Self-improving AI agent by Nous Research — runs CLI conversations, manages memory and skills, and supports a Telegram/Discord gateway for remote access.
Overview
Hermes Agent is a Python-based AI agent framework. It stores skills and memories across sessions, supports scheduled automations, and can spawn subagents for parallel workloads. Models run via external API (OpenRouter, Anthropic, DeepSeek, etc.) — no GPU needed.
Container: CT 130 IP: 192.168.144.63 Resources: 2 vCPU, 8 GB RAM, 2 GB swap, 20 GB disk (cts zfspool) Ports:
- 8642 — Hermes gateway API server (chat, models, streaming)
- 8787 — Hermes community web UI (external: https://hermes-ui.janvv.nl, Cloudflare Access-protected)
- 9119 — Hermes built-in dashboard (https://hermes.janvv.nl)
Dashboard (LAN): http://192.168.144.63:9119
Binary:
/usr/local/bin/hermesVenv:/usr/local/lib/hermes-agent/venv/Data dir:/data/hermes(on ssd_pool via LXC bind mount)
Installation
pct exec 130 -- bash
curl -fsSL https://raw.githubusercontent.com/NousResearch/hermes-agent/main/scripts/install.sh | bashHERMES_HOME=/data/hermes is set in /etc/environment so data persists on the ssd_pool mount.
Configuration
API keys and settings live in /data/hermes/.env. Edit directly:
pct exec 130 -- nano /data/hermes/.envOr use the CLI:
pct exec 130 -- hermes config set <key> <value>Model is configured in /data/hermes/config.yaml.
API_SERVER_ENABLED=true is set in .env to enable the gateway API on port 8642.
Maintenance
Three systemd services run as user jan, start on boot.
| Service | Port | systemd unit |
|---|---|---|
| Gateway (API + messaging) | 8642 | hermes-gateway.service |
| Web UI (community) | 8787 | hermes-webui.service (system) |
| Dashboard | 9119 | hermes-dashboard.service |
Gateway (port 8642 — API server; also handles Telegram):
pct exec 130 -- systemctl status hermes-gateway
pct exec 130 -- systemctl restart hermes-gateway
pct exec 130 -- journalctl -u hermes-gateway -fDashboard (port 9119, the built-in web UI):
pct exec 130 -- systemctl status hermes-dashboard
pct exec 130 -- systemctl restart hermes-dashboard
pct exec 130 -- journalctl -u hermes-dashboard -fWeb UI (port 8787, community web UI — system service):
pct exec 130 -- sudo systemctl status hermes-webui
pct exec 130 -- sudo systemctl restart hermes-webui
pct exec 130 -- sudo journalctl -u hermes-webui -fUpdate Hermes Agent:
pct exec 130 -- bash -c 'curl -fsSL https://raw.githubusercontent.com/NousResearch/hermes-agent/main/scripts/install.sh | bash'
pct exec 130 -- systemctl restart hermes-gateway hermes-dashboard
pct exec 130 -- sudo systemctl restart hermes-webuiInteractive session:
pct enter 130
hermesNotes
- hermes-ui.janvv.nl serves the community web UI (port 8787), protected by Cloudflare Access (Google/OTP auth required before reaching the origin).
- hermes.janvv.nl serves the built-in Hermes dashboard (port 9119).
- The built-in Hermes OAuth auth-gate is not active (no provider registered).
API_SERVER_ENABLED=truein.envis required for the gateway API server on 8642- SOUL.md is at
/data/hermes/SOUL.md— defines the agent's identity - Do NOT set
display.personalityin config.yaml — it overrides SOUL.md identity - If bot identity is wrong, check: (1)
display.personalityin config.yaml, (2) stale state.db/sessions.json
Testing Results (2026-06-01)
All endpoints verified functional on both external and internal paths:
| Endpoint | Backend | External | Internal |
|---|---|---|---|
| https://hermes-ui.janvv.nl | Web UI (:8787) | 200 OK, SSL ok | 200 OK, SSL ok |
| https://hermes.janvv.nl | Dashboard (:9119) | 200 OK, SSL ok | 200 OK, SSL ok |
Certificate details: Let's Encrypt via Cloudflare DNS-01 challenge.
- hermes-ui.janvv.nl: expires 2026-08-27
- hermes.janvv.nl: expires 2026-08-30
Infrastructure verified:
- Cloudflare tunnel ingress rules correct
- Caddy reverse proxy configuration correct
- Pi-hole local DNS records correct (both → 192.168.144.31)
- Cloudflare DNS CNAME records correct (both → tunnel, proxied)