Skip to content

cold-code-labs/heimdall

Heimdall

Heimdall

The beautiful control plane for self-hosted apps.

Heimdall sits above your deployment engine — it doesn't replace Coolify, it conducts it — and wires every app to its own data, auth, and secrets in one move.

License: Apache 2.0 Status: beta Over Coolify Wired to Hauldr


In Norse myth, Heimdall is the watchman of the Bifröst — the burning rainbow bridge between the realms. He sees everything, hears the grass grow, and guards the gate. This Heimdall does the same for your fleet: it sees every app, every deployment, every key — and opens the bridge between your code and the data behind it.

Why

The self-hosted PaaS engines are excellent and ugly. Coolify, Dokku, CapRover — powerful, but the UX fights you, and none of them know what a data project is. They start a container and wave goodbye. You still wire the database, the auth, the secrets by hand, per app, forever.

Heimdall is the layer that's missing: a single, beautiful surface that drives the engine you already run and provisions the backend each app needs — because it's wired to Hauldr, a multi-tenant backend on real Postgres.

The one move that matters

POST /apps  { "name": "meu-saas", "template": "hono-next", "data": true }
  1. register the app            → Heimdall (Postgres)
  2. provision a data project    → Hauldr  (isolated Postgres + GoTrue auth)
  3. inject the tenant secrets   → SecretsStore (HAULDR_DB_URL, GOTRUE_URL, JWT_SECRET)
  4. create + deploy the app     → DeployEngine (Coolify)
  ─────────────────────────────────────────────────────────────────────
  → app live, multi-tenant, with native data + auth. No manual wiring.

Step 2–3 are the whole point. No generic PaaS does them, because none has a Hauldr underneath.

Modules

Heimdall is a dashboard of focused modules over one fleet. Each is named for the job it does; several wear a Norse name from the same world as Heimdall himself.

Module Also known as What it does
Fleet Ice Breaker Live mirror of every app (Coolify /applications + Compose /services); Ice Breaker is the one-click instance factory (repo + Coolify app + Hauldr project, in one go)
Deployments Bifröst Deploy history, live progress, redeploy and rollback
Domains Attach a client's own domain to an app via Cloudflare for SaaS
Env Rúnar Read/write env vars across every app, reveal secrets, redeploy
Ice Vault Encrypted secrets store with a full audit log
Routing Source of truth for fleet routing — a reconciler renders Traefik file-provider routes
Infra Ymir Read-only host + container metrics, plus per-app edge traffic
Files Browser for each app's native Hauldr object storage
Aegir AI concierge that operates every module via chat — also reachable over WhatsApp
Mímir Prompt bank + enhancer
CCL ID Internal identity management over Logto (create / role / reset / suspend)

See docs/modules.md for what each one does and the API behind it.

Architecture

Heimdall is an aggregator. Everything it touches sits behind a small interface, so "over Coolify" is the first implementation — not a hard dependency.

apps/
  web/        Next.js — the UI (the reason Heimdall exists)
  api/        Hono — the control-plane API
packages/
  core/       domain + the interfaces + the create-app flow
  db/         Drizzle + Postgres — Heimdall's own store
  engines/    DeployEngine  → coolify   (future: dokku, render, fly)
  dataplane/  DataPlane     → hauldr    (future: supabase, neon)
  secrets/    SecretsStore  → coolify-env (future: infisical, vault)
  source/     SourceProvider → github   (a new app's repo, from a template)
  sdk/        typed client (web + cli)

The interfaces in packages/core/src/adapters.ts are the product:

Interface Today The job
DeployEngine Coolify create / deploy / destroy apps, set env
DataPlane Hauldr provision an isolated data project per app
SourceProvider GitHub a new app's repo, from a template
SecretsStore Coolify env hold the tenant secrets the data project hands out
InfraProvider Docker read-only host + container metrics (the Ymir view)

Self-hosting

Develop

pnpm install
cp .env.example .env      # point at your Coolify + Hauldr (+ optional Logto)
pnpm dev                  # api on :8787, web on :3000

With nothing configured, Heimdall opens in a zero-setup dev shell. Every integration (Coolify, Hauldr, GitHub templates, Logto auth, Traefik metrics) is wired through .env.example — set only what you need.

Production

docker compose -f docker-compose.prod.yml up -d

Bring your own Postgres via HEIMDALL_DATABASE_URL, or run the bundled one. At Cold Code Labs, Heimdall dogfoods Hauldr for its own database. Full runbook and the release/branch model: docs/deployment.md.

Status

Heimdall is beta and developed in the open. It runs in production at Cold Code Labs, operating the live fleet — the apps you see in Fleet, the deployments in Bifröst, the secrets in Ice Vault are all real. It is single-operator-focused and pre-1.0: expect breaking changes until a tagged release.

Public releases are cut from main; surtr is Cold Code Labs' own deploy branch (see docs/deployment.md). Roadmap, in rough order: a tagged v0.x release, multi-engine DataPlane/DeployEngine adapters, and a hosted demo.

Built on the shoulders of

Heimdall conducts and assembles excellent open-source projects:

  • Coolify — the deployment engine it drives
  • Hauldr — the multi-tenant data plane
  • Traefik — the edge it routes through
  • Hono — the control-plane API
  • Next.js — the UI
  • Drizzle — Heimdall's own store
  • Logto — authentication and identity

Contributing

Contributions are welcome — see CONTRIBUTING.md. Please also read the Code of Conduct and our security policy.

License

Apache License 2.0. © Cold Code Labs.

About

The beautiful control plane for self-hosted apps — over Coolify, wired to Hauldr.

Topics

Resources

License

Code of conduct

Contributing

Security policy

Stars

Watchers

Forks

Packages

 
 
 

Contributors

Languages