> the one-command installer

Stand up your agent
in one command.

Paste it on a fresh Ubuntu VPS. It builds a de-privileged, hardened agent that lives in Slack โ€” a Codex brain, persistent memory, daily backups. Secrets stay in 1Password; nothing sensitive touches disk.

# 1 ยท clone   2 ยท cd in   3 ยท run (drop in your 1Password service-account token + vault)
git clone https://github.com/HypeOrShip/hermes-personal-agent-installer.git
cd hermes-personal-agent-installer
sudo env OP_SERVICE_ACCOUNT_TOKEN='ops_YOUR_TOKEN' OP_VAULT='YourVault' bash install.sh --steps all

Want to look before you leap? Add --dry-run โ€” it previews every change and touches nothing. Every step is verified on a fresh Ubuntu runner in CI.

View the code on GitHub โ†’ Setup checklist โ–ธ Watch the builds
๐Ÿ›ก๏ธ

Hardened by default

Runs as a de-privileged user โ€” never root โ€” behind UFW + fail2ban, Tailscale-ready, as a systemd service that survives reboot.

๐Ÿ’ฌ

Lives in Slack

Replies to everything in its own channel, no @mention needed. Thinks with Codex and falls back to OpenRouter.

๐Ÿง 

Remembers & backs up

Persistent memory across sessions, plus a daily config backup to a private GitHub repo โ€” secrets scrubbed.

What you'll need

You bring the accounts; the installer wires them together.

A VPS you own โ€” fresh Ubuntu, root/sudo. The agent's always-on home.
1Password (paid) โ€” a read-only service account; every secret lives here.
ChatGPT / Codex โ€” the primary brain (a ~30-sec device-code login).
OpenAI API key โ€” memory + voice (required).
OpenRouter API key โ€” the model fallback.
Slack workspace โ€” where you talk to your agent.
GitHub โ€” a private repo + fine-scoped PAT for the daily backup.
Tailscale (optional) โ€” private access to the box.