fix: address Hermes bootstrap review (compose note, README transfer step, cleanups)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

README.md

@@ -52,7 +52,7 @@ litellm(#117, `10.1.10.22:4000`)을 LLM 게이트웨이로 쓰는 Nous Research
 1. 호스트 준비(node1 콘솔): `mkdir -p /mnt/pve/hdd/hermes /media/2tb/hermes && chown 100000:100000 /mnt/pve/hdd/hermes /media/2tb/hermes`
 2. `terraform apply` (컨테이너 생성)
 3. node1 콘솔: `pct set 118 -features nesting=1,keyctl=1 -mp0 /mnt/pve/hdd/hermes,mp=/data -mp1 /media/2tb/hermes,mp=/fast && pct reboot 118`
-4. LXC 콘솔: `scripts/hermes-bootstrap.sh` 실행 → `/opt/hermes-stack/.env` 채우고 `docker compose run --rm hermes setup` → `docker compose up -d`
+4. 스크립트를 LXC에 넣고 실행 — 호스트(node1)에서 `pct push 118 scripts/hermes-bootstrap.sh /root/hermes-bootstrap.sh --perms 0755` (또는 LXC 콘솔 편집기로 붙여넣기) → LXC 콘솔에서 `bash /root/hermes-bootstrap.sh` → `/opt/hermes-stack/.env` 채우고 `docker compose run --rm hermes setup` → `docker compose up -d`
 
 > 비밀값(litellm 키·봇 토큰)은 컨테이너의 `/opt/hermes-stack/.env`에만 두고 repo에 커밋하지 않는다.
 > TODO: hermes `mp0/mp1`는 TF state에 없음 → 추후 `terraform import`로 따라잡기.

scripts/hermes-bootstrap.sh

@@ -4,16 +4,17 @@
 set -euo pipefail
 
 LITELLM_BASE_URL="http://10.1.10.22:4000/v1"   # litellm gateway (#117)
-HERMES_DATA="/opt/hermes"                       # ~/.hermes equivalent on rootfs (fast)
+HERMES_DATA="/opt/hermes"                       # hermes config/memory on LXC rootfs
 COMPOSE_DIR="/opt/hermes-stack"
 
 echo "==> 1/5 Install rootful Docker + compose plugin"
 apt-get update
-apt-get install -y ca-certificates curl gnupg
+apt-get install -y ca-certificates curl
 install -m 0755 -d /etc/apt/keyrings
 curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
 chmod a+r /etc/apt/keyrings/docker.asc
 . /etc/os-release
+: "${VERSION_CODENAME:?/etc/os-release does not define VERSION_CODENAME}"
 echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian ${VERSION_CODENAME} stable" \
   > /etc/apt/sources.list.d/docker.list
 apt-get update
@@ -27,6 +28,7 @@ mkdir -p "${HERMES_DATA}" "${COMPOSE_DIR}"
 mkdir -p /data/workspace /fast/workspace
 
 echo "==> 3/5 Write docker-compose.yml"
+# NOTE: docker-compose.yml is (re)generated from this script's vars on every run — edit the script, not the file. Secrets live in .env (guarded below).
 cat > "${COMPOSE_DIR}/docker-compose.yml" <<EOF
 services:
   hermes:
@@ -36,7 +38,7 @@ services:
     command: gateway run
     shm_size: "1g"            # browser tools (Playwright/Chromium)
     volumes:
-      - ${HERMES_DATA}:/opt/data   # config, memory, skills, sessions (rootfs/SSD)
+      - ${HERMES_DATA}:/opt/data   # config, memory, skills, sessions (LXC rootfs)
       - /data:/data                # bulk workspace (hdd 14TB)
       - /fast:/fast                # fast workspace (2tb SSD)
     env_file: