Bare Metal / VM Deployment
What you'll accomplish: Install Hoziron on a bare metal server or VM with a dedicated system user, systemd service, and native TLS.
Overview
For direct installs without containers, Hoziron runs as a systemd service under a dedicated non-root user. TLS is handled natively (no reverse proxy required, though you can add one).
1. Install the binary
sudo cp hoziron /usr/local/bin/
2. Create a system user
sudo useradd --system --home /opt/hoziron --shell /usr/sbin/nologin hoziron
3. Create the data directory
sudo mkdir -p /opt/hoziron
sudo chown hoziron:hoziron /opt/hoziron
4. Initialize
sudo -u hoziron HOZIRON_HOME=/opt/hoziron hoziron init --quick
5. Enable TLS
For bare metal deployments, enable native TLS:
cat >> /opt/hoziron/config.toml << 'EOF'
[server]
listen = "0.0.0.0:4200"
[server.tls]
enabled = true
cert_path = "/opt/hoziron/tls/cert.pem"
key_path = "/opt/hoziron/tls/key.pem"
EOF
Place your certificate and private key at the configured paths. Ensure they're readable by the hoziron user.
6. Create a systemd service
sudo tee /etc/systemd/system/hoziron.service << 'EOF'
[Unit]
Description=Hoziron AI Agent Platform
After=network.target
[Service]
Type=simple
User=hoziron
Group=hoziron
Environment=HOZIRON_HOME=/opt/hoziron
Environment=HOZIRON_LOG=info
ExecStart=/usr/local/bin/hoziron start
Restart=on-failure
RestartSec=5
LimitNOFILE=65535
[Install]
WantedBy=multi-user.target
EOF
sudo systemctl daemon-reload
sudo systemctl enable --now hoziron
7. Verify
sudo systemctl status hoziron
curl -k https://localhost:4200/health
Capacity planning
| Workload | CPU | Memory | Storage |
|---|---|---|---|
| Minimal (1–5 agents) | 2 cores | 2 GB | 1 GB |
| Standard (10–50 agents) | 4 cores | 4 GB | 10 GB |
| Production (50–200 agents) | 8 cores | 8 GB | 50 GB |
| Enterprise (200+ agents) | 16+ cores | 16+ GB | 100+ GB |
Graceful shutdown
The daemon handles SIGTERM:
- Stops accepting new requests
- Suspends running agents
- Flushes memory stores to disk
- Closes database connections
systemd sends SIGTERM on systemctl stop — the default 90s timeout is more than sufficient.
Next steps
Related: