Plan: 10 tasks splitting workstation Terraform (token-safe container skeleton)
from PVE-console host ops (features nesting/keyctl + bind mounts via pct set,
which the API token cannot do) and in-container Docker/hermes bootstrap.
Spec amended for the discovered API-token limitation: bind mounts AND container
features require root@pam/SSH, so both are applied via console pct set rather
than Terraform; terraform import tracked as follow-up.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Design for deploying Nous Research Hermes Agent as an unprivileged Docker
LXC (#118) on node1, using litellm (10.1.10.22:4000) as the OpenAI-compatible
LLM gateway. Messaging-connector use (outbound-only, no inbound ports).
Large workspace via direct host bind mounts (hdd /data + 2tb /fast),
aligned with the Plan A same-host bind-mount decision.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
