Sistemo: run real Linux VMs on your own hardware with one command

One binary, zero dependencies. Deploy Firecracker microVMs on Linux with a single curl command.

Sistemo is a free, open-source tool that lets you spin up Firecracker microVMs on any Linux machine. One binary, no dependencies, no cloud account needed.

curl -sSL https://get.sistemo.io | sh
sudo sistemo up
sistemo vm deploy debian
sistemo vm ssh debian

You get a full Debian VM with its own kernel, systemd, package manager, and network stack. It boots in seconds and uses a fraction of the resources a traditional VM would.

The problem it solves

If you have a spare server, a homelab box, a Hetzner dedicated machine, a Raspberry Pi 5 or like me running linux on your laptop — and you want to run isolated Linux environments on it — your options today are:

  • Docker — fast, but containers share the host kernel. No systemd, no real isolation.
  • Proxmox / libvirt — real VMs, but heavy. You're installing a whole platform.
  • Cloud VMs — real isolation, but you're paying by the hour for hardware you already own.

Sistemo fills the gap. Real VMs with real isolation, but as simple to use as Docker. It runs on hardware you already have.

What you can do with it

Deploy VMs from the registry or any Docker image

sistemo vm deploy debian
sistemo vm deploy ubuntu --name dev --vcpus 4 --memory 2G

# Turn any Docker image into a bootable VM
sudo sistemo image build node:20
sistemo vm deploy node --name api-server

SSH in and work normally

sistemo vm ssh dev
# You're root in a real Linux VM
apt update && apt install -y nginx
systemctl start nginx

Expose services to your network

sistemo vm expose dev --port 80
sistemo vm expose dev --port 8443:443
# Your VM's nginx is now reachable at http://your-machine:80

Create isolated networks

VMs on different networks cannot communicate with each other. Useful for separating environments.

sistemo network create production
sistemo network create staging

sistemo vm deploy debian --name app --network production --expose 3000
sistemo vm deploy debian --name db --network production
sistemo vm deploy debian --name test-app --network staging
# production and staging are fully isolated

Persistent storage

sistemo volume create 5120 --name pgdata
sistemo vm deploy debian --name db --attach=pgdata

Lifecycle and diagnostics

sistemo vm list
sistemo vm stop dev
sistemo vm start dev
sistemo vm restart dev
sistemo vm delete dev
sistemo doctor          # checks KVM, Firecracker, bridge, disk, SSH keys
sistemo history         # audit log of every operation

How it works

Sistemo is a single Go binary (~15 MB) that runs as a daemon. Under the hood, Firecracker (the hypervisor AWS uses for Lambda) creates microVMs with hardware-level isolation via KVM. Each VM runs in its own network namespace with a unique IP. Everything is tracked in SQLite and survives daemon restarts.

There's also a browser-based terminal at http://localhost:7777 if you don't want to use SSH.

PlatformRequirements
LinuxKernel 5.10+ with KVM. Intel VT-x, AMD-V, or ARM64. Bare metal, VPS, Pi 5.

Use cases

  • Development environments — one VM per project, fully isolated, delete when done
  • Homelab services — Pi-hole, monitoring, CI runners, each in its own VM
  • Testing deployments — match your production OS locally before shipping
  • Education — test and break stuff wihtout the worry
  • Sandboxing — run untrusted code in a real VM with hardware isolation

Get started

curl -sSL https://get.sistemo.io | sh
GitHubDocumentation