SELF-HOSTED INFRASTRUCTURE PLATFORM

Infra in
2 minutes.
No tickets.
No bottleneck.

Open-source self-hosted platform for small engineering teams who need production-grade infrastructure without a dedicated platform team. Multi-cloud from day one. Auto-lifecycle built in. You own everything.

Get started → See how it works
provision · hetzner · fsn1
# Web UI → select template → create tofu apply hcloud_server.node: Creating... hcloud_server.node: Created ✓ bootstrap base hardening ✓ docker-ce installed ✓ node registered ✓ outputs captured public_ip: 65.21.x.x ssh_user: ubuntu ✓ environment ready — elapsed: 1m 58s
<3m
VM + Docker ready
6
Cloud providers
0
Tickets required
TTL
Auto-destroy built in
Real use case
Without this platform
😤
Dev needs staging DB
Opens a ticket. Waits 2 days. Pings DevOps in Slack. Gets a VM with port 5432 open to the world and no backups.
~2 days
Step 1
🖥
Opens the dashboard
Selects PostgreSQL template. Picks cloud provider. Sets expiry. No YAML. No CLI. No Terraform knowledge needed.
0:00
Step 2
⚙️
Platform runs
OpenTofu provisions VM. Bootstrap scripts harden, configure, and register the node. Outputs captured automatically.
~2 min
Result
Gets connection string
postgresql://...@host:5432/app — ready, hardened, monitored. Auto-destroys on expiry. No zombie environments.
not 2 days. 2 minutes.
How it works
01
🖥
Web UI
Select template, provider, lifetime. No CLI, no YAML, no git knowledge needed.
0:00
02
⚙️
Provision
OpenTofu creates VM, firewall, and SSH key on your chosen cloud provider.
0:30
03
🔧
Bootstrap
Scripts harden the VM, install Docker, configure services, register node with control plane.
1:30
04
📡
Inventory
Node checks in every 5 minutes. Control plane tracks health, last seen, provider, outputs. Self-cleans when environment is destroyed.
1:58
05
🎛
Runtime actions
Reboot, redeploy, run playbooks — from the dashboard. No SSH manual work needed.
on demand
06
💀
Auto-destroy
TTL expires. Control plane queues destroy. OpenTofu tears down. State cleaned from R2. No zombies.
on schedule
What you get
MULTI-CLOUD
Switch cloud, keep interface
Hetzner, Oracle, AWS, Azure, GCP, Yandex Cloud. Same form, same outputs, same security baseline. Switch provider with one click — zero code changes.
SELF-HOSTED
You own everything
Runs on your GitHub Actions and your Cloudflare account. No SaaS vendor. No monthly platform fee. No lock-in. State stored in your own R2 bucket.
AUTO-LIFECYCLE
Resources expire automatically
Every environment has a TTL — 1h to 7 days or manual. Auto-destroy on schedule. No zombie environments silently burning budget.
BOOTSTRAP
Configured from day one
Post-provision hooks run after every apply. Base hardening, Docker, monitoring agent — idempotent scripts, fully customisable per template.
INVENTORY
Live node tracking
Nodes check in after bootstrap and every 5 minutes. Control plane tracks health, IP, provider, last seen. Self-cleaning: node removes itself when environment is destroyed.
ACCESS CONTROL
RBAC + audit log
Admin, operator, viewer roles. API keys with expiry. Every mutation logged in the audit trail. Sensitive outputs (SSH keys, DB passwords) encrypted with AES-GCM in the database.
vs alternatives
Why not just Terraform + scripts?
No self-service
Raw Terraform requires CLI, state management, and provider knowledge. Someone always becomes the bottleneck.
No lifecycle
Terraform doesn't know when a resource should die. Staging environments from 6 months ago accumulate and burn budget.
No inventory
You provision the VM. Tracking what's running where, what's healthy, what's drifted — entirely your problem.
No runtime control
Need to reboot, redeploy, or run a playbook? Raw SSH, manual steps, no audit trail. Every time.
Capability platform-infra Backstage Atlantis Pulumi
Web UI, no CLI for devs built in PR-based SDK required
Auto resource expiry TTL + auto-destroy
Node inventory + health built in plugin needed
Post-provision bootstrap per template plugin needed scripts only
Runtime actions from UI built in
Fully self-hosted Pulumi Cloud
Setup time < 30 min days hours hours
RBAC + audit log built in
Encrypted secrets at rest AES-GCM plugin needed
Zero Trust access planned plugin needed
Pre-apply governance (OPA) planned plugin needed Crossguard add-on

Platform engineering
without a platform team.

Open source. Self-hosted. Production-ready in under an hour.

git clone https://github.com/casablanque-code/platform-infra

cp platform.config.example.yml platform.config.yml && bash setup.sh



View on GitHub →