All-in-one solutions for modern network and infrastructure management
Network Operations Suite
Cdist: Real Configuration Management, No Hand-Holding Required
Cdist isn’t trying to hold your hand. It’s not here to teach you YAML or hide logic behind pretty dashboards. It does one thing well: lets you manage Unix systems using just shell scripts, SSH, and your own common sense.
You won’t find agents. No background daemons. No dependencies that require a PhD. Just a straightforward way to declare how your systems *should* look — and make it so, one machine at a time or a hundred at once.
Core Features (and Why They Actually Matter)
| Feature | Why It’s Useful |
| Agentless over SSH | Targets don’t need anything except a shell and SSH |
| Written entirely in shell | No need to learn a new language — it’s just shell scripting |
| Declarative “type” system | Reusable units of config with parameters — powerful but simple |
| Pull or push compatible | Run it by hand, from CI, cron, or a wrapper — your call |
| Works across UNIX variants | Supports Linux, BSD, and others without modification |
| Idempotent behavior | Nothing runs unless it needs to — no redundant changes |
| Zero magic | No hidden state, no agent drift, nothing outside your control |
| Git-friendly | Everything lives in plain files — version and audit with ease |
What You Need
– Control Machine: Python 3.x, SSH access to target nodes
– Target Systems: POSIX-compatible (Linux, BSD, etc.), basic shell and core utilities
– No agent, ever
– Network: Only SSH (usually port 22), no open APIs or special tooling
Getting Started (Example on Debian/Ubuntu)
- Install basic tools:
sudo apt update
sudo apt install python3 git
- Clone the repo and export the path:
git clone https://code.ungleich.ch/ungleich-public/cdist
export PATH=$PWD/cdist/bin:$PATH
- Set up your configuration:
mkdir ~/cdist-config && cd ~/cdist-config
cdist config-init
- Write your manifests and types, then run:
cdist config -v -i your.server.name
Real-World Use Cases
Cdist finds its niche where things are deliberately simple — or *need* to be. Think:
– Teams that live in the shell and want repeatability, not ceremony
– Environments where introducing daemons is frowned upon
– Air-gapped machines with tight software policies
– CI jobs that need to configure boxes without installing extra tools
– Places where bash scripts already rule — this just makes them cleaner
Pros and Cons (Let’s Be Honest)
Why people stick with it:
– Dead simple once you get the flow
– Nothing running in the background means no surprises
– Debugging is easy — it’s just scripts
– Transparent and versionable
– Doesn’t fight with your system — it works *with* it
But you should know:
– Not for folks who dislike the command line
– No GUI, no metrics dashboard, nothing fancy
– Can feel raw compared to Ansible or Puppet
– Doesn’t scale well without parallelism tooling (like `xargs` or `pssh`)
– You’ll probably need to build some helper scripts as you grow
Final Thought
If you’ve ever wanted a configuration system that respects your intelligence — one that doesn’t abstract away everything useful — Cdist is probably worth a try. It’s not for everyone, but for seasoned admins who want control, clarity, and zero hidden state? It hits the sweet spot.
It’s like managing servers with a sharpened shell script — only smarter, and a whole lot more scalable.
Pulover’s Macro Creator – Practical Automation for Windows Workflows What is Pulover’s Macro Creator Pulover’s Macro Creator is a script automation utility built around AutoHotkey, offering a GUI for recording, editing, and building complex macros on Windows. At its core, it simplifies repetitive input tasks — whether it’s clicking through a form, launching programs in sequence, or simulating user behavior for testing. Unlike heavier automation platforms, this tool keeps things straightforward:
Woodpecker CI – A No-Nonsense CI/CD Tool for Self-Hosted Git Workflows What is Woodpecker CI Woodpecker CI is one of those tools that doesn’t try to be everything — and that’s a good thing. It’s a simple, clean continuous integration system you can run on your own infrastructure. No SaaS layers, no vendor lock-in, no massive overhead. You connect it to your Git server — Gitea, GitHub, GitLab, whatever fits — and it runs your build pipelines inside Docker containers. That’s it.
Originally forked
Scoop – Minimalist Package Installer for Windows Sometimes installing a tool on Windows takes more time than using it. Scoop changes that. It’s not trying to be fancy — just a simple way to grab binaries, unpack them, and make them available in your terminal. No pop-ups. No wizards. No admin prompts.
You open PowerShell, run one line, and suddenly curl, jq, or ffmpeg are just there. Works the same on a new laptop, a sandbox VM, or inside a CI runner.
It’s built in PowerShell, but you won’t eve
Attic – Minimal Backup Tool That Just Does the Job What is Attic Attic isn’t trying to impress anyone. It’s a command-line backup program built for one thing: making efficient, encrypted backups that don’t waste disk space. No daemons, no GUIs, no magic. It walks the filesystem, chunks files into pieces, skips what’s already there, and writes the rest into an archive. That’s it.
