is not set"; exit 1)
 	ansible-playbook -i "$(MONOTROPE_HOST)," -u root infra/ansible/playbook.yml --tags hermes
 
+hermes-sync:
+	@test -n "$(MONOTROPE_HOST)" || (echo "Error: MONOTROPE_HOST is not set"; exit 1)
+	@echo "Checking for remote config changes..."
+	@ssh root@$(MONOTROPE_HOST) docker cp hermes:/opt/data/config.yaml - 2>/dev/null | tar -xO > /tmp/hermes-remote-config.yaml || true
+	@if ! diff -q infra/hermes/config.yaml /tmp/hermes-remote-config.yaml >/dev/null 2>&1; then \
+		echo ""; \
+		echo "Remote config.yaml differs from local:"; \
+		echo "─────────────────────────────────────"; \
+		diff -u infra/hermes/config.yaml /tmp/hermes-remote-config.yaml || true; \
+		echo "─────────────────────────────────────"; \
+		echo ""; \
+		read -p "Overwrite remote with local? [y/N] " ans; \
+		if [ "$$ans" != "y" ] && [ "$$ans" != "Y" ]; then \
+			echo "Aborting. Merge remote changes into infra/hermes/config.yaml first."; \
+			exit 1; \
+		fi; \
+	else \
+		echo "Config in sync."; \
+	fi
+
 hermes-chat:
 	@test -n "$(MONOTROPE_HOST)" || (echo "Error: MONOTROPE_HOST is not set"; exit 1)
 	ssh -t root@$(MONOTROPE_HOST) docker exec -it hermes hermes chat

infra/ansible/playbook.yml

@@ -344,13 +344,17 @@
         mode: '0640'
       tags: hermes
 
-    - name: Copy Hermes config.yaml
+    - name: Stage Hermes config.yaml
       copy:
         src: ../hermes/config.yaml
         dest: /opt/hermes/config.yaml
         owner: root
         group: root
         mode: '0640'
+      tags: hermes
+
+    - name: Copy config.yaml into Hermes volume
+      command: docker cp /opt/hermes/config.yaml hermes:/opt/data/config.yaml
       notify: Restart Hermes
       tags: hermes
 

infra/hermes/config.yaml

@@ -1,10 +1,9 @@
 model:
   provider: openrouter
   default: openrouter/auto
-
 memory:
   memory_enabled: true
   user_profile_enabled: true
-
 agent:
   max_turns: 70
+TELEGRAM_HOME_CHANNEL: '8455090116'

infra/hermes/docker-compose.yml

@@ -13,7 +13,6 @@ services:
       - monotrope
     volumes:
       - hermes_data:/opt/data
-      - ./config.yaml:/opt/data/config.yaml:ro
       - ./plugins:/opt/data/plugins:ro
     environment:
       OPENROUTER_API_KEY: "${OPENROUTER_API_KEY}"