One CLI for everything
mnctl is a 50-subcommand multi-call CLI. Services, containers, deploys, k3s, VPN, ISO builds - same verbs, same flags. No 7 tools and 3 dialects.
v1.0.1 Obsidian · out now
The server OS
The server OS
built for the ones
who mean it.
Monolith OS is a lean, server-focused Linux distribution on Arch Linux:
custom kernel, unified mnctl CLI, branded TUI and web
dashboards, integrated monitoring, hardened security, k3s,
snapshot-safe upgrades, and zero-config app templates.
One tool, one config, one box.
Built on Arch Linux
Powered by Rust 1.95+
Container runtime Docker / Podman
Cluster k3s
License MIT
Why Monolith OS
One tool. One config. One box.
Most distros are general-purpose. Monolith is single-purpose: run servers, run them well, and stop fighting the box. Everything you'd cobble together yourself - firewall, monitoring, containers, VPN, backups, reverse proxy, app templates - is wired in from boot.
Hardened by default
Default-deny nftables, key-only SSH on :2222, AppArmor profiles, fail2ban, sysctl hardening. Boot it on a VPS, leave it.
Snapshot-safe upgrades
mnpkg upgrade takes a Btrfs snapshot via snapper before touching the system. One command rolls it back. No more 3am panic.
Three surfaces, one brand
The web dashboard mnweb, the TUI mntui, and the installer all share the same emerald + cyan aurora palette and the same data model.
Zero-config templates
mnctl template deploy minecraft --name pvp and you have a hardened container with reverse proxy, TLS, backups, and Prometheus targets.
Tier-aware
Ship lite to a 512 MB VPS, full to a home server, pro to a k3s node. Same image family, same workflow.
Profiles
Three tiers. Pick yours.
Each ISO ships with the matching [system].profile baked into /etc/monolith/monolith.toml, so mnctl profile show on first boot reports the correct tier.
lite
Just enough.
- 1 vCPU · 512 MB-1 GB RAM
- 8 GB disk
- Web UI off, monitoring off
- Discord bots, microservers, edge nodes
full
Recommended
The default home server.
- 2 cores · 2 GB RAM
- 20 GB disk
- Web UI on, monitoring on, containers on
- Single-node home/work server
pro
Production-grade.
- 4+ cores · 8+ GB RAM
- 100 GB disk
- Everything from full + k3s, etcd cluster
- Cluster nodes, build hosts, prod boxes
Three surfaces
Same data, three ways to look at it.
Whatever's at hand - SSH, browser, or a console plugged into the rack - Monolith gives you the same numbers, the same brand, the same shortcuts.
$ mnctl service list ● nginx.service active running ● docker.service active running ● monolith-mnweb.service active running ● postgresql.service active reloading ● fail2ban.service failed exit-code $ mnctl template deploy minecraft --name pvp ✓ pulled image itzg/minecraft-server:java21 ✓ created volume monolith-app-pvp ✓ started monolith-app-pvp.service ✓ proxied at pvp.example.com (TLS) ✓ Prometheus target attached
╭ Monolith OS · v1.0.1 Obsidian ────────── tab 1/6 · q quit ╮ │ CPU │ │ ▁▂▃▅▆▇█▇▆▅▄▃▃▄▅▆▇█▇▅▄▃▂▂▃▄▅▆▇▆▅▄▃▂▁ │ │ load 0.42 0.58 0.61 cores 4 @ 3.4 GHz │ │ │ │ RAM 58% 4.7 / 8.0 GB │ │ swap 3% 120 MB / 4 GB │ │ │ │ Disks │ │ / ext4 61% 62/102 GB │ │ /var/lib btrfs 78% 78/100 GB │ │ │ │ Top processes cpu mem │ │ monolith-mnweb 4% 35 MB │ │ postgres 3% 220 MB │ │ prometheus 2% 90 MB │ ╰─────────────── 1 overview · 2 services · 3 disks · 4 net ─╯
CPU42%
RAM4.7 / 8 GB
Disk62 / 102 GB
Uptime14d 03h
Services
- ●nginx
- ●docker
- ●monolith-mnweb
- ●postgresql
Containers
- ●app-pvp 0.4% · 320 MB
- ●postgres 2.3% · 220 MB
- ●redis 0.1% · 12 MB
Download
v1.0.1 "Obsidian"
Three TTY-only x86_64 ISOs. Same kernel, same installer, same Monolith binaries pre-vendored under /usr/local/bin/. The [system].profile baked into /etc/monolith/monolith.toml is the only difference.
