Infrastructure that
watches your back
While you're out there conquering, Catedral guards your systems.
Bare metal. MicroVMs. NixOS. Zero drama.
$ curl -fsSL https://catedral.dev/install | sh
Installing Catedral...
Done.
$ catedral app install komodo
Creating microVM...
Allocating IP 10.0.0.2...
β komodo-1 running at https://komodo.yourdomain.dev
Years of stone.
Forged in silence.
We've watched systems crumble at 3 AM. Seen teams panic when deploys go wrong. Felt the weight of infrastructure that fights you instead of helping.
Years of scars. Consuming knowledge in silence. Learning what breaks, what survives, what actually matters when everything is on fire.
Catedral is what we wish we had from day one.
One cathedral, infinite possibilities
Each color in our vitral represents a different service you can deploy. Catedral unifies them all under one roof.
No more YAML hell
One command. Everything configured. No 500-line manifests.
Isolation that actually works
Each app in its own microVM. Full kernel isolation. Not just namespaces.
Boot in milliseconds
Firecracker microVMs start faster than containers. Same isolation as VMs.
Reproducible by default
NixOS underneath. Same config, same result. Always. On any machine.
Everything you need.
Nothing you don't.
A CLI that does its job and gets out of your way. No bloat, no magic, no surprises.
One-Command Deploy
Install any app from our catalog with a single command. Komodo, Uptrace, Pangolin β all ready to go.
Any Distro to NixOS
Transform Ubuntu, Debian, or any Linux server into reproducible NixOS. One command, infinite rollbacks.
MicroVM Isolation
Each app runs in its own Firecracker microVM. Full kernel isolation, not container namespaces.
Encrypted Secrets
Secrets encrypted at rest with age. Unlock once, deploy everywhere. No plaintext configs.
Kernel-Level Security
Real-time syscall monitoring and threat detection. Know exactly what your apps are doing at the kernel level.
Cloudflare Integration
Interactive domain selection, automatic DNS configuration, and instant SSL. Connect domains in seconds.
Built-in Monitoring
Health checks, resource monitoring, and audit logs out of the box. Know what's happening.
Automatic Backups
Scheduled backups with retention policies. Restore any app to any point in time.
Instant Rollback
Something went wrong? Roll back to any previous generation in seconds. NixOS makes it bulletproof.
Deploy from any Linux distro
Running Ubuntu? Debian? CentOS? No problem. Catedral converts your server to NixOS automatically. Get reproducible deployments, instant rollbacks, and declarative infrastructure β without changing your workflow.
One command.
Any app.
Deploy production-ready apps in seconds. Each runs in its own isolated microVM. No containers, no complexity.
Available Now
Komodo
Build and deploy software on many servers
catedral app install komodo Uptrace
Open source APM with traces, metrics, and logs
catedral app install uptrace Infisical
Open source secrets management platform
catedral app install infisical n8n
Workflow automation platform
catedral app install n8n Uptime Kuma
Self-hosted monitoring tool
catedral app install uptime-kuma Linkding
Self-hosted bookmark manager
catedral app install linkding Vaultwarden
Lightweight Bitwarden server
catedral app install vaultwarden Plausible
Privacy-friendly analytics
catedral app install plausible Gitea
Self-hosted Git service
catedral app install gitea Ghost
Professional publishing platform
catedral app install ghost Dokploy
Open source PaaS alternative
catedral app install dokploy Pangolin
Tunneled reverse proxy
catedral app install pangolin Coming Soon
Don't see your favorite app?
Request an app on GitHub
We built what we wished existed.
Now it does.
10 reasons devs choose Catedral
One command, not twenty
While others make you write configs, manifests, and scripts, you just type one command. Done.
True isolation, not theater
Your apps run in real isolated environments. Not namespaces pretending to be secure. Real boundaries.
No vendor lock-in
Your server, your rules. No cloud bills that grow 10x overnight. No sudden pricing changes. No 'we're shutting down' emails.
Seconds to deploy, not hours
New app running in production? Under 60 seconds. No waiting for provisioning, no complex pipelines.
We watch your back
Your cathedral guards the gates while you're out conquering. Deploy with confidenceβwe handle the swords and shields.
Predictable costs forever
One server, one price. Scale your apps, not your bills. No surprise charges, no metered bandwidth fees.
Military-grade security
Real-time threat detection, syscall monitoring, process isolation. Enterprise security without the enterprise complexity.
Works offline
No internet? No problem. Your infrastructure doesn't stop working because someone else's cloud went down.
No PhD required
You shouldn't need to understand distributed systems to deploy a blog. Simple things should be simple.
We eat our own cooking
Every service we run uses Catedral. We find the bugs before you do. We feel the pain before you do.
Your cathedral, fully armed
While you're out conquering markets, your infrastructure stands guard. These aren't featuresβthey're your digital fortress.
