PatchPilot

Beta

Patch management for Linux, macOS & Windows, built for your homelab.

Self-hosted dashboard with real-time monitoring, secure SSH patching, automated schedules, and encrypted backups. Deploy with Docker Compose or Kubernetes in minutes.

Quick install

Linux / macOS

curl -fsSL https://getpatchpilot.app/install.sh | bash

Installs Docker Engine automatically if needed. Debian / Ubuntu only.

Windows

irm https://getpatchpilot.app/install.ps1 | iex

Run in PowerShell as Administrator. Installs Python & Docker Desktop automatically via winget.

curl -fsSL https://getpatchpilot.app/install.sh | bash -s -- --k3s

Requires a running k3s / Kubernetes cluster with Traefik and cert-manager. Automated TLS via Let's Encrypt.

Or: view on GitHub · download release

See it in action

Dashboard — hosts, status & pending updates

Trial mode — 14-day evaluation period

Setup wizard — guided first-run config

Backup storage — local or NFS

SSH keys — encrypted storage with file upload

Add host — SSH key, tags, auto-reboot

Schedules — cron-style maintenance windows

Web installer — browser-based deploy wizard

What you get

📊

Live dashboard

See which hosts are up to date, which need patches, and which are unreachable — at a glance. Background checks run continuously.

⚡

One-click patching

Select hosts, click patch, watch real-time streaming output via WebSocket. Supports apt, dnf, yum, brew, macOS softwareupdate, Windows Update, and winget.

🔑

SSH key management

Upload and manage SSH keys through the UI. Per-host key assignment with encrypted storage using Fernet.

📅

Patch scheduling

Cron-style schedules with timezone support. Automatic patching on your terms — maintenance windows, not surprises.

💾

Backup & restore

Encrypted backups with retention policies. Full system restore including database, SSH keys, and configuration. NFS or local storage.

🔒

RBAC & auth

JWT-based authentication with role-based access control. Admin and viewer roles. Session management with secure token handling.

Two deployment paths

Docker Compose

~5 minutes

Single host, quickest setup
HTTP on port 8080 (add your own reverse proxy for HTTPS)
PostgreSQL, backend, and frontend containers
Local or NFS backup volumes
Ideal for homelabs and LAN access

K3s / Kubernetes

~10 minutes

Cluster deployment with Traefik ingress
Automated TLS via cert-manager + Let's Encrypt
NFS-backed persistent volumes
Multi-arch images (amd64 + arm64)
Production-grade with HTTPS out of the box

Requirements

Docker Engine (Linux) or Docker Desktop (macOS / Windows)

Docker Compose plugin

Python 3 (for web installer)

Linux, macOS, or Windows server host

SSH access to managed hosts

Kubernetes + Traefik + cert-manager (k3s path)