All artifacts SHA-256 verified · View release page
Install
From zero to box, four ways.
Whichever path you pick, you land in the same place: a Monolith box with mnctl, mntui, mnweb, snapper, nftables, SSH on :2222, and a working app-template engine.
# 1. Download (pick your tier) curl -L -o monolith.iso \ https://github.com/shirou-eh/Monolith/releases/download/v1.0.1/monolith-1.0.1-full-x86_64.iso # 2. Verify the SHA-256 curl -L -O https://github.com/shirou-eh/Monolith/releases/download/v1.0.1/monolith-1.0.1-full-x86_64.iso.sha256 sha256sum -c monolith-1.0.1-full-x86_64.iso.sha256 # 3. Write to a USB stick (replace /dev/sdX) sudo dd if=monolith.iso of=/dev/sdX bs=4M status=progress conv=fsync # 4. Boot from the stick - the live system auto-launches the installer.
# Already on Arch? Convert in place. curl -fsSL https://raw.githubusercontent.com/shirou-eh/Monolith/main/scripts/install.sh | sudo bash # Optional: apply security defaults sudo mnctl security harden sudo mnctl web enable
# Requires Rust 1.95+ git clone https://github.com/shirou-eh/Monolith.git cd Monolith make build sudo make install # Or run any binary out of tree cargo run --release --bin mnctl -- info system cargo run --release --bin mntui cargo run --release --bin mnweb # 127.0.0.1:9911
# Build any tier locally (Docker or native Arch host) sudo ./iso/build-iso.sh --tier full --out ./out --version 1.0.1 # Inside an Arch container docker run --rm --privileged -v "$(pwd):/work" -w /work archlinux:latest bash -c ' pacman -Syu --noconfirm pacman -S --noconfirm --needed archiso grub edk2-shell libisoburn squashfs-tools dosfstools mtools ./iso/build-iso.sh --tier full --out out --version 1.0.1 '
Cookbook
Look how short it is.
Each line is a copy-pasteable recipe. mnctl --help and mnctl <verb> --help cover the rest.
# Day 1 mnctl info system && mnctl profile show mnctl security audit mnctl monitor status # Containers / app deploys mnctl template deploy minecraft --name mc-pvp mnctl deploy app /opt/my-compose-repo --name api mnctl container logs api --follow # Reverse proxy with automatic TLS mnctl proxy add api.example.com \ --service monolith-app-api.service --tls # Backups mnctl backup create --tag pre-upgrade mnctl backup restore --snapshot <ID>
# Kubernetes (k3s) mnctl kube install --role server mnctl kube install --role agent \ --server https://control:6443 --token <TOK> mnctl kube kubectl get pods -A # Disk health mnctl disk smart status mnctl disk smart test --type short /dev/sda # VPN mnctl vpn create wg0 mnctl vpn peer add wg0 \ --pubkey <K> --allowed-ips 10.0.0.2/32 # Updates - snapshot-safe mnctl update apply --reboot-if-needed mnctl update rollback
3TTY-only ISOs
5Rust binaries
50+mnctl subcommands
14+app templates
Support
Stuck? Write me on Discord.
If you hit a wall, found a bug, or just want to brainstorm a setup, ping me on Discord. I read every message.
Discord
shiro_eh
Send a friend request or DM directly. I usually respond within a day.
Report an issue
Bug? Open a GitHub issue with logs, distro version, and reproduction steps.
github.com/shirou-eh/Monolith/issues →Discussions
Ask broader questions, share your setup, or propose features.
github.com/shirou-eh/Monolith/discussions →Installation guide
Long-form, copy-pasteable, day-1 cookbook. Read it before asking.
github.com/shirou-eh/Monolith/blob/main/INSTALL.md →