Let people own their data again
Website Β·
Documentation Β·
Download TermiPass Β·
Terminus Apps Β·
Terminus Space
Table of Contents
Terminus OS is a free, self-hosted operating system built on Kubernetes. It is designed as a one-stop self-hosted solution for user-owned edge devices. Our goal is to enable users to securely store their most important data on their own hardware ad access services based on this private data from anywhere in the world. Typical use cases includeοΌ
- π» Self-hosted: Terminus OS serves as a one-stop self-hosted solution where users can host and manage their data, operations, and digital life effectively, with full data ownership.
- π€ Local AI: Build local AI agents with Terminus OS without writing code.
- π€ User-owned decentralized social media: Easily install decentralized social media apps such as Mastodon, Ghost, and WordPress on Terminus OS, allowing you to build a personal brand without the risk of being banned or paying platform commissions.
We believe the current state of the internet, where user data is centralized and exploited by monopolistic corporations, is deeply flawed. Our goal is to empower individuals with true data ownership and control.
This vision is rooted in what we call the "BEC" (Blockchain, Edge, Client) model, where applications and data reside at the edge, secrets are stored on clients, identities on blockchain. By distributing data across personal Edge nodes rather than centralized servers, Terminus OS aims to restore user sovereignty over their digital information, communications, and online activities.
As an instantiation of the BEC model, the Terminus ecosystem is composed of three integral components:
- Snowinning Protocol: A decentralized identity and reputation system that integrates decentralized identifiers (DIDs), verifiable credentials (VCs), and reputation data into blockchain smart contracts. Learn more in documentation.
- Terminus OS: An one-stop self-hosted OS running on edge devices.
- TermiPass: A comprehensive client software that operates across multiple platforms. It securely stores users' private keys and manages their identities and data across various Edge devices. Learn more in documentation.
Terminus OS offers a wide array of features designed to enhance security, ease of use, and development flexibility:
- Enterprise-grade security: Simplified network configuration using Tailscale, Headscale, Cloudflare Tunnel, and FRP.
- Secure and permissionless application ecosystem: Sandboxing ensures application isolation and security.
- Unified filesystem and database: Automated scaling, backups, and high availability.
- Single sign-on: Log in once to access all applications within Terminus OS with a shared authentication service.
- AI capabilities: Comprehensive solution for GPU management, local AI model hosting, and private knowledge bases while maintaining data privacy.
- Built-in applications: Includes file manager, sync drive, vault, reader, app market, settings, and dashboard.
- Seamless anywhere access: Access your devices from anywhere using dedicated clients for mobile, desktop, and browsers.
- Development tools: Comprehensive development tools for effortless application development and porting.
Here are some screenshots from the UI for a sneak peek:
| DesktopβAI-Powered Personal Desktop | FilesβA Secure Home to Your Data |
|---|---|
 |
 |
| Vaultβ1Password for the Web3 Era | MarketβApp Ecosystem in Your Control |
 |
 |
| WiseβYour Digital Secret Garden | SettingsβManaging Terminus Efficiently |
 |
 |
| DashboardβConstant Terminus Monitoring | ProfileβCustomized Web3 Homepage |
 |
 |
| DevboxβDeveloping, Debugging, and Deploying | ControlhubβManaging Kubernetes Clusters Easily |
 |
 |
To help you understand how Terminus OS stands out in the landscape, we've created a comparison table that highlights its features alongside those of other leading solutions in the market.
Note:
- π: Auto, indicates that the system completes the task automatically.
- β : Yes, indicates that users without a developer background can complete the setup through the product's UI prompts.
- π οΈ: Manual Configuration, indicates that even users with an engineering background need to refer to tutorials to complete the setup.
- β: No, indicates that the feature is not supported.
| Terminus OS | Synology | TrueNAS | CasaOS | Proxmox | Unraid | |
|---|---|---|---|---|---|---|
| Source Code License | Terminus License | Closed | GPL 3.0 | Apache 2.0 | MIT | Closed |
| Built On | Kubernetes | Linux | Kubernetes | Docker | LXC/VM | Docker |
| Multi-Node | β | β | β | β | π οΈ | β |
| Build-in Apps | β (Rich desktop apps) | β (Rich desktop apps) | β (CLI) | β (Simple desktop apps) | β (Dashboard) | β (Dashboard) |
| Free Domain Name | β | β | β | β | β | β |
| Auto SSL Certificate | π | β | π οΈ | π οΈ | π οΈ | π οΈ |
| Reverse Proxy | π | β | π οΈ | π οΈ | π οΈ | π οΈ |
| VPN Management | π | π οΈ | π οΈ | π οΈ | π οΈ | π οΈ |
| Graded App Entrance | π | π οΈ | π οΈ | π οΈ | π οΈ | π οΈ |
| Multi-User Management | β
User management π Resource isolation |
β
User management π οΈ Resource isolation |
β
User management π οΈ Resource isolation |
β | β
User management π οΈ Resource isolation |
β
User management π οΈ Resource isolation |
| Single Login for All Apps | π | β | β | β | β | β |
| Cross-Node Storage | π (Juicefs+ MinIO) |
β | β | β | β | β |
| Database Solution | π (Built-in cloud-native solution) | π οΈ | π οΈ | π οΈ | π οΈ | π οΈ |
| Disaster Recovery | π (MinIO's Erasure Coding) | β RAID | β RAID | β RAID | β | β Unraid Storage |
| Backup | β
App Data β User Data |
β User Data | β User Data | β User Data | β User Data | β User Data |
| App Sandboxing | β | β | β (K8S's namespace) | β | β | β |
| App Ecosystem | β (Official + third-party) | β (Majorly official apps) | β (Official + third-party submissions) | β Majorly official apps | β | β (Community app market) |
| Developer Friendly | β
IDE β CLI β SDK β Doc |
β
CLI β SDK β Doc |
β
CLI β Doc |
β
CLI β Doc |
β
SDK β Doc |
β Doc |
| Local LLM Hosting | π | π οΈ | π οΈ | π οΈ | π οΈ | π οΈ |
| Local LLM app development | π (Dify integrated) | π οΈ | π οΈ | π οΈ | π οΈ | π οΈ |
| Client Platforms | β
Android β iOS β Windows β Mac β Chrome Plugin |
β
Android β iOS |
β | β | β | β |
| Client Functionality | β (All-in-one client app) | β (14 separate client apps) | β | β | β | β |
Before you get started, make sure your hardware meet the following minimum system requirements:
-
Hardware configurations:
- CPU >= 4 Core
- RAM >= 8GB
- Free Disk >= 100GB
-
Supported systems:
Linux Version Architecture Ubuntu 24.04 x86-64, amd64 Ubuntu 22.04 x86-64, amd64 Ubuntu 20.04 x86-64, amd64 Debian 12 amd64 Debian 11 amd64
Take the following steps to install Terminus OS:
-
Install Terminus OS in your machine with the following command:
curl -fsSL https://terminus.sh | bash -For more detailed instructions, see Install Terminus OS with commands.
-
Access the URL required for Terminus OS activation in the browser, and complete the initial setups and system activation following the on-screen instructions. For more detailed instructions, see the Activation Guide.
-
Log in with the password you reset during activation and complete two-step verification on TermiPass. For more detailed instructions, see the Login Doc.
-
Back up your mnemonic phrase to ensure account and data security.
Terminus OS consists of numerous code repositories publicly available on GitHub. The current repository is responsible for the final compilation, packaging, installation, and upgrade of the OS, while specific changes mostly take place in their corresponding repositories.
The following table lists the project directories under Terminus OS and their corresponding repositories. Find the one that interests you:
Framework components
| Directory | Repository | Description |
|---|---|---|
| frameworks/app-service | https://github.com/beclab/app-service | A system framework component that provides lifecycle management and various security controls for all apps in the system. |
| frameworks/backup-server | https://github.com/beclab/backup-server | A system framework component that provides scheduled full or incremental cluster backup services. |
| frameworks/bfl | https://github.com/beclab/bfl | Backend For Launcher (BFL), a system framework component serving as the user access point and aggregating and proxying interfaces of various backend services. |
| frameworks/GPU | https://github.com/grgalex/nvshare | GPU sharing mechanism that allows multiple processes (or containers running on Kubernetes) to securely run on the same physical GPU concurrently, each having the whole GPU memory available. |
| frameworks/l4-bfl-proxy | https://github.com/beclab/l4-bfl-proxy | Layer 4 network proxy for BFL. By prereading SNI, it provides a dynamic route to pass through into the user's Ingress. |
| frameworks/osnode-init | https://github.com/beclab/osnode-init | A system framework component that initializes node data when a new node joins the cluster. |
| frameworks/system-server | https://github.com/beclab/system-server | As a part of system runtime frameworks, it provides a mechanism for security calls between apps. |
| frameworks/tapr | https://github.com/beclab/tapr | Terminus Application Runtime components. |
System-Level Applications and Services
| Directory | Repository | Description |
|---|---|---|
| apps/agent | https://github.com/beclab/dify | The LLM app development platform ported from Dify.ai, with integrations of Terminus Accounts, local knowledge base, and local models. |
| apps/analytic | https://github.com/beclab/analytic | Developed based on Umami, Analytic is a simple, fast, privacy-focused alternative to Google Analytics. |
| apps/market | https://github.com/beclab/market | This repository deploys the front-end part of the application market in Terminus OS. |
| apps/market-server | https://github.com/beclab/market | This repository deploys the back-end part of the application market in Terminus OS. |
| apps/argo | https://github.com/argoproj/argo-workflows | A workflow engine for orchestrating container execution of local recommendation algorithms. |
| apps/desktop | https://github.com/beclab/desktop | The built-in desktop application of the system. |