It works best in environments where things don’t need to look pretty — where backup scripts run nightly, disks are ti
BorgBackup – Reliable Backups with Compression, Deduplication, and No Fuss What is BorgBackup BorgBackup (or just Borg) is one of those tools that ends up staying on your systems for years. It’s simple, dependable, and does exactly what you ask of it: take backups, deduplicate data, compress everything, and encrypt it if needed — all in one step.
It’s built with scripting in mind. No GUI, no background daemons, no hidden processes. You run a command, it snapshots your files, and you’re done. If
Kopia – Fast, Secure, and Script-Friendly Backup Engine What is Kopia Kopia isn’t built for legacy systems or flashy dashboards — it’s for people who want their backups to be encrypted, deduplicated, and quietly handled in the background. It runs cross-platform, supports local disks and remote storage (like S3, Azure, or plain SFTP), and does all the heavy lifting without asking much in return.
Whether it’s a developer backing up code directories to cloud buckets, or an admin scripting schedule
BorgBackup – Reliable Backups with Compression, Deduplication, and No Fuss What is BorgBackup BorgBackup (or just Borg) is one of those tools that ends up staying on your systems for years. It’s simple, dependable, and does exactly what you ask of it: take backups, deduplicate data, compress everything, and encrypt it if needed — all in one step.
It’s built with scripting in mind. No GUI, no background daemons, no hidden processes. You run a command, it snapshots your files, and you’re done. If
CryptPad – Zero-Knowledge Collaboration Suite That You Host Yourself What is CryptPad CryptPad is a privacy-first alternative to Google Docs, built for people who actually care where their data goes. It’s not just an online editor — it’s a full collaboration platform: documents, spreadsheets, Kanban boards, polls, whiteboards, file sharing — all wrapped in end-to-end encryption.
Unlike most office tools, the server hosting CryptPad can’t read what users write. Everything is encrypted in the bro
Mail-in-a-Box – Self-Hosted Email That Doesn’t Eat Your Weekend What is Mail-in-a-Box Running your own mail server used to be a nightmare — DNS records, spam filters, TLS configs, weird failures at 3 a.m. Mail-in-a-Box tries to take that pain and bury it under automation. You spin up a clean Ubuntu box, run a single command, and in ten minutes you’ve got a working mail system with webmail, DNS, spam filtering, encryption — the works.
It’s not a fancy mail platform. It’s not for massive corporat
SnappyMail – Fast, Secure Webmail for Self-Hosted Email What Is SnappyMail SnappyMail is a modern, lightweight webmail client designed for privacy-conscious users and system administrators. It’s a fork of RainLoop, rebuilt to address long-standing security issues while keeping the interface clean, fast, and mobile-friendly.
The app connects to standard IMAP and SMTP mail servers and doesn’t rely on a database. That makes it ideal for low-resource servers and simple setups. It also supports mult
Modoboa – A Full-Stack Mail Hosting Platform with Admin Tools Built In What is Modoboa Modoboa isn’t just a mail server — it’s a whole mail hosting environment wrapped into a single install. It gives you a working Postfix + Dovecot setup, plus a full web admin panel, webmail interface, user management, domain control, monitoring, and security features — all out of the box.
It’s written in Python and runs on top of Postfix/Dovecot with Rspamd or Amavis for filtering. Unlike lighter tools like Ma
Cyberduck – GUI File Transfers for Cloud and Servers What Is Cyberduck Cyberduck is a graphical file transfer client that focuses on simplicity without sacrificing power. It supports a wide array of protocols including FTP, SFTP, WebDAV, Amazon S3, OpenStack Swift, Backblaze B2, and even Google Drive and Dropbox.
Available on both macOS and Windows, it’s built for users who prefer point-and-click interfaces over command lines, while still needing access to modern cloud storage and traditional f
muCommander – Cross-Platform File Manager That Brings Back the Classic Feel What is muCommander muCommander is a Java-based, dual-pane file manager with a nostalgic vibe and modern features. It runs on just about anything — Windows, Linux, macOS — and looks familiar to anyone who ever used Norton Commander, Total Commander, or Midnight Commander.
What it brings to the table is portability and simplicity. You don’t install drivers, you don’t wait for indexing, and you’re not locked into one plat
KiTTY – PuTTY’s Grown-Up Twin with Real-World Additions What is KiTTY At first glance, KiTTY looks like PuTTY — and that’s because it is. It’s built on top of PuTTY but with a ton of practical features tacked on. Features that PuTTY should have had years ago but never got around to.
It’s still a lightweight SSH, Telnet, and serial client for Windows, but now with session filters, scripting support, local commands, automatic password handling, transparency, session logging, and even a tiny built
FreeCommander – Dual-Pane File Manager That Doesn’t Try Too Hard What is FreeCommander FreeCommander is one of those tools that quietly replace the default Windows Explorer without making a big deal about it. It’s a dual-pane file manager — plain, fast, and practical — built for users who move files around all day and don’t want to deal with drag-and-drop nonsense or slow context menus.
It’s portable, doesn’t mess with the registry, and works well even on low-spec machines. Tabs, batch renaming
Fluentd + Kibana – Collect Everything, See Everything Why Use These Two Together A lot of systems generate logs. Some generate too much. The problem isn’t getting the logs — it’s making sense of them. That’s where Fluentd and Kibana come in.
Fluentd is the collector — flexible, scriptable, plugin-based. It structures and forwards logs from just about anywhere.
Kibana is the interface — it turns those logs into dashboards, queries, and alerts.
Used together, they turn noisy data into something
Shinken – Modular Monitoring Built on Nagios Principles, But Better What is Shinken Shinken is a distributed monitoring framework built to be compatible with Nagios, but far more flexible and scalable. Instead of trying to replace Nagios outright, it reimagines its architecture: services are decoupled, load is distributed, and components talk over a message bus.
It uses the same configuration format as Nagios, which means old setups don’t need to be rewritten. But unlike Nagios, Shinken can sca
VictoriaMetrics – Time Series Database That’s Built to Keep Up What is VictoriaMetrics VictoriaMetrics is a high-performance time series database built for modern telemetry workloads. If Prometheus starts to choke under load or your long-term retention plan becomes a storage nightmare — VictoriaMetrics is what usually comes next.
It’s fast, lightweight, and designed to ingest millions of metrics per second without falling apart. It stores time series data in an append-only, compressed format th
LibreNMS – Let It Find Your Network for You What is LibreNMS LibreNMS isn’t trying to be a platform. It’s just a smart, open-source tool that helps you keep track of your network without making you build the whole stack yourself.
You install it, point it at your subnet, and within minutes it starts discovering devices — switches, routers, firewalls, even printers if they talk SNMP. You don’t need to add hosts one by one, and you don’t have to define what’s on port 22. It figures things out.
It
NetXMS – Unified Monitoring for Networks, Servers, and Everything in Between What is NetXMS NetXMS is a cross-platform, agent-based monitoring system that aims to cover it all: network devices, Windows and Linux servers, virtual machines, applications, and services. Think of it as a mix between traditional SNMP polling, active agent checks, and service monitoring — all rolled into one system with a native GUI.
Unlike tools that only do one layer well (say, network discovery but no OS metrics),
mitmproxy – When You Need to See What’s Really in the Traffic What is mitmproxy mitmproxy is an interactive, console-based HTTPS proxy that lets you inspect, modify, and debug HTTP(S) traffic on the fly. It acts as a transparent man-in-the-middle: intercepting browser traffic, API calls, mobile app requests — and showing it in real time.
It’s a favorite tool among penetration testers, backend developers, and network troubleshooters. Unlike packet-level sniffers, mitmproxy actually understands H
Unicornscan – Asynchronous Port Scanning with a Researcher’s Touch What is Unicornscan Unicornscan is a high-performance, asynchronous port scanner built with one goal in mind: collect as much network info as possible, as fast and accurately as possible. Unlike Nmap, which prioritizes depth and stealth, Unicornscan goes wide — scanning large address spaces, quickly and efficiently.
It’s used in research, red teaming, and environments where speed matters more than quiet. It doesn’t just tell you
EtherApe – Real-Time Network Visualization, the Old-School Way What is EtherApe EtherApe is a graphical network monitoring tool that maps traffic in real time. Picture a constantly updating topology map where nodes (hosts) and links (connections) change size and color depending on how much data is moving through them. That’s EtherApe.
It’s inspired by Etherman and crafted for sysadmins who prefer visual over textual. While it won’t replace a full-blown NMS, it’s ideal when you want to see what’
Apache Guacamole – Remote Access with No Installers, No Fuss What is It (and Why It’s Useful) Sometimes setting up remote access feels heavier than the task you actually needed it for. RDP clients, SSH apps, firewalls, VPNs… too many moving parts.
Guacamole skips all of that.
It’s a web-based remote desktop gateway. Open a browser, log in, and suddenly you’re staring at a Linux terminal or Windows desktop — no software, no plugins, nothing to install.
It works by tunneling RDP, VNC, or SSH thr
X2Go – Remote Linux Desktops That Actually Work Over Slow Links What It’s About Remote desktop on Linux is usually… a pain. X11 forwarding is sluggish, VNC is blurry and laggy, and RDP doesn’t really speak Linux natively. X2Go fixes most of that.
