Skip to main content
The Base Kit is designed for single-environment deployments — all services share one deployment target. It can run on a single server or span multiple nodes in the same environment (local or cloud). This is the simplest architecture pattern, optimized for reliability and straightforward operations.
The Base Kit follows an IaC-first approach using packaged OpenTofu plus a selected PaaS adapter. Coolify is the default beta path, and Komodo is the supported beta alternative.

Overview

Common starting profiles

Base Kit no longer relies on the old monolithic variant selector. Start from the baseline and use context, mode, and add-ons to shape the deployment.
The standard single-environment path.
SurfaceDescription
Traefik v3Reverse proxy with auto-SSL
CoolifyApp platform (PaaS) - beta default
KomodoBeta-supported alternative PaaS
Uptime Kuma / BeszelLightweight uptime or node-health UX
DozzleReal-time Docker log viewer
monitoring-agentOTLP collector baseline enabled by default
stack-spec.yaml
stackkit: base-kit

Included services

The app platform is context-resolved. The public BaseKit beta defaults to Coolify and supports Komodo as the beta alternative. Dokploy remains draft/non-beta and is not part of the canonical beta E2E matrix.

Traefik v3

Reverse Proxy & SSLAutomatic HTTPS certificates (Let’s Encrypt), routing, and load balancing for all services.

Coolify

App platform (beta default)Self-hosted PaaS like Vercel/Heroku. BaseKit bootstraps Coolify, enables its API, stores platform placement state, and deploys StackKit-owned apps through Coolify.

Komodo

Beta-supported alternativeKomodo is the supported beta alternative for kombify.me provider-lease evidence. Dokploy remains draft until promoted by its own release evidence.

Uptime Kuma

Status MonitoringMonitor your services with beautiful status pages and alerts.

Netdata

Server MetricsReal-time per-node metrics (CPU, RAM, disk, network). Beszel or Glances on low-resource nodes.

Dozzle

Log ViewerReal-time Docker container log viewer in your browser.

Identity services

TinyAuth

Lightweight auth proxyGateway auth boundary for protected routes.

PocketID

Passkey-first OIDC providerOwner activation and passkey login for the BaseKit beta path.

Requirements

ResourceLowStandardHigh
CPU2 cores4 cores8 cores
RAM4 GB8 GB16 GB
Storage20 GB SSD50 GB SSD100+ GB SSD
ObservabilityCollector baseline onlyCollector baselineCollector baseline + optional monitoring-core

Supported operating systems

OSVersionStatus
Ubuntu24.04 LTS✅ Recommended
Ubuntu22.04 LTS✅ Supported
Debian12 (Bookworm)✅ Supported

Quick start

1

Create your spec file

stack-spec.yaml
stackkit: base-kit

# Node configuration
nodes:
  - name: main-server
    type: local  # or vps, cloud
    connection:
      host: 192.168.1.100
      user: root
      ssh_key: ~/.ssh/id_ed25519

# Domain (optional - enables auto-SSL)
domain: homelab.example.com
email: you@example.com

# Service toggles
services:
  coolify:
    enabled: true
  uptime_kuma:
    enabled: true
  dozzle:
    enabled: true
2

Validate configuration

stackkit validate
Output:
✓ StackKit: base-kit (v1.0.0)
✓ Monitoring: OTLP collector baseline
✓ OS: ubuntu-24
✓ Compute tier: standard
✓ All service dependencies satisfied
✓ No port conflicts detected

Ready to deploy!
3

Generate infrastructure code

stackkit generate
Creates:
  • deploy/ - generated OpenTofu input and output files
  • .stackkit/platform.json - selected PaaS placement and API context after apply
  • .stackkit/state.yaml - setup-run state and retry-safe setup action evidence
  • service output files with Base Hub, identity, monitoring, and application URLs
4

Preview and apply

stackkit plan   # Preview changes
stackkit apply  # Deploy

Configuration reference

Node settings

nodes:
  - name: main-server
    type: local              # local, vps, cloud
    os: ubuntu-24            # ubuntu-24, ubuntu-22, debian-12
    
    connection:
      host: 192.168.1.100
      port: 22
      user: root
      ssh_key: ~/.ssh/id_ed25519
      # OR password: ${SSH_PASSWORD}
    
    resources:               # Optional — auto-detected
      cpu: 4
      memory_gb: 8
      disk_gb: 50

Domain and SSL

domain: homelab.example.com
email: you@example.com

ssl:
  provider: letsencrypt
  # Optional: wildcard for *.homelab.example.com
  wildcard: true

Service configuration

services:
  traefik:
    enabled: true           # Always required
    dashboard: true         # Enable Traefik UI
    log_level: INFO
    
  coolify:
    enabled: true
    # Coolify runs on port 8000 by default
    
  uptime_kuma:
    enabled: true
    public_page: true       # Enable public status page
    
  dozzle:
    enabled: true
    remote_hosts: []        # Add remote Docker hosts
    
  # Identity is part of the beta baseline unless intentionally overridden
  tinyauth:
    enabled: true
    
  pocketid:
    enabled: true

Deployment modes

The Base Kit supports these public install modes:
ModeEngineWhen to use
BarePackaged OpenTofu without Base Hub/setup automationManual or BYOS foundations
BootstrappedPackaged OpenTofu plus Base Hub, identity, monitoring, and setup actionsDefault public beta path
AdvancedBootstrapped plus advanced handoff/runtime metadataTechStack/Komodo and guided handoff paths
Terramate remains an explicit terramate / advanced-terramate opt-in until its stack templates have release-grade evidence.
# Default beta mode
mode: bootstrapped

File structure

After stackkit generate:
.
├── stack-spec.yaml          # Your configuration
├── deploy/                  # Generated OpenTofu inputs and outputs
├── .stackkit/
│   ├── platform.json        # Selected PaaS context after apply
│   ├── state.yaml           # Setup-run state
│   └── security-baseline.json
└── artifacts/               # Optional local evidence and diagnostics

Constraints

The Base Kit enforces these rules:
ConstraintValueReason
EnvironmentSingle (local or cloud)Single-environment pattern
Traefik requiredYesAll services need routing
Min RAM4 GBServices won’t fit in less
The Base Kit serves a single-environment pattern. If you need:

Troubleshooting

  1. Check Traefik is running: docker logs traefik
  2. Verify DNS resolves to your server
  3. Check firewall allows ports 80/443
  4. For local: Use http://IP:PORT instead of domain
  1. Check port 8000 is not in use: netstat -tlnp | grep 8000
  2. Verify Docker socket permissions
  3. Check logs: docker logs coolify
  1. Prune unused images: docker image prune -a
  2. Check volume sizes: docker system df
  3. Consider adding external storage

Next steps

Node Hub

Open the standard base.<domain> dashboard and service guide matrix.

CUE basics

Learn how to customize StackKit schemas