| apps/devbox | https://github.com/beclab/devbox | An IDE for developers to port and develop Terminus applications. |
| apps/TermiPass | https://github.com/beclab/TermiPass | A free alternative to 1Password and Bitwarden for teams and enterprises of any size Developed based on Padloc. It serves as the client that helps you manage DID, Terminus Name, and Terminus devices. |
| apps/files | https://github.com/beclab/files | A built-in file manager modified from Filebrowser, providing management of files on Drive, Sync, and various Terminus physical nodes. |
| apps/knowledgebase | https://github.com/Above-Os/knowledgebase | A built-in application that stores articles, PDFs, and eBooks collected through RSS subscriptions, TermiPass, and recommendations by local algorithms. |
| apps/mynitro | https://github.com/beclab/mynitro | A wrapper of the official Nitro project that hosts LLMs locally, specifically, provides services to Dify's agents on Terminus OS. |
| apps/notifications | https://github.com/beclab/notifications | The notifications system of Terminus OS |
| apps/profile | https://github.com/beclab/profile | Alternative to Linkertree in Terminus OS to create Web3.0 profiles for users. |
| apps/rsshub | https://github.com/beclab/rsshub | A RSS subscription manager based on RssHub. |
| apps/dify-gateway | https://github.com/beclab/dify-gateway | A gateway service that establishes the connection between Dify and other services such as Files and Agent. |
| apps/settings | https://github.com/beclab/settings | Built-in system settings. |
| apps/system-apps | https://github.com/beclab/system-apps | Built based on the kubesphere/console project, system-service provides a self-hosted cloud platform that helps users understand and control the system's runtime status and resource usage through a visual Dashboard and feature-rich ControlHub. |
| apps/wise | https://github.com/Above-Os/knowledgebase | A reader for users to read articles stored by users from RSS subscriptions, collections, and recommendation algorithms. |
| apps/wizard | https://github.com/beclab/wizard | A wizard application to walk users through the system activation process. |
Third-party Components and Services
| Directory | Repository | Description |
|---|---|---|
| third-party/authelia | https://github.com/beclab/authelia | An open-source authentication and authorization server providing two-factor authentication and single sign-on (SSO) for your applications via a web portal. |
| third-party/headscale | https://github.com/beclab/headscale | An open source, self-hosted implementation of the Tailscale control server in Terminus to manage Tailscale in TermiPass across different devices. |
| third-party/infisical | https://github.com/beclab/infisical | An open-source secret management platform that syncs secrets across your teams/infrastructure and prevents secret leaks. |
| third-party/juicefs | https://github.com/beclab/juicefs-ext | A distributed POSIX file system built on top of Redis and S3, allowing apps on different nodes to access the same data via POSIX interface. |
| third-party/ks-console | https://github.com/kubesphere/console | Kubesphere console that allows for cluster management via a Web GUI. |
| third-party/ks-installer | https://github.com/beclab/ks-installer-ext | Kubesphere installer component that automatically creates Kubesphere clusters based on cluster resource definitions. |
| third-party/kube-state-metrics | https://github.com/beclab/kube-state-metrics | kube-state-metrics (KSM) is a simple service that listens to the Kubernetes API server and generates metrics about the state of the objects. |
| third-party/notification-mananger | https://github.com/beclab/notification-manager-ext | Kubesphere's notification management component for unified management of multiple notification channels and custom aggregation of notification content. |
| third-party/predixy | https://github.com/beclab/predixy | Redis cluster proxy service that automatically identifies available nodes and adds namespace isolation. |
| third-party/redis-cluster-operator | https://github.com/beclab/redis-cluster-operator | A cloud-native tool for creating and managing Redis clusters based on Kubernetes. |
| third-party/seafile-server | https://github.com/beclab/seafile-server | The backend service of Seafile (Sync Drive) for handling data storage. |
| third-party/seahub | https://github.com/beclab/seahub | The front-end and middleware service of Seafile (Sync Drive) for handling file sharing, data synchronization, etc. |
| third-party/tailscale | https://github.com/tailscale/tailscale | Tailscale has been integrated in TermiPass of all platforms. |
Additional Libraries and Components
| Directory | Repository | Description |
|---|---|---|
| build/installer | The template for generating the installer build. | |
| build/manifest | Installation build image list template. | |
| libs/fs-lib | https://github.com/beclab/fs-lib | The SDK library for the iNotify-compatible interface implemented based on JuiceFS. |
| scripts | Assisting scripts for generating the installer build. |
We are welcoming anyways of contributions:
-
If you want to develop your own applications on Terminus OS, refer to:
https://docs.jointerminus.com/developer/develop/ -
If you want to help improve Terminus OS, refer to:
https://docs.jointerminus.com/developer/contribute/terminus-os.html
- Github Discussion. Best for sharing feedback and asking questions.
- GitHub Issues. Best for filing bugs you encounter using Terminus and submitting feature proposals.
- Discord. Best for sharing anything Terminus.
Star the Terminus OS project to receive instant notifications about new releases and updates.
The Terminus OS project has incorporated numerous third-party open source projects, including: Kubernetes, Kubesphere, Padloc, K3S, JuiceFS, MinIO, Envoy, Authelia, Infisical, Dify, Seafile,HeadScale, tailscale, Redis Operator, Nitro, RssHub, predixy, nvshare, LangChain, Quasar, TrustWallet, Restic, ZincSearch, filebrowser, lego, Velero, s3rver, Citusdata.
