A container deployment platform with private-first networking.
⚠️ Experimental: This is a very experimental project and is nowhere near production ready. Use at your own risk.
- Container Orchestration: Deploy containers via Podman with static IPs and automatic rollouts
- WireGuard Mesh: Full mesh private networking between all servers
- Two Node Types: Proxy nodes handle public traffic, worker nodes run containers
- Automatic HTTPS: Centralized ACME certificate management with Let's Encrypt
- Service Discovery: Built-in DNS server for
.internaldomain resolution - Geographic Distribution: Multi-proxy support capable of proximity-aware load balancing
| Component | Technology |
|---|---|
| Control Plane | Next.js (full-stack) |
| Database | PostgreSQL + Drizzle |
| Server Agent | Go |
| Container Runtime | Podman |
| Reverse Proxy | Traefik |
| Private Network | WireGuard |
flowchart LR subgraph Control Plane CP[Next.js + PostgreSQL] end subgraph Servers direction TB P[Proxy Node<br/>Traefik + Agent + Containers] W1[Worker Node<br/>Agent + Containers] W2[Worker Node<br/>Agent + Containers] P <-.WireGuard.-> W1 P <-.WireGuard.-> W2 W1 <-.WireGuard.-> W2 end Internet -->|HTTPS| P CP <-->|Poll| Servers Traffic Flow:
- Public: Internet → Proxy Node → Traefik (TLS) → WireGuard → Container
- Internal: Container → DNS (.internal) → WireGuard → Container
See docs/ARCHITECTURE.md for detailed documentation.
- Managed Databases: Deploy standalone databases (PostgreSQL, MySQL, Redis, etc.) with automated configuration
- Notifications: Alert channels for deployment events and system alerts
- Templates: Pre-configured templates for popular applications