TaskNebula operations

Self-hosting that stays
boring on purpose.

TaskNebula's repo is Docker-first: published image, PostgreSQL 16 with pgvector, Redis 7, optional LiveKit voice rooms, optional cron sidecar, health checks, and explicit update paths.

View GitHubDocker Hub
AI off by default
30-language app shell
Docker Compose install
AGENTOWNERS governance
TaskNebula workspace home screen with dashboard and project management modules

Real product screenshot

Self-hosted project management, AI drafting, governance, and update awareness in one workspace.

Latest release

Locales