How to Run Your Own AI Agent on a VPS (with Synced Storage)

What You're Building

Architecture

You end up with:

• Hermes Agent running 24/7 on a VPS with persistent sessions and memory.
• Tailscale providing a private encrypted mesh, no public ports exposed.
• Syncthing keeping a folder synced bidirectionally between your PC and the VPS.
• WebUI accessible from your browser via the Tailscale IP.

Shopping List

Shop list items

Step 1: Provision a Hetzner VPS

1. Go to hetzner.com/cloud and create an account
2. Click Create Server and pick CX22 (sweet spot for Hermes)
3. Location: pick the closest data center to you
4. Image: Ubuntu 24.04 LTS
5. SSH key: add your public key (or you'll get a root password via email)
6. Click Create & Buy Now

hetzner page

Once provisioned, note the public IP. SSH in:

ssh root@<your-public-ip>

Initial housekeeping:

apt update && apt upgrade -y
apt install -y curl wget git ufw

Step 2: Install Hermes Agent

Hermes Agent is an open-source AI agent framework by Nous Research. One command:

curl -fsSL https://raw.githubusercontent.com/NousResearch/hermes-agent/main/scripts/install.sh | bash

After installation, start the interactive setup wizard:

hermes setup

This walks you through model selection, API keys, and the gateway. Alternatively, skip the wizard and configure manually.

Verify it works:

hermes chat -q "Say hello and tell me the current date"

What is Hermes Agent? It's an autonomous AI agent that can use tools — run shell commands, read/write files, search the web, delegate subtasks, and more. It works with any LLM provider (OpenRouter, Anthropic, OpenAI, DeepSeek, and 15+ others). It has persistent memory across sessions and can self-improve by saving reusable procedures as "skills."

Step 3: Configure Your AI Provider

Hermes works with 20+ providers. Here are the most common:

Option A: OpenRouter (easiest — one key, many models)

hermes model

Select OpenRouter, then paste your API key from openrouter.ai/keys.

Or set it manually:

hermes config set model.provider openrouter
echo "OPENROUTER_API_KEY=sk-or-v1-..." >> ~/.hermes/.env

Option B: DeepSeek (cheap, excellent coding)

hermes config set model.provider deepseek
echo "DEEPSEEK_API_KEY=sk-..." >> ~/.hermes/.env

Option C: Anthropic (Claude)

hermes config set model.provider anthropic
echo "ANTHROPIC_API_KEY=sk-ant-..." >> ~/.hermes/.env

Try it out:

hermes chat -m "openrouter/anthropic/claude-sonnet-4" -q "Explain quantum computing in one paragraph"

Step 4: Set Up Tailscale

Tailscale creates a private WireGuard mesh between all your devices. Every device gets a stable 100.x.y.z IP address, reachable only by your other Tailscale devices.

On the VPS

curl -fsSL https://tailscale.com/install.sh | sh
tailscale up --ssh --accept-routes

Visit the URL it prints, authenticate with Google/GitHub/Microsoft, and you're done.

Verify:

tailscale status

You should see your VPS with a 100.x.y.z address.

On Your Local Machine

Install Tailscale from tailscale.com/download — it's a one-click install on Windows, macOS, or Linux. Log in with the same account.

You should now see both devices:

100.92.74.14 hermes-agent linux -

100.75.91.109 my-laptop windows -

You can now SSH from your local machine using the Tailscale IP:

ssh root@100.92.74.14

No port forwarding, no public SSH exposure, no key management — Tailscale handles it all.

Step 5: Install Syncthing

Syncthing is an open-source continuous file synchronization tool. It's like Dropbox, but peer-to-peer with no cloud storage in the middle.

On the VPS

# Add repo
curl -fsSL https://syncthing.net/release-key.gpg | sudo gpg --dearmor -o /usr/share/keyrings/syncthing-archive-keyring.gpg

echo "deb [signed-by=/usr/share/keyrings/syncthing-archive-keyring.gpg] https://apt.syncthing.net/ syncthing stable" | sudo tee /etc/apt/sources.list.d/syncthing.list

# Install
sudo apt-get update && sudo apt-get install -y syncthing

# Enable and start as a systemd service
sudo systemctl enable --now syncthing@root

Lock it down to Tailscale only (no public exposure):

# Get your VPS Tailscale IP
TAILSCALE_IP=$(tailscale ip -4)

# Configure via REST API
APIKEY=$(grep -oP '<apikey>\K[^<]+' /root/.local/state/syncthing/config.xml)

BASE="http://127.0.0.1:8384/rest"

# Bind to Tailscale IP only
curl -s -X PUT -H "X-API-Key: $APIKEY" "$BASE/config/options" \
-H "Content-Type: application/json" \
-d "{\"listenAddresses\":[\"tcp://$TAILSCALE_IP:22000\",\"quic://$TAILSCALE_IP:22000\"]}"

# Remove default folder
curl -s -X DELETE -H "X-API-Key: $APIKEY" "$BASE/config/folders/default"

# Restart to apply
sudo systemctl restart syncthing@root

Verify it's only listening on Tailscale:

ss -tlnp | grep syncthing

# Should show: 100.x.y.z:22000 (Tailscale IP only)
# 127.0.0.1:8384 (web UI, localhost only)

On Your Local Machine

• Windows: Download SyncTrayzor (tray app + Syncthing bundled)
• macOS: brew install syncthing or download from syncthing.net

Linux: Same apt install as the VPS

Step 6: Create the Shared Folder

On the VPS

mkdir -p /home/shared

chmod 755 /home/shared

Add the folder to Syncthing and share it with your local device. First, get your VPS device ID:

syncthing --device-id
# Example: 6GOPJYE-VWULHUV-AFNWRPV-ETXHKKJ-5VLQY4W-XO52NJQ-WZORRNE-ZL2NTAQ

Then configure the shared folder via the REST API:

APIKEY=$(grep -oP '<apikey>\K[^<]+'/root/.local/state/syncthing/config.xml)

BASE="http://127.0.0.1:8384/rest"

# Create the shared folder
curl -s -X PUT -H "X-API-Key: $APIKEY" "$BASE/config/folders/shared" \
-H "Content-Type: application/json" \
-d '{
      "id": "shared",
      "path": "/home/shared",
      "type": "sendreceive",
      "rescanIntervalS": 30,
      "devices": [
                  {"deviceID": "YOUR_VPS_DEVICE_ID"},
                  {"deviceID": "YOUR_LOCAL_DEVICE_ID"}
      ]
    }'

#Replace YOUR_LOCAL_DEVICE_ID with your local machine's Syncthing device ID (found in the web UI under Actions → Show ID).

Step 7: Connect Your Local Machine

Find your local device ID

Open the Syncthing web UI at http://127.0.0.1:8384, go to Actions → Show ID. Copy the full device ID string.

Add the VPS as a remote device

1. In your local Syncthing UI, click Add Remote Device
2. Paste the VPS device ID
3. Under Addresses, change from dynamic to a static address:
   1. tcp://100.92.74.14:22000 (use your actual VPS Tailscale IP)
4. Click Save

Accept the shared folder

After the devices pair, you'll see a notification: "hermes-agent wants to share folder 'shared'." Click Add, pick a local folder path (e.g., C:\Users\You\Shared on Windows or ~/Shared on macOS/Linux), and confirm.

Test the sync

On the VPS:

echo "Hello from the VPS!" > /home/shared/test.txt

Check your local folder, test.txt should appear within seconds.

Step 8: Access the Hermes WebUI

Hermes Agent includes a browser-based chat interface.

hermes gateway setup

# Select "WebUI" or "API Server" platform
# Set the listen address to your Tailscale IP: 100.92.74.14
# Set a port: 18789 (default)

hermes gateway start

Now open your browser to http://100.92.74.14:18789 (use your VPS Tailscale IP).

You can now chat with Hermes from any browser, send it tasks, and it'll execute them on the VPS. The shared folder means you can drop files on either machine and they're instantly available everywhere.

For HTTPS (optional), set up a reverse proxy with Caddy or Nginx + Let's Encrypt pointed at the WebUI port. Or use Tailscale Funnel to expose it with a public URL and automatic TLS.

What Now?

Your setup is complete. Here's what you can do next:

Written with the help of Hermes Agent :)