Kernel-Level Security
Real-time syscall monitoring, process behavior analysis, and automatic threat response. Your cathedral has guards at every gate.
Cloudflare Integration
Interactive domain selection, automatic DNS configuration, and instant SSL. Connect your domains in seconds, not hours.
Full VM Control
Create, resize, and destroy VMs with simple commands. Choose your CPU cores, RAM, and diskβscale up or down instantly.
NixOS Compatible
Transform any Ubuntu or Debian server into a reproducible NixOS environment. Declarative infrastructure, infinite rollbacks.
$ catedral vm create api-server --cpu 4 --ram 8G --disk 100G
Creating VM 'api-server' with 4 vCPUs, 8GB RAM, 100GB disk...
VM 'api-server' created in 12 seconds
$ catedral domain add api.myapp.com --cloudflare
Connecting to Cloudflare... Select zone:
[1] myapp.com
[2] myapp.io
DNS configured. SSL certificate issued. Ready to serve traffic.
Sound familiar?
These are real problems we've lived through. That's why we built Catedral.
"Spent the weekend debugging YAML indentation"
No YAML. No configs. Just commands that work.
"AWS bill went from $50 to $500 overnight"
Fixed cost. Your server, your price. Forever.
"One container crashed and took down everything"
Apps isolated by default. One crash, zero collateral damage.
"Deployment pipeline takes 45 minutes"
Deploy in seconds. Rollback in seconds. Ship faster.
"Can't reproduce the production bug locally"
Same environment everywhere. What works here, works there.
"Secrets scattered across .env files and Slack DMs"
One secure vault. Encrypted. Versioned. Audited.
"3 AM alert: server unreachable"
Built-in monitoring. Know before your users do.
"Lost data because backups weren't actually running"
Automatic backups with retention. Verified. Restorable.
"New dev took 2 days to set up their environment"
One command to replicate any environment. Two minutes.
"Vendor announced EOL. Migration panic."
Self-hosted. Open source friendly. You own your infrastructure.
Ready to stop fighting your infrastructure?
Start Free Today
From zero to deployed
in under a minute
Install
One curl command. Works on any NixOS system.
Initialize
Set up your server with secure defaults.
Deploy
Pick from the catalog. App running in seconds.
Scale
Need more? Spin up another instance.
Start free. Scale when ready.
No credit card required. Deploy your first app in under 60 seconds.
Free
Get started with self-hosted infrastructure
- Up to 3 apps
- Deploy from any Linux distro
- NixOS conversion (Ubuntu/Debian)
- MicroVM isolation
- Encrypted secrets
- Basic monitoring
- Community support
- Advanced security monitoring
- Multi-server management
- Priority support
Pro
For production workloads and serious deployments
- Unlimited apps
- Everything in Free
- Kernel-level security (Tetragon)
- Real-time threat detection
- Cloudflare DNS integration
- Automatic SSL certificates
- Advanced backup & restore
- VM hot-resize (CPU/RAM)
- Priority email support
- License for 1 server
Enterprise
For organizations with advanced needs
- Everything in Pro
- Unlimited servers
- SSO & LDAP integration
- Custom security policies
- Compliance reports (SOC2, HIPAA)
- Private app catalog
- Air-gapped deployments
- Source code access
- Dedicated support engineer
- Custom SLA & invoicing
Compare plans in detail
| Feature | Free | Pro | Enterprise |
|---|---|---|---|
| Deployment | |||
| Apps limit | 3 apps | Unlimited | Unlimited |
| Deploy from Ubuntu/Debian | ✓ | ✓ | ✓ |
| NixOS conversion | ✓ | ✓ | ✓ |
| Custom flake configs | β | ✓ | ✓ |
| Multi-server deploy | β | β | ✓ |
| Security | |||
| MicroVM isolation | ✓ | ✓ | ✓ |
| Encrypted secrets (age) | ✓ | ✓ | ✓ |
| Vulnerability scanning | ✓ | ✓ | ✓ |
| Kernel-level monitoring | β | ✓ | ✓ |
| Real-time threat detection | β | ✓ | ✓ |
| Custom security policies | β | β | ✓ |
| Compliance reports | β | β | ✓ |
| Infrastructure | |||
| Cloudflare integration | β | ✓ | ✓ |
| Automatic SSL | β | ✓ | ✓ |
| VM hot-resize | β | ✓ | ✓ |
| Advanced backups | β | ✓ | ✓ |
| Air-gapped deployment | β | β | ✓ |
| Private app catalog | β | β | ✓ |
| Support | |||
| Community support | ✓ | ✓ | ✓ |
| Priority email | β | ✓ | ✓ |
| Dedicated engineer | β | β | ✓ |
| Custom SLA | β | β | ✓ |
Your infrastructure.
Your cathedral.
Stop babysitting servers. Start building what matters.
Deploy your first app in under 60 seconds.
Built on battle-tested foundations