AI SysOps2.0.0
Open-source infrastructure management platform with an AI agent. Single dashboard for DNS, Traefik, CI/CD, SSO, file storage, and analytics. Licensed under LGPL v3.0.
Screenshots
Documentation
Why This Exists
Every new project on a server means dozens of manual operations: create DNS records, configure Traefik routers, generate CI/CD pipelines, set up SSL certificates, configure SSO protection. With 10+ projects, this becomes a time-consuming routine that eats hours and breeds errors.
AI SysOps solves this: a unified management panel that automates the entire project lifecycle on your server.
GitHub | License: LGPL v3.0
One-Click Publish
Register a new project in 30 seconds. The orchestrator handles everything automatically:
| Step | What Happens | Time |
|---|---|---|
| DNS | A-records for all configured base domains | ~1 sec |
| Traefik | YAML router config + SSL + optional Authelia protection | ~1 sec |
| CI/CD | Pipeline pushed to GitLab via Repository Files API | ~3 sec |
| Variables | DEPLOY_PATH, PM2_APP_NAME and other CI variables | ~2 sec |
| Strapi | Project registered in CMS with metadata | ~2 sec |
4 project types: Deploy (web app), Docs (documentation), Infra (infrastructure), Product (product with downloads).
AI Agent
Built-in AI agent with 17 tools executes DevOps tasks via natural language:
- "Add a domain for the cascade project"
- "Why is analytics returning 502?"
- "Show status of all services"
- "Create a DNS record for the new project"
The agent operates at three action tiers: auto (executes immediately), approve (waits for confirmation), deny (forbidden). Destructive operations always require approval.
GitOps
Full cycle: push to main → validate → build → deploy → verify. Zero manual SSH.
- Server configs in a separate Git repository with auto-sync
- Two runners: regular (validate/verify) and root (deploy)
- Incremental deploys with backups and health checks
- Dynamic data (projects.json, auth.json) is never overwritten
Multi-Domain
Every service is accessible via multiple base domains. Domains are configured in a single config file — the platform automatically generates Traefik rules, DNS records, and regional proxy configuration for each domain.
| Domain Type | Route | SSL |
|---|---|---|
| Primary | Direct to server via Traefik | Let's Encrypt (Traefik) |
| Regional | Via Regional Proxy (Caddy) for lower latency | Let's Encrypt (Caddy) |
DNS, Traefik, and Regional Proxy are configured in sync — adding a new service automatically creates records across all systems.
Security
- Authelia SSO — single sign-on for all services with two-factor authentication
- Bearer tokens — SHA-256 hashing, timing-safe comparison
- ForwardAuth — Traefik middleware validates every request via Authelia
- OIDC — CMS integration through OpenID Connect
Managed Services
| Service | Purpose | Prefix |
|---|---|---|
| Management UI | Control panel | admin.* |
| GitLab CE | Git repos + CI/CD | gitlab.* |
| Authelia | SSO + 2FA | auth.* |
| Umami | Web analytics | analytics.* |
| n8n | Automation | n8n.* |
| Mailu | Mail server | mail.* |
| frp | Self-hosted tunnels | *.tunnel.* |
| File Storage | Public file storage | files.* |
Architecture
| Component | Technology |
|---|---|
| Backend | Fastify v5, TypeScript, Drizzle ORM + SQLite |
| Frontend | React 19, Vite, Tailwind v4, TanStack Query |
| Reverse Proxy | Traefik with automatic Let's Encrypt |
| SSO | Authelia (ForwardAuth + OIDC) |
| CI/CD | GitLab CE with shell runner, GitOps pipeline |
| Monitoring | Umami Analytics (self-hosted, SQLite) |
| Tunnels | frp (ngrok replacement, no subscriptions) |
| Regional Proxy | Caddy (optional regional proxy) |