Run AI coding agents on your own cloud VM
You don't need a Mac mini in the closet to self-host. A small VM in your own cloud account does the same job, and it's a genuinely different thing from renting a managed agent sandbox. The code stays in your perimeter, you decide what it can reach, and you pay for a VM instead of watching a per-second meter.
Your own cloud, not someone's managed cloud
Managed sandbox services run your agents on their infrastructure and bill you by the second. That's a fine trade for some workloads. But if the reason you're self-hosting is control, a sandbox you don't own only gets you part of the way. A VM in your account gets you the rest:
- Your code stays inside your boundary. The agents' model calls go out, but your source and credentials live on a machine you control, not a vendor's.
- You set egress. It's your VPC and your security groups. What the box can reach is your call.
- No usage meter. A small always-on VM is a fixed, predictable cost, and a few agents don't need much.
This is the same argument the comparison pages make in detail: see E2B vs Dejima and Daytona vs Dejima.
Pick a VM
Any Linux VM on any provider works: AWS EC2, GCP, Hetzner, DigitalOcean, Fly, your own OpenStack. Two things matter.
- Size. Two vCPUs and 4 GB of RAM run a handful of agents comfortably. Go to 4 vCPU / 8 GB if you plan to run many at once. Give it 20 GB of disk or more, since each island has its own Docker volume.
- OS. Ubuntu 22.04+ or Debian 12+ keeps the install boring, which is what you want.
Hetzner and DigitalOcean are the cheap, no-friction picks. AWS or GCP make sense if your code already lives there and you want the agents next to it.
Install and run
Once the VM is up, it's an ordinary Linux server, so the setup is the same one command. SSH in and run it.
curl -fsSL https://dejima.tech/install.sh | bash
loginctl enable-linger $USER # keep the daemon up between logins
dejima init --repo git@github.com:you/your-project.git
The full walkthrough, including the systemd detail and day-to-day commands, is in the Linux server guide. Everything there applies here.
Reach it without opening a port
Don't expose the daemon to the public internet. Put the VM on your Tailscale tailnet and reach it privately from your laptop.
DEJIMA_HOST=your-vm.your-tailnet.ts.net:7273 dejima connect your-project
The VM keeps your agents running around the clock. You attach and detach from anywhere on your tailnet, and the sessions don't care which device you're on.
Cleaning up. When a project's done, dejima purge your-project removes the island and its volume. When you're done with the whole box, destroy the VM in your provider's console. Nothing of yours was anywhere else.
Common questions
Why self-host agents on my own cloud VM instead of a managed sandbox?
A VM in your own account keeps your code inside your boundary, lets you set egress with your own security groups, and costs a fixed monthly amount instead of a per-second meter. Managed sandboxes run your agents on a vendor's infrastructure; a VM you own does not.
How big a cloud VM do I need?
Two vCPUs and 4 GB of RAM run a handful of agents comfortably. Step up to 4 vCPU and 8 GB for many at once. Give it at least 20 GB of disk, since each island keeps its own Docker volume. Ubuntu 22.04+ or Debian 12+ keeps the install simple.
Which cloud providers work with Dejima?
Any of them. AWS, GCP, Hetzner, DigitalOcean, Fly, or your own OpenStack all work, because the VM is just a Linux box. Hetzner and DigitalOcean are the cheap, low-friction picks; AWS or GCP make sense if your code already lives there.
Have an AI walk you through it
Paste this into your own AI and it'll guide you through the steps, adapted to your setup.
Other ways to run: Mac mini · a Linux server · your own machine · all guides
