Secure, self-hosted infrastructure you actually own.
Open-source, security-first tools for self-hosters and companies who want control without giving up security — hardened, lightweight, and built to OWASP ASVS Level 3.
$ whoami
Glyndor — open-source infrastructure, secure by default.
$ ls ./projects
panel/ podup/ mail/ transparencia/| Project | What it is | Status |
|---|---|---|
| panel | Secure self-hosted hosting panel — firewall, ports, SSH, containers and WireGuard tunnels | 🟡 In development |
| └ panel-agent | Hardened agent on each managed server — Ed25519-signed commands over WireGuard + mTLS | 🟢 Released · v1.3.1 |
| podup | docker-compose translated to rootless Podman — Rust library + drop-in CLI |
🟢 Released · v0.24.0 |
| Headless self-hosted mail server — SMTP/IMAP, DKIM/SPF/DMARC, API + CLI | 🟡 In development · v0.2.0 | |
| └ mail-panel | Next.js admin UI on top of the mail API | 🟡 In development |
| transparencia | Public-money traceability — open data, live contracts, risk alerts | 🔵 Coming soon |
flowchart LR
panel["Glyndor panel"] -->|signed commands| agent["panel-agent"]
agent -->|rootless containers| podup["podup"]
panel -. manages .-> mail["Glyndor mail"]
mail --> mp["mail-panel"]
tp["transparencia"] -->|runs on| panel
Each tool stands on its own — adopt one, or run them together.
- Secure by default — the most restrictive configuration ships active. You opt in to looseness, never to safety. Built to ASVS Level 3.
- You own it — self-hosted native binaries, no SaaS lock-in.
- Open source — every project is public and Apache-2.0 licensed.
- Minimal & native — lightweight binaries, few dependencies, audited.
- Issues are open to everyone — reporting bugs is welcome and valuable.
- Pull requests are invitation-only; this code touches kernel-level surfaces (SSH, firewall, ports).
- Report vulnerabilities privately — see
SECURITY.md. - Branch flow, commit conventions and labels live in
CONTRIBUTING.md.
Built in the open · glyndor.net
