brace·modular infrastructure orchestration for self‑hosters
An open-source coordinator and agent mesh that manages your servers, VPN peers, DNS, certificates, and firewall rules — with modules for what you need, nothing you don't.
free core
open source. self-hostable. no telemetry, no lock-in.
-
01
node inventory
Track every host with tags and groups. The single source of truth for everything else the coordinator does.
-
02
wireguard mesh
Peer-to-peer encrypted networking via
wgmesh. Nodes discover and reach each other without a central VPN server. -
03
role-based access
RBAC with network segmentation built in. Limit which operators can touch which slice of the inventory.
-
04
basic health monitoring
Liveness, reachability, and agent heartbeat — visible in the dashboard, exposed via the API.
optional modules
opt in to the pieces you actually need. planned, not yet shipping.
- M1 DNS management authoritative + provider sync planned
- M2 certificate management Let's Encrypt / ACME, auto-renewal planned
- M3 firewall management declarative nftables rule sync planned
- M4 batch operations apply commands across tagged hosts planned
- M5 Proxmox integration VM/CT lifecycle from the coordinator planned
- M6 advanced access control SSO/OIDC, audit logs, custom roles planned
who it's for
-
self-hosters
Tired of tracking WireGuard peers, DNS records, and TLS certs by hand across a dozen boxes.
-
homelab builders
A single source of truth for every service you've racked up — without the wiki drift.
-
small DevOps teams
Platform engineering without having to adopt an entire platform.
-
freelance sysadmins
One dashboard across every client's network — not a browser tab per client.
brace is built for the people who already run their own metal — and who want a control plane that doesn't try to sell them an entire platform they didn't ask for.
stay in the loop
low-volume — release notes and post-mortems only.