Self-hosted PaaS on microVMs. Push code, get production.
Kindling is an open-source, self-hosted platform-as-a-service that aims for Railway-like developer experience with Coolify-style ownership of your own infrastructure. On Linux hosts with KVM, deployments run in Cloud Hypervisor microVMs. On Linux hosts without KVM, Kindling falls back to crun OCI containers. On macOS development machines, it uses Apple Virtualization to run the same deploy pipeline locally.
- Git push and webhook-driven deploy flow for production and preview environments
- Declarative reconcilers triggered by PostgreSQL WAL changes instead of imperative pipelines
- Automatic TLS with CertMagic and on-demand Let's Encrypt certificates
- Framework detection for common app types when you do not provide a Dockerfile
- Single Go binary with PostgreSQL handling state, coordination, and leader election
- Best-available runtime detection across Cloud Hypervisor, Apple Virtualization, and
crun
Kindling is pre-1.0, but the core deploy pipeline is working: source to build to runtime to live URL. Custom domains, encrypted project secrets, scaling primitives, and the dashboard/API are implemented. Multi-server networking and deeper operational hardening are still in progress.
Kindling runs as a control plane backed by PostgreSQL.
- The API, dashboard backend, and CLI all talk to the same control plane.
- PostgreSQL stores state and also coordinates leader election with advisory locks.
- A WAL listener watches for row changes and schedules reconcilers in near real time.
- Reconcilers converge deployments, builds, instances, domains, and servers toward desired state.
- The edge proxy handles hostname routing and CertMagic-managed TLS.
- Worker/server nodes run workloads locally and participate in cluster reconciliation.
- Runtime selection is automatic per host: Cloud Hypervisor on Linux with KVM, Apple Virtualization on macOS development machines, and
crunelsewhere.
For the shortest supported path on a real server:
make install-deps
make db
make build
bin/kindling serveNotes:
- For a fuller host setup on Linux, you can run
sudo ./contrib/install-host-deps.sh --all. - Kindling looks for the Postgres DSN in
/etc/kindling/postgres.dsnfirst, then~/.kindling/postgres.dsn, and otherwise falls back topostgres://kindling:kindling@127.0.0.1:5432/kindling?sslmode=disable. - On first boot,
bin/kindling serve --public-url https://your-hostnamecan seed the public API URL, andbin/kindling serve --advertise-host 203.0.113.10can seed the host/IP used for browser-openable runtime URLs.
See the Obsidian vault at ~/Desktop/vault/Kindling/ for all documentation. Key starting points:
- [[Kindling/notes/Getting Started]] — new host setup and operations
- [[Kindling/notes/Development]] — contributor workflow
- [[Kindling/notes/Architecture]] — control-plane model, reconcilers, runtimes
- [[Kindling/Spec]] — product spec and roadmap
The docs/ directory in this repo contains only thin pointers to the vault.
Remote VM runtime selection and capability reporting (worker metadata, /api/vms summaries, CLI) is documented in docs/remote-vm-runtime-capabilities.md.
The kindling CLI currently exposes these main command groups:
serveto start the Kindling serverprojectto create, list, inspect, and delete projects through the APIdeployto create, inspect, or cancel deploymentsdomainto manage custom domainslogsto fetch build logs for a deploymentauth,context,status, andlinkfor remote API access and local CLI statecifor repository workflow executionadminfor break-glass and host-local operations
Run go run ./cmd/kindling --help or bin/kindling --help for the current command surface.
See [[Kindling/notes/Development]] for the full contributor guide. The short version:
make buildbuilds the main binarymake devbuilds and starts the local server pathmake dashboard-buildbuilds the embedded dashboard assetsmake dev-upandmake dev-downmanage the remote development loop- Kernel and initramfs helpers exist for VM-backed local development, especially on macOS
If you want to dogfood the local VM product while keeping kindling serve on macOS, use the persistent box VM as the home for your dev PostgreSQL instance.
kindling-mac
kindling local box start
contrib/dev-postgres-vm.sh init
kindling local box port-forward --guest-port 5432 --host-port 5432
# In another terminal
DATABASE_URL=postgres://kindling:kindling@127.0.0.1:5432/kindling?sslmode=disable \
bin/kindling serveNotes:
- This path uses native PostgreSQL inside the box VM, not Docker/Podman.
make db-vmis a shorthand forcontrib/dev-postgres-vm.sh start.- Containerized Postgres inside the box is intentionally out of scope for this dev workflow.
All canonical documentation lives in the Obsidian vault at ~/Desktop/vault/Kindling/:
- [[Kindling/notes/Getting Started]] — new host setup
- [[Kindling/notes/Development]] — contributor workflow
- [[Kindling/notes/Architecture]] — control-plane model and runtimes
- [[Kindling/Spec]] — product spec and roadmap
- [[Kindling/notes/Operations]] — production deployment and day-two operations
The docs/ directory in this repo contains thin pointers only.
cmd/
guest-agent/ Guest init process used inside Kindling-managed VMs
kindling/ Main binary (server + control plane + CLI)
internal/
auth/ Dashboard/API authentication and session handling
builder/ Build orchestration and framework detection
database/ PostgreSQL access, schema, and sqlc queries
deploy/ Deployment convergence and scaling logic
edgeproxy/ HTTP/TLS edge proxy and routing
listener/ PostgreSQL WAL listener
preview/ Preview environment lifecycle
reconciler/ Generic reconciler scheduler
rpc/ API handlers used by the dashboard and control plane
runtime/ Runtime abstraction and host-specific behavior
usage/ Usage metering and rollups
vmm/ VM management helpers
web/
dashboard/ React + Vite dashboard SPA
landing/ Static marketing site
docs/ Focused project documentation
contrib/ Install scripts, remote provisioning, and ops helpers
scripts/ Build and environment scripts
Further docs cleanup, including secondary README files, is still ahead. This first pass keeps the root README as the main public entrypoint and links deeper material out to focused docs.