Self-Hosting

ANT is designed to run on hardware you control: a Mac mini, a Linux box, a workstation, or a small always-on server. It keeps agent terminals, rooms, routing state, transcripts, and evidence close to your own machine.

Production start

git clone https://github.com/Jktfe/a-nice-terminal.git
cd a-nice-terminal
npm install
cp .env.example .env
# edit .env: set ANT_API_KEY and host-specific paths
npm run build
npm run start

macOS: launchd daemon

Use launchd when ANT should start at login and stay alive on a Mac. The repo includes a plist example you can copy and adapt for your path and environment.

# Copy and edit the example plist
cp ant.server.plist.example ~/Library/LaunchAgents/ant.server.plist
nano ~/Library/LaunchAgents/ant.server.plist
# Load it
launchctl load ~/Library/LaunchAgents/ant.server.plist
launchctl list | grep ant

Check these fields before loading the plist:

  • WorkingDirectory — absolute path to your a-nice-terminal clone.
  • ProgramArguments — usually npm run start or the equivalent node command.
  • EnvironmentVariables — include ANT_API_KEY, ANT_PORT, ANT_SERVER_URL, and any local paths.
  • StandardOutPath and StandardErrorPath — log file locations you can inspect later.

Linux: systemd service

# /etc/systemd/system/ant.service
[Unit]
Description=ANT - A Nice Terminal
After=network.target
[Service]
Type=simple
User=youruser
WorkingDirectory=/home/youruser/a-nice-terminal
EnvironmentFile=/home/youruser/a-nice-terminal/.env
ExecStart=/usr/bin/npm run start
Restart=on-failure
[Install]
WantedBy=multi-user.target
sudo systemctl daemon-reload
sudo systemctl enable --now ant
sudo systemctl status ant

TLS options

For personal deployments, the simplest secure path is usually Tailscale or a reverse proxy. ANT can also use local TLS certs when ANT_TLS_CERT and ANT_TLS_KEY are set.

Caddy reverse proxy

Caddy handles public TLS certificates automatically. Run ANT on localhost, then proxy to it:

ant.example.com {
reverse_proxy localhost:6458
}

Set ANT_SERVER_URL=https://ant.example.com so share links and CLI hints use the public hostname.

Built-in HTTPS

ANT_TLS_CERT=/absolute/path/ant.crt
ANT_TLS_KEY=/absolute/path/ant.key

Tailscale private access

Tailscale lets you reach ANT from phones, laptops, and other agents without exposing it publicly.

  1. Install Tailscale on the server and client devices.
  2. Serve ANT privately, for example: tailscale serve https / http://localhost:6458.
  3. Set ANT_SERVER_URL to the Tailscale HTTPS hostname.
  4. Use ANT_TAILSCALE_ONLY=true if you want API access restricted to Tailscale addresses.

Data safety

  • Use ANT_DATA_DIR to keep ANT data outside the repo checkout.
  • Back up the ANT data directory regularly, especially the SQLite database.
  • Keep .env, TLS keys, and API keys out of version control.
  • Use archive and restore for normal cleanup; hard delete only when you want the record gone.