Open Source Infrastructure Blueprint

Your private cloud.
Actually private.

Privalon is an open-source blueprint for deploying and operating a private digital ecosystem — with operational safety, predictable recovery, and a private-by-default access model built in from day one.

Get Started View on GitHub →
privalon — deploy
$ ./scripts/deploy.sh full --env prod
# Provisioning infrastructure...
✓ Gateway VM ready (public 80/443)
✓ Headscale control plane online
✓ Monitoring stack deployed (tailnet-only)
✓ TLS certificates issued
✓ Backup backends configured
✓ Deploy complete. All services healthy.

# Restore on a fresh machine:
$ ./scripts/restore.sh \
  --recovery-line 'bp1-a7f9c2e4b6d81053'
✓ Workspace restored from S3 backup.
// capabilities

Operational safety by default

Every feature exists to reduce the gap between “it started once” and “it runs reliably over time.”

[01] PRIVATE
Private by Default
Only what must be public is exposed. All services live on a private tailnet — no public IPs, no public SSH, no exposed management surfaces.
[02] OBSERVE
Built-in Observability
Prometheus, Grafana, Loki, and Alloy are part of the baseline — not optional extras. Metrics, logs, dashboards, and health signals from day one.
[03] RECOVER
Predictable Recovery
Encrypted dual-backend S3 backups run nightly. Restore paths are documented and designed to work under stress, not just on a good day.
[04] PERIMETER
Minimal Attack Surface
A single gateway handles public ingress. Everything else is tailnet-only. Host firewalls default to deny. No improvised hardening required.
[05] EXTEND
Repeatable Service Model
New services inherit DNS, TLS, backup, and observability automatically. Adding Vaultwarden or a Matrix server doesn’t break the operating model.
[06] UI
Local Web UI
A locally-hosted browser interface wraps deploy scripts and config — running on your workstation only, never exposed to the internet.
// architecture

Minimal surface.
Maximum control.

Three VM roles, one public entry point, everything else strictly private. Portable across cloud providers.

PUBLIC
Gateway VM
Reverse proxy (Caddy), TLS termination, public ingress on 80/443, full-tunnel VPN exit node.
CTRL
Headscale Control VM
Private network control plane — device registration, ACL enforcement, DERP relay, WireGuard key distribution.
PRIVATE
Workload VMs
No public IPv4. Services bind to Tailscale IPs only. Default stack: Prometheus + Grafana + Loki on the monitoring VM.
BACKUP
Dual S3 Backends
Encrypted Restic backups to two independent S3-compatible stores. Nightly, deduplicated, replicated.
         Internet
            │
   ┌──────────────────┐
   │ Gateway VM       │
   │ Public 80/443    │
   │ Caddy + Exit Node│
   └────────┬─────────┘
         │ Tailscale
  ┌──────┴─────────┐
  │                 │
┌─┴──────────┐ ┌──┴─────────┐
Headscale  │ │ Monitoring │
│ Control VM │ │ VM (private)│
└────────────┘ └─────────────┘
         │
   Your Devices
// web ui

Deploy from your browser.
Logs stream live.

Privalon ships with a locally-hosted Web UI that wraps the deploy scripts. Select environment, scope, and options — then watch Ansible tasks execute in real time. Never exposed to the internet.

localhost:8090 — Deploy
Privalon Web UI - New Deployment form
// New Deployment — select environment, scope, and options
localhost:8090 — Live Log
Privalon Web UI - Live Ansible log stream
// Live Ansible task log with progress bar and collapsible sections
// recovery

One line to restore everything

Like a crypto wallet seed phrase, your portable recovery line is all you need. If every machine dies and your laptop is lost — as long as one S3 backup is alive, you’re back.

“Save one line. Recover everything.”

./scripts/restore.sh --recovery-line 'bp1-a7f9c2e4b6d81053-9f8e7d6c5b4a3021'
// roadmap

Where we’re going

The long-term goal is to make running your own private infrastructure feel normal — not exceptional.

SHIPPED
Core Infrastructure Blueprint
Gateway VM, Headscale control plane, monitoring stack, dual S3 backups, and portable recovery line.
SHIPPED
Local Web UI
Browser-based deploy interface with real-time Ansible log streaming, environment management, and deployment history.
IN PROGRESS
Multi-provider Terraform Modules
Expanding beyond ThreeFold Grid to Hetzner and DigitalOcean for broader provider portability.
PLANNED
Internal Service Templates
Reusable onboarding patterns for services like Vaultwarden, Matrix, and Nextcloud that inherit the full operating model automatically.
PLANNED
AI Sysadmin Layer
A private AI assistant that helps with operations — answering questions, diagnosing issues, and suggesting actions — without sending data to external platforms.
PLANNED
Blueprint Improvement Cycle
Continuous hardening of the baseline: improved ACL defaults, automated health checks, and operator runbooks built into the repo.