Automation is rapidly evolving, and AI agents are at the forefront of this change. Recently, I set up Hermes Agent—a powerful, provider-agnostic AI agent that can manage local resources, interact with external APIs, and execute complex workflows.
In this guide, I will walk you through installing Hermes Agent, configuring it to use Google Gemini and Telegram, securely exposing its web dashboard, and finally, executing a real-world use case: programmatically compiling a secure portfolio site from a PDF resume and deploying it containerized behind a Cloudflare Tunnel.
1. Installing Hermes Agent
The official shell installer is the fastest and most reliable way to set up Hermes Agent on Linux, macOS, or WSL. It automatically configures uv (the ultra-fast Python package manager), sets up the required Python runtime virtual environments, compiles the dependencies, and registers the global hermes executable launcher.
Run the official, non-interactive installation script:
curl -fsSL https://hermes-agent.nousresearch.com/install.sh | bashTo verify that the installation succeeded and all dependencies are working properly, run:
hermes doctor2. Configuring Gemini & Telegram
Hermes Agent is provider-agnostic. For this setup, we couple the reasoning power of Google Gemini (for advanced, cost-effective processing) with Telegram (for convenient mobile chat, execution, and remote deployment).
Step A: Configure API Keys and Secrets
All raw keys and secrets live isolated in your secure .env file. Open your configuration environment file:
nano ~/.hermes/.envAdd your credentials:
# Gemini API Key for LLM reasoning
GEMINI_API_KEY="your_gemini_api_key_here"
# Telegram Bot Token from @BotFather
TELEGRAM_BOT_TOKEN="123456:YOUR_TELEGRAM_BOT_TOKEN"Step B: Configure the Core Model Settings
Next, edit the canonical YAML configuration file to declare Gemini as the primary LLM provider.
nano ~/.hermes/config.yamlUpdate your configuration block:
model:
base_url: https://generativelanguage.googleapis.com/v1beta
default: gemini-3.5-flash
provider: geminiStep C: Run the Telegram Gateway
With the credentials set, you can spin up the gateway in the foreground to test connectivity:
hermes gateway runTo run the Telegram gateway permanently in the background as a user-level service that survives terminal sessions and system restarts:
# Install the gateway system service
hermes gateway install
# Start and enable the service
hermes gateway start3. Exposing the Web Dashboard Securely
Exposing the administrative dashboard to your wider local network (0.0.0.0) is highly convenient for multi-device management, but it requires mandatory credential protection to block unauthorized access. Hermes enforces a secure, scrypt-hashed Basic Authentication layer for this surface.
Step A: Precompute the Secure Password Hash
We use the system's underlying Python environment to generate a strong, non-reversible scrypt hash of your chosen password. Run this one-liner in your terminal (replace 'your_secure_password' with your real password):
/usr/local/lib/hermes-agent/venv/bin/python -c "import sys; sys.path.insert(0, '/usr/local/lib/hermes-agent'); from plugins.dashboard_auth.basic import hash_password; print(hash_password('your_secure_password'))"This will output a secure hash similar to:
scrypt$16384$8$1$NOM/deZ6UcDA1BDUaRbgjw==$6bLGQ/KPNOSUwzl+/gR8oTsAqFKXFe2aMs7aHxoH7FQ=
Step B: Apply Basic Auth Configuration
Open ~/.hermes/config.yaml in your editor:
nano ~/.hermes/config.yamlLocate or create the dashboard block and add your username and the precomputed hash from the step above:
dashboard:
theme: default
font: system-sans
basic_auth:
username: "admin"
password_hash: "your_generated_scrypt_hash_here"Step C: Create a Systemd Service File
To expose the dashboard on 0.0.0.0:9119 and ensure it runs continuously in the background, we wrap it in a systemd service.
Create a service definition file:
sudo nano /etc/systemd/system/hermes-dashboard.servicePaste the following configuration (replace root with your system username if different):
[Unit]
Description=Hermes Agent Web Dashboard
After=network.target
[Service]
Type=simple
User=root
WorkingDirectory=/root
Environment=HOME=/root
ExecStart=/usr/local/lib/hermes-agent/venv/bin/hermes dashboard --host 0.0.0.0 --port 9119 --no-open --skip-build
Restart=always
RestartSec=5
[Install]
WantedBy=multi-user.targetReload systemd, enable, and start your new dashboard service:
# Reload the daemon
sudo systemctl daemon-reload
# Enable the service to run on boot
sudo systemctl enable hermes-dashboard.service
# Start the service
sudo systemctl start hermes-dashboard.serviceVerify the dashboard status:
sudo systemctl status hermes-dashboard.serviceYou can now access your secure, authenticated dashboard from any device on your network by navigating to http://<machine-ip>:9119 and logging in with your credentials!
4. Building the Site via Telegram (The Magic)
The true power of Hermes comes from what it can build for you simply through conversation. Because Hermes accepts both text and voice commands, I opened Telegram, sent it a voice message telling it to build a portfolio site, and uploaded my PDF resume (Waqar_Azeem_Resume.pdf). I also provided a Cloudflare Tunnel key so it could securely expose the final site.
Here is exactly what the agent did on its own:
Phase 1: Parsing the PDF
Instead of me copying and pasting text, Hermes downloaded the PDF I sent over Telegram. It ran a sandboxed Python script (pypdf) to extract 14+ years of my systems architecture experience (including my time at i2c incorporated and UET Lahore). It neatly cataloged all 12 of my vendor certifications (AWS, Red Hat, Solaris, VMware, Cisco CCNA, etc.).
Phase 2: Generating the Astro Website
Next, it scaffolded a modern single-page website using Astro and Tailwind CSS.
- It created an elegant timeline for my work experience.
- It built an interactive, client-side JavaScript filter grid so visitors can search my certifications by title, vendor, or license ID.
- It automatically configured the necessary Vite hostname permissions for
hermesdemo.induslevel.com.
Phase 3: Containerized Deployment via Cloudflare
I gave the agent access to my remote host (192.168.0.34), and it migrated everything into Docker containers:
- It wrote a multi-stage Dockerfile to build the static Astro assets and serve them using an ultra-fast
nginx:alpinecontainer. - It deployed a
cloudflaredcontainer using the tunnel key I provided.
Because of the Cloudflare Tunnel, the Nginx container didn't need to expose any ports to the host or the public internet. The tunnel routes traffic directly to the internal Docker network, keeping the host completely secure.
Phase 4: Final Polish (Finding my Photo)
Once the site was up and running, I wanted to personalize it a bit more. I sent the agent another quick message on Telegram: "Find my profile picture from the internet and add it to the site, along with my LinkedIn details."
Without missing a beat, Hermes located my LinkedIn profile (linkedin.com/in/wazeem-sysadmin), grabbed my profile photo, integrated it into the site's layout alongside social call-to-action buttons, and adjusted the overall Tailwind color theme to a sleek slate/blue aesthetic.
The result is a completely hands-off, highly professional visual CV, built and deployed entirely through a chat interface. The future of automation is already here, and it responds to voice notes!
