Nodus

Self-hosted PostgreSQL operations

Run Nodus in your own infrastructure with verified trust and repeatable workflows.

Nodus connects over SSH, pins host identity, deploys encrypted backups to Cloudflare R2, detects drift, and guides restores with terminal-backed execution.

  • SSH host key verification
  • Encrypted backups
  • R2 storage
  • TLS automation

How Nodus Works

Onboard, protect, recover.

Nodus follows operator flow: verify trust, deploy backup policy, recover with guided sessions and live logs.

01

Onboard

Connect each VPS through a 6-step setup that verifies trust before first automation.

  • Capture SSH details and key material, then run host key verification with TOFU plus key-change detection.
  • Run dependency checks, test PostgreSQL connectivity, and select discovered databases for management.
02

Protect

Deploy backup automation with compatibility checks and operational controls per server.

  • Set schedule presets or custom cron, timezone, retention, and history limits.
  • Enable optional passphrase encryption, validate pg_dump compatibility, and deploy or redeploy scripts safely.
03

Recover

Run guided restore workflows with live logs and safe target selection.

  • Prepare restore, preview backup contents, and choose overwrite or new-database target flows.
  • Stream terminal output, reconnect to active sessions, and clean temporary files at completion.

Available Now

Core platform capabilities

Modules reflect shipping workflows: server trust, backup automation, restore control, TLS operations, monitoring, and account security.

Server Onboarding

Trust-first setup for production PostgreSQL hosts.

  • 6-step flow: server details, SSH key, host key verification, dependency checks, PostgreSQL test, DB selection.
  • Host fingerprints are stored and silent trust changes are blocked.
  • Connectivity and discovery run before any script deployment.

Backup Automation

Policy-driven backups to Cloudflare R2.

  • Per-server schedules with presets or cron, timezone, retention, and history limits.
  • Optional encryption via generated or custom passphrase, with pg_dump compatibility checks.
  • Deploy or redeploy backup scripts and cron to VPS, trigger manual runs, and inspect backup history with status, size, and duration.

Restore Workflows

Guided restore with terminal-backed execution.

  • Prepare, preview backup contents, then select target DB flow.
  • Overwrite existing DB or restore into new DB with explicit controls.
  • Reconnect into running restore sessions and cleanup temp files.

PostgreSQL TLS

Certificate issuance and deployment over DNS-01.

  • Issue certs with Cloudflare DNS and Let's Encrypt challenge flow.
  • Generate postgresql.conf, pg_hba.conf, and sudoers snippets.
  • Verify SSL config, deploy renewal scripts, and review renewal history.

Monitoring & Ops

Operational status across servers and backups.

  • Dashboard rollups for server connectivity, R2 state, and backup health.
  • Activity feed tracks backup lifecycle events and server health cards with next run visibility.
  • Missed or degraded runs are flagged, drift checks detect script changes, and DB health checks run from app.

Account & Settings

Security controls and storage lifecycle management.

  • Auth gate with sign in/up, profile controls, session management, and account deletion.
  • R2 credentials support validation, revalidation, and secure removal.
  • Credential updates can redeploy scripts across managed servers.

Live Ops Snapshot

At-a-glance status for backup and database operations.

This mock mirrors the app dashboard shape: connection state, backup outcomes, drift detection, and certificate window tracking.

ok

Servers Connected

12 / 12

SSH and PostgreSQL checks passing

ok

Backup Health

Healthy

0 failed jobs in last 24h

warn

Script Drift

1 server flagged

Redeploy recommended

alert

TLS Cert Expiry

34 days min

Renewal check scheduled

Security + Reliability

Built around trust boundaries and verifiable operations

Trust validation, deployment gates, and audit-ready evidence are built into each operational workflow.

Host trust is explicit

On first connect, host fingerprints are recorded. If keys change later, Nodus blocks silent continuation and surfaces the delta.

Secrets handling is encrypted

Backup encryption passphrases and storage credentials are validated before use and only applied after successful checks.

Preconditions run before deployment

Dependency checks and pg_dump compatibility validation happen before backup scripts or cron schedules are pushed.

Deployments are verifiable

Operators can redeploy scripts, inspect live terminal output, and confirm backup and restore behavior from execution logs.

Workflows are audit-friendly

Activity feeds, backup histories, renewal histories, and health rollups create a clear operational timeline per server.

Roadmap

Coming Soon

Planned modules expand governance and team workflows while keeping an operator-first core.

Planned

Privileged Admin Control Plane

Coming Soon: dedicated /admin workspace for platform-level controls.

  • Centralize elevated actions and system-level visibility in one scoped area.
Planned

Team & Org Collaboration

Coming Soon: multi-user workspaces and richer role boundaries.

  • Expand beyond single-account workflows with explicit role-based permissions.
Planned

Compliance Center

Planned: consent and policy audit timeline with reporting.

  • Track policy events and produce operational reports for governance reviews.
Planned

Advanced SSL Renewal Policies

Planned: policy presets, renewal toggle, and cron editor in UI.

  • Configure renewal behavior per server without shell edits.
Planned

Expanded Global Workspace Modules

Planned: broader global navigation and workspace surfaces.

  • Extend beyond the current minimal header shell with dedicated operational modules.