WorkHermes (deployment)
hermes (deployment) · a self-hosted ops bridge into my vault
first shipped 2025 · last touched 2026-05-10

What this is

Hermes Agent is an open-source self-improving agent built by Nous Research, released February 2026. I run a self-hosted instance — I didn’t write the agent. This page is the operator story: what I deploy, why, and what I learned keeping it alive.

Problem

I wanted a programmable assistant that could run scheduled jobs, react to events, hold state across sessions, and reply from anywhere — without paying per message or living in someone else’s cloud. The desktop side (Claude Code, the vault) was already strong; the gap was mobile and ambient.

Deployment

A single $5 Hostinger VPS holds the whole stack:

  • Hermes Agent (upstream nousresearch/hermes-agent:latest) — gateway as PID 1, polls a Telegram bot, routes to DeepSeek V4 Flash via OpenRouter (~$3–8/mo at moderate use).
  • n8n — deterministic glue. Anything that’s not a judgment call goes here.
  • Traefik + Let’s Encrypt — TLS for both, on subdomains of the Hostinger-assigned wildcard.
  • Filebrowser — read-only window into the vault data dir, gated by HTTP basic auth.

Persistent state lives in a bind-mounted /docker/hermes/data directory: config.yaml, state.db, SOUL.md, skills/, memories/, sessions/, cron/. The container is disposable; the data dir is the asset.

What I learned migrating off the one-click image

The Hostinger one-click pinned Hermes at v0.9.0; upstream was on v0.12.0 within 20 days. I swapped to docker.io/nousresearch/hermes-agent:latest to track the weekly upstream cadence. The bind-mount carried every skill, memory, and session intact across the cutover — the data dir is what made the migration painless.

A few non-obvious gotchas worth pinning:

  • The gateway is the cron scheduler. Don’t run a second gateway “for cron” — you’ll double-fire jobs.
  • The TUI (hermes) and the gateway are separate processes with separate conversation surfaces but the same on-disk brain. TUI for desk, Telegram for mobile, shared memory.
  • Upstream image runs as UID 10000; Hostinger ran as root. Bind-mounted data dirs need user: "0:0" in compose to avoid permission errors on the cutover.

What’s next

Folding this site’s auto-publish loop into the same VPS — Hermes triggers n8n on a vault commit; n8n runs the Astro build and pushes to Vercel. The vault stays the source of truth; the site becomes a thin readable view of it.

the stack

  • ·Hermes Agent (Nous Research)
  • ·Hostinger VPS
  • ·Docker
  • ·Traefik
  • ·n8n
  • ·OpenRouter
  • ·DeepSeek V4 Flash
  • ·Telegram Bot API
github.com/nousresearch/hermes-agent