Skip to content
Tundra

Self-Hosting Overview

Tundra offers two deployment paths:

Section titled “Systemd (recommended for production)”

The install.sh one-liner installs and configures everything as systemd services. This is the preferred method for production — it gives you the full systemd hardening surface (sandboxing, capability drops, filesystem protections).

Systemd install guide

Docker Compose

Section titled “Docker Compose”

For operators who prefer containerized deployments, the docs/09-deployment-bundle/ directory contains three compose stacks:

StackPurpose
dev/Source-mounted, hot-reload (cargo-watch + Vite HMR)
prod/Production-grade with Caddy TLS, Docker secrets
e2e/CI test stack with tmpfs state and POST /test/reset

Docker Compose guide

Architecture decisions

Section titled “Architecture decisions”
  • PostgreSQL 18 only — no SQLite or MySQL support for the control plane
  • rustls only — no OpenSSL anywhere in the dependency tree (deny.toml enforces this)
  • Up-only migrations — no down migrations; reverting requires a new forward migration
  • Master key — 32-byte AES key + BLAKE3 integrity trailer; must be backed up offline