Unvara turns raw Ubuntu servers into a private infrastructure cluster you control from one web interface.
Alpha software. Functional and running on a live cluster, but not production-ready. See Current limitations.
Unvara is a self-hosted infrastructure platform for managing a cluster of VPS or bare-metal Ubuntu servers as a private infrastructure cluster. No vendor lock-in, no hosted control plane, no phone-home dependency — every cluster is independent and fully operator-owned.
The workflow is simple: provision a server, hand it to Unvara via the web UI, and it gets absorbed into your cluster automatically. WireGuard mesh, SSH hardening, agent install — all handled in a few minutes. From there you manage nodes, deploy containers, run Ansible playbooks, and store encrypted secrets from a single interface.
Unvara is designed for operators who want real control over their own infrastructure without the complexity of a full cloud platform.
- Server onboarding — connects over SSH, hardens the node, installs the agent, and joins the WireGuard mesh automatically
- WireGuard full mesh — all nodes connected, all inter-node traffic encrypted
- Web dashboard — node health, metrics, and cluster status in one place
- Docker containers — deploy, start, stop, restart, remove; auto-placement or pinned to a node
- Ansible runbooks — execute playbooks on cluster nodes with encrypted secret injection
- Workload secrets — AES-256-GCM encrypted at rest and injected at job time
- HTTPS — nginx reverse proxy + Let's Encrypt, one-click from the UI
- Two-factor authentication — TOTP per account, backup codes, QR code setup
- SSH key management — add, revoke, and sync keys across all nodes
- Audit log — significant actions are logged and replicated across the cluster
- Multi-user access — admin and viewer roles, session management
- API keys — early API-key support for automation
Only the compute role is fully implemented. database, backup, and vault are reserved for upcoming work. Automatic leader failover is not implemented — operator action required if the main node goes down.
See docs/LIMITATIONS.md for the full list.
Requirements:
- Ubuntu 22.04 or 24.04 LTS — fresh install recommended
- Root SSH access
- Public IPv4 address
- Ports open:
22/tcp,7700/tcp,51820/udp
Install:
bash <(curl -fsSL https://raw.githubusercontent.com/BravePT/unvara/main/bootstrap/install.sh)This installs the latest development version from
main. Unvara is alpha software; review the script before running it on a server.
Then open http://<your-server-ip>:7700 and complete the setup wizard.
For detailed installation steps, adding more nodes, enabling HTTPS, and troubleshooting, see docs/INSTALL.md.
| Document | Contents |
|---|---|
| docs/INSTALL.md | Installation, onboarding nodes, HTTPS, updates, troubleshooting |
| docs/ARCHITECTURE.md | How Unvara works — agent model, WireGuard mesh, security layers |
| docs/LIMITATIONS.md | What is and is not implemented in this release |
| docs/ROADMAP.md | What is coming next |
| docs/TROUBLESHOOTING.md | Operational checks and recovery steps |
| docs/DESIGN_PRINCIPLES.md | The decisions behind how Unvara is built |
| SECURITY.md | Security model, reporting vulnerabilities |
unvara/
├── bootstrap/ install.sh, update.sh, reset.sh
├── basehub/ agent service — FastAPI, routes, templates
├── ansible/ node onboarding playbooks
├── scripts/ helper scripts
├── docs/ documentation
├── requirements.txt
└── VERSION
 |
 |
 |
 |
 |
 |
For alpha testing and discussion, join the Discord: discord.gg/PFHXCzA3Pn
Unvara is in early alpha and under active development. Issues and questions are welcome.
For code contributions, please open an issue first — the architecture and scope are still being defined and large PRs without prior discussion may not be accepted.
Unvara is free software. Modified versions offered over a network must make their corresponding source code available under the same license.