The Linux guide gives you the clean, opinionated path. This page is the honest second pass: why each choice was made, what else you could have done, what we deliberately left out, the trending tools worth a look, how to get ready for Mythos, and how to lock the whole thing down.
Written May 2026. The AI-tooling world moves weekly — this is a snapshot of the landscape and the reasoning, not gospel.
Each guide step made one choice for clarity. Here's the reasoning and the roads not taken.
We chose: SSH in as root@droplet, apt for system packages, and Node LTS via the official NodeSource repo.
Why: apt is built into Ubuntu/Debian — no extra installer to trust. NodeSource gives a current Node because three of the agents are npm packages and distro Node is often years stale.
Alternatives worth knowingsudo. We skipped this to avoid an extra layer, but it matters the moment two projects need different Node versions.nodejs package is simpler but usually too old for the agents — a real tradeoff, not a no-brainer.sudo dnf install, on Arch sudo pacman -S. Same idea, different package manager; the guide assumes apt.curl … | bash installers vs. native packages — several tools here (Node setup, Tailscale, Ollama, the Claude native installer) are one-line pipe-to-shell scripts. Convenient, but you're executing remote code as you fetch it; where a signed apt/dnf package exists, it's the more auditable path.We chose: npm global installs of each, with the headless URL-login flow.
Why: one consistent install method across every OS, easy to teach — and the print-a-link login is exactly what a desktop-less server needs.
Alternatives & notes (May 2026)/goal workflows, and auto mode — worth turning on once you're comfortable. The native binary installer (curl -fsSL https://claude.ai/install.sh | bash) avoids needing Node at all.We chose: the native one-line installer (or pip install hermes-agent).
Why: on Linux, Hermes installs natively — the installer sets up everything it needs (Python, Node, ripgrep, ffmpeg), so there's no compatibility shim to worry about.
NotesWe chose: Tailscale, signed-in with one account across devices, plus tailscale up --ssh on the server.
Why: --ssh is the quiet hero here — it lets you reach the box from any device and means you can close public SSH entirely. That's the single biggest security win in the whole guide.
We chose: Ollama + llama3.2 as a safe first model, with a systemd override to expose it across the tailnet.
qwen3-family (Qwen 3.6 is a standout for coding, with MCP-native tool use and huge context), deepseek-r1 for reasoning, gemma3 for small/fast. llama3.2 is a gentle starting point, not the ceiling.ollama.service to listen on 0.0.0.0 is how you share it across the tailnet, but it also exposes a server with no password (see Security). And most cheap droplets have no GPU, so keep models small there; for real speed, GPU drivers (NVIDIA/CUDA) on a home box or GPU cloud do the heavy lifting.root@droplet. For clarity the guide SSHes in and installs everything as root. That's a real security smell — every agent, every curl … | bash, and every model server then runs with full system privileges. The better practice on any server is a non-root user with sudo: create one, install and run the agents as that user, and only elevate with sudo when you actually need to. This is the most important critique on the page — see Part 2 and Part 5.On a headless Linux box, running a graphical editor on the server is usually the wrong call — it adds a desktop you don't need, eats RAM, and slows the box you're paying for. The right pattern is different: run VS Code on your laptop and reach the server via Remote-SSH, so the editor lives on your desk and the agent lives on the box. Or, if you specifically want a browser-based editor on the server, code-server is the right tool. Here is the honest, fully-detailed editor path for a Linux setup.
The two real paths on Linuxcurl -fsSL https://code-server.dev/install.sh | sh, then run it bound to 127.0.0.1 and reach it over Tailscale. Useful for a shared dev server, a Chromebook workflow, or when your "laptop" is an iPad.curl -fsSL https://packages.microsoft.com/keys/microsoft.asc | sudo gpg --dearmor -o /usr/share/keyrings/microsoft.gpgecho "deb [arch=amd64 signed-by=/usr/share/keyrings/microsoft.gpg] https://packages.microsoft.com/repos/code stable main" | sudo tee /etc/apt/sources.list.d/vscode.listsudo apt update && sudo apt install codesudo snap install code --classicsudo dnf install code after adding the Microsoft repo at /etc/yum.repos.d/vscode.repo.yay -S visual-studio-code-bin (AUR) or use the open-source build code-oss from the official repos.127.0.0.1 and reach it via Tailscale. Never publish port 8080 (or any code-server port) to the public internet..env, .git, node_modules, .secrets/, and any private folders to files.exclude in .vscode/settings.json so extensions don't index them. Same hygiene as the CLI permissions in Part 5./goal workflows, auto mode) land in the CLI first and reach the extension weeks later. On a server especially, the CLI is the cutting edge.telemetry.telemetryLevel are the answer if that matters.The guide is deliberately a clean six-step spine. That clarity has a cost: real omissions — and on a public server, some of them are security gaps, not just nice-to-haves. Here they are, honestly, with the reason each was cut.
| Left out | What it is | Why it was cut |
|---|---|---|
| Hermes Agent | Nous Research's self-improving, model-agnostic coding agent | Genuinely an oversight in v1 — it's newer and niche. Now added as the bonus 4th agent. A good reminder that "the big three" isn't the whole field. |
| A non-root user | A regular account with sudo instead of working as root | A real omission, and the important one on a server. The guide runs as root for clarity; you should create a sudo user and run the agents as that user. See Part 5. |
| A firewall (ufw) | Uncomplicated Firewall — controls which ports the box accepts | Cut to keep the guide short, but a public droplet should run one: sudo ufw allow OpenSSH && sudo ufw enable, then close everything else (with Tailscale you can close public SSH too). |
| fail2ban | Bans IPs that hammer your SSH with failed logins | Deferred. On a public IP you'll see brute-force attempts within minutes; sudo apt install fail2ban stops the noise. |
| unattended-upgrades | Automatic install of security patches | Skipped for simplicity. On a server you won't babysit, auto-patching is exactly what you want: sudo apt install unattended-upgrades. |
| Git | Version control — how you save and undo real work | Installed in Step 1's basics but never taught. The moment you do serious coding you need to actually use it (git init, commit, push). |
| Python + uv | The runtime many AI tools (most MCP servers) need | Skipped to keep Node as the headline runtime. sudo apt install python3 python3-pip and uv fill the gap (Hermes' installer pulls Python in for you). |
| MCP servers | The standard plugs that connect agents to your files, GitHub, browser, data | The biggest conceptual omission. MCP is where the real power is going (see the tool map). The guide installs the agents; MCP is the next layer. |
| Docker | Containers — isolate apps and agents from the host | Cut to avoid a heavy concept early. But it's the clean way to sandbox an agent so it can't touch the whole server: curl -fsSL https://get.docker.com | sh. |
| OpenCode | The leading open-source CLI agent (150K+ GitHub stars, LSP, multi-session) | Cut to keep the core to vendor-backed tools with simple logins. Arguably the most defensible addition — see Trending below. |
Scanning the developer conversation on X and GitHub in May 2026, here's what's hot that the guide doesn't yet mention. All run native on Linux.
The open-source CLI agent everyone's talking about — 150K+ stars, ~6.5M monthly devs. LSP integration, multiple parallel sessions, shareable session links. The strongest "free, bring-your-own-model" alternative to Claude Code.
A terminal that's also an agent cockpit — runs Claude Code, Codex, and others in one windowed UI with panes. Nice if the bare terminal feels stark.
Goose (from Block) and OpenHands are open-source autonomous agents that take a goal and run a long multi-step job. The frontier of "set it and walk away."
93K+ stars. A "spec-driven development" workflow that teaches any agent (Claude Code, Copilot, Gemini, etc.) to plan before it codes. Tessl and Kiro play in the same space.
The plug-ins that matter: chrome-devtools-mcp (let an agent drive Chrome), filesystem, GitHub, database connectors. This is the fastest-moving, highest-leverage area right now.
An agentic open model with a 1M-token context and MCP-native tool use — a serious local option for Ollama if your hardware can handle it.
Mythos is Anthropic's first model specialized for one domain: defensive cybersecurity. Announced April 7 2026 as the engine of Project Glasswing, it has already found a 27-year-old vulnerability in OpenBSD and bugs in FFmpeg. It is invitation-only ($25 / $125 per million tokens), shipped to 12 founding orgs and 40+ critical-infrastructure partners — not a download. Full briefing →
So "getting ready" isn't an install — it's preparing your environment so that when domain-specialized models (Mythos and the wave behind it) open up, you can point them at something useful:
This is the most security-critical guide in the set: a public server, reachable from the internet, running tools that can read files, execute commands, and serve a model — installed as root. That's a lot of power facing a lot of attackers. Here's how to keep it from biting you — Linux/server specifics first, then the universal rules.
ANTHROPIC_BASE_URL setting and exfiltrate your API key in plaintext. Anthropic patched it before disclosure — the lesson stands: keep Claude Code updated, install only from official sources, and be suspicious of any config that reroutes where a tool "phones home."adduser you, usermod -aG sudo you, then SSH in as you@server. Install and run the agents as that user; elevate with sudo only when a step truly needs it.ssh-copy-id you@server), then in /etc/ssh/sshd_config set PasswordAuthentication no and PermitRootLogin no, and reload sshd. No password = no brute-force.tailscale up --ssh from the guide, you can reach the box over your tailnet from any device — then block port 22 publicly and only accept SSH over Tailscale.sudo ufw allow OpenSSH (or skip even that if you're Tailscale-only), then sudo ufw enable. With Tailscale you can close public ports and let tailnet traffic through.sudo apt install fail2ban — bans IPs that hammer your login. Essential on any public IP.sudo apt install unattended-upgrades so security patches land automatically on a box you won't log into every day.OLLAMA_HOST=0.0.0.0:11434 exposes your model server to the network with no authentication at all. Only do this behind Tailscale — never on the public IP. If ufw is open to 11434 publicly, anyone can use (and rack up load on) your server..env files, SSH keys, .secrets, and certificates — and to not read its own config (which could be used to manipulate it).npm install -g and curl … | bash run other people's code. Only use the exact official sources in the guide; don't paste install one-liners from random blog posts or X replies.sudo apt update && sudo apt upgrade, npm update -g); most agent fixes ship fast.