The systemd services
Four services keep your workspace running. All three Han AI processes run as the unprivileged user hanai. Source code lives at /opt/hanai/shell/.
The services
| systemd unit | What it does | Port |
|---|---|---|
hanai.service | Runtime — Telegram bot, onboarding engine, live COO, recurring jobs (dreaming loop, tenant brief, owner cron). | Outbound only. |
hanai-dashboard.service | Web dashboard. Listens on 127.0.0.1:8080, fronted by Caddy. | 8080 (loopback). |
caddy.service | Reverse proxy and Let’s Encrypt TLS for <your-id>.hanai.systems. | 80, 443. |
docker → chroma container | Vector memory store for semantic document recall. | 8000 (loopback). |
Lifecycle
All services are managed by systemd. They start on boot, restart on crash, and write logs to the journal.
- Status:
systemctl status hanai.service - Logs:
journalctl -u hanai.service -f - Restart:
systemctl restart hanai.service
Your operator handles these commands during support windows. There is nothing you need to run manually.
Code location
| Path | Contents |
|---|---|
/opt/hanai/shell/ | Runtime source tree, rsynced on every fleet deploy. |
/opt/hanai/shell/dashboard/tenant-vps/ | Dashboard source. |
/etc/hanai/runtime.env | Runtime environment file, rendered from the age vault at boot. |
/etc/hanai/dashboard.env | Dashboard environment file, same source. |
Updates
Updates are pushed by your operator from a registry on their laptop using a fleet deploy script. The deploy rsyncs the source tree, installs dependencies if needed, and restarts the services. No downtime on a normal release.
Next
- Where your data lives — every state path on disk.
- Secrets & vault — how credentials are loaded into these services.
- Domain & TLS — how Caddy issues your certificate.