The Base Kit follows an IaC-first approach using packaged OpenTofu plus a selected PaaS adapter. Coolify is the default beta path, and Komodo is the supported beta alternative.
Overview
Common starting profiles
Base Kit no longer relies on the old monolithicvariant selector. Start from the baseline and use context, mode, and add-ons to shape the deployment.
- Baseline
- With monitoring-core
- Low-resource intent
The standard single-environment path.
| Surface | Description |
|---|---|
| Traefik v3 | Reverse proxy with auto-SSL |
| Coolify | App platform (PaaS) - beta default |
| Komodo | Beta-supported alternative PaaS |
| Uptime Kuma / Beszel | Lightweight uptime or node-health UX |
| Dozzle | Real-time Docker log viewer |
| monitoring-agent | OTLP collector baseline enabled by default |
stack-spec.yaml
Included services
The app platform is context-resolved. The public BaseKit beta defaults to Coolify and supports Komodo as the beta alternative. Dokploy remains draft/non-beta and is not part of the canonical beta E2E matrix.
Traefik v3
Reverse Proxy & SSLAutomatic HTTPS certificates (Let’s Encrypt), routing, and load balancing for all services.
Coolify
App platform (beta default)Self-hosted PaaS like Vercel/Heroku. BaseKit bootstraps Coolify, enables its API, stores platform placement state, and deploys StackKit-owned apps through Coolify.
Komodo
Beta-supported alternativeKomodo is the supported beta alternative for kombify.me provider-lease evidence. Dokploy remains draft until promoted by its own release evidence.
Uptime Kuma
Status MonitoringMonitor your services with beautiful status pages and alerts.
Netdata
Server MetricsReal-time per-node metrics (CPU, RAM, disk, network). Beszel or Glances on low-resource nodes.
Dozzle
Log ViewerReal-time Docker container log viewer in your browser.
Identity services
TinyAuth
Lightweight auth proxyGateway auth boundary for protected routes.
PocketID
Passkey-first OIDC providerOwner activation and passkey login for the BaseKit beta path.
Requirements
| Resource | Low | Standard | High |
|---|---|---|---|
| CPU | 2 cores | 4 cores | 8 cores |
| RAM | 4 GB | 8 GB | 16 GB |
| Storage | 20 GB SSD | 50 GB SSD | 100+ GB SSD |
| Observability | Collector baseline only | Collector baseline | Collector baseline + optional monitoring-core |
Supported operating systems
| OS | Version | Status |
|---|---|---|
| Ubuntu | 24.04 LTS | ✅ Recommended |
| Ubuntu | 22.04 LTS | ✅ Supported |
| Debian | 12 (Bookworm) | ✅ Supported |
Quick start
Generate infrastructure code
deploy/- generated OpenTofu input and output files.stackkit/platform.json- selected PaaS placement and API context after apply.stackkit/state.yaml- setup-run state and retry-safe setup action evidence- service output files with Base Hub, identity, monitoring, and application URLs
Configuration reference
Node settings
Domain and SSL
- With domain
- Local only
Service configuration
Deployment modes
The Base Kit supports these public install modes:| Mode | Engine | When to use |
|---|---|---|
| Bare | Packaged OpenTofu without Base Hub/setup automation | Manual or BYOS foundations |
| Bootstrapped | Packaged OpenTofu plus Base Hub, identity, monitoring, and setup actions | Default public beta path |
| Advanced | Bootstrapped plus advanced handoff/runtime metadata | TechStack/Komodo and guided handoff paths |
terramate / advanced-terramate opt-in until its stack templates have release-grade evidence.
File structure
Afterstackkit generate:
Constraints
The Base Kit enforces these rules:| Constraint | Value | Reason |
|---|---|---|
| Environment | Single (local or cloud) | Single-environment pattern |
| Traefik required | Yes | All services need routing |
| Min RAM | 4 GB | Services won’t fit in less |
Troubleshooting
Services not accessible
Services not accessible
- Check Traefik is running:
docker logs traefik - Verify DNS resolves to your server
- Check firewall allows ports 80/443
- For local: Use
http://IP:PORTinstead of domain
SSL certificate errors
SSL certificate errors
- Let’s Encrypt: Domain must be publicly accessible
- Self-signed: Add browser exception or use
curl -k - Check rate limits at https://letsencrypt.org/docs/rate-limits/
Coolify not starting
Coolify not starting
- Check port 8000 is not in use:
netstat -tlnp | grep 8000 - Verify Docker socket permissions
- Check logs:
docker logs coolify
Low disk space warnings
Low disk space warnings
- Prune unused images:
docker image prune -a - Check volume sizes:
docker system df - Consider adding external storage
Next steps
Node Hub
Open the standard
base.<domain> dashboard and service guide matrix.CUE basics
Learn how to customize StackKit schemas