It gives you a proper Linux desktop — KDE, XFCE, MATE — over an SSH tunnel, using the NX protocol under the hood. It’s compressed, encrypted, and more responsive than anything else in its category. You open a session, work normally, close the laptop
MeshCentral – Self-Hosted Remote Control That Runs Through Firewalls What is MeshCentral MeshCentral is a full-featured, self-hosted remote management platform that gives IT teams control over fleets of devices — even when they’re outside the network. It works through firewalls, behind NAT, and without a VPN. Devices connect outbound to the Mesh server, keeping the connection open for remote desktop, terminal, file transfer, and more.
You host the server yourself — no cloud account, no vendor l
Parsec – Remote Desktop with Low-Latency Pixel Precision What is Parsec Parsec is a high-performance remote desktop tool that was originally built for gaming — but ended up being a favorite in media production, devops, and IT circles for one simple reason: it’s ridiculously fast.
Using a custom UDP-based protocol and aggressive video encoding (H.264/HEVC), Parsec makes remote desktops feel like local ones. It works across platforms, supports gamepads, multi-monitor setups, and doesn’t choke on
CrowdSec – Collaborative Intrusion Prevention for the Modern Internet What Is CrowdSec CrowdSec is an open-source, crowd-powered intrusion prevention system. Think of it as the spiritual successor to Fail2Ban — but with modern architecture, behavior-based detection, and a real-time threat-sharing network.
It monitors logs from services like SSH, NGINX, Apache, Postfix, and many others. When it sees suspicious activity — repeated login attempts, scans, abuse — it triggers local responses (firewa
Snort 3 – Flexible, Modular Intrusion Detection That Speaks Modern Traffic What is Snort 3 Snort 3 is the latest iteration of one of the most established intrusion detection and prevention systems out there. Originally built as a packet sniffer with signature-based alerting, Snort has evolved into a full-blown modular IDS/IPS engine. This version — Snort 3 — brings real architectural improvements: dynamic pipelines, better scalability, and a Lua-based configuration system that replaces the old c
OSSEC – Host-Based Intrusion Detection That’s Still Holding Its Ground What is OSSEC OSSEC is a classic open-source HIDS — Host-based Intrusion Detection System. Unlike network IDS tools like Snort or Suricata, OSSEC focuses on what’s happening on the systems themselves. It watches for file changes, unauthorized user activity, privilege escalation, suspicious logs — and can even take automated actions when needed.
It’s been around since the early 2000s, and while newer tools like Wazuh have bui
Wazuh – One Platform to Watch Them All What It Is (and Why People Use It) Security monitoring can get complicated — too many tools doing too many things, none of them really talking to each other.
Wazuh tries to fix that.
It started off as a fork of OSSEC but quickly grew into something bigger: a full-blown, open-source SIEM and XDR platform that pulls logs, monitors files, checks integrity, detects anomalies, and responds — all from one interface.
The cool part? It doesn’t just handle endpoin
K3s + MicroK8s – Lightweight Kubernetes That Actually Fits on the Edge K3s – Tiny but Real Kubernetes K3s is a minimalist Kubernetes distribution, designed for low-resource environments like edge nodes, ARM boards (think Raspberry Pi), and IoT gateways. It’s packaged as a single binary, strips out a lot of the heavy components (no etcd by default, uses SQLite), and just runs — even on tiny boxes.
It’s CNCF-certified, supports Helm, Traefik, containerd, and can work in HA clusters. The goal isn’
WSL 2 + Docker – Real Linux Containers on Windows Without the Overhead WSL 2: Linux That Lives Inside Windows (for Real This Time) Let’s be honest — WSL 1 was clever, but limited. It felt like Linux, but under the hood, it just translated system calls.
WSL 2 changed that.
Now there’s a real Linux kernel running inside a lightweight VM, and it behaves like the real thing — because it is the real thing. Systemd? Works. SSH server? Sure. Bash scripts, Python tools, rsync, even package managers — n
Podman – Containers Without the Daemon, and Without the Fuss What Is Podman Podman is a container engine that looks and feels a lot like Docker — same commands, same behavior — but with one major twist: no central daemon.
It’s daemonless, rootless by design, and better aligned with how Unix systems typically manage processes.
Instead of relying on a long-running service like ‘dockerd’, Podman uses standard Linux process models. That means each container runs as a direct child of the launching p
VirtualBox – Virtual Machines That Just Work, No Cloud Required What Is VirtualBox VirtualBox is the kind of tool that’s been around long enough to become a default. It runs on almost anything — Windows, Linux, macOS, even Solaris — and can host nearly any OS you throw at it, from modern Linux distros to Windows 98 or FreeBSD.
But it’s not just about legacy support. What makes it stick around is simplicity. You download it, install it, and within a few clicks, you’re running a VM. No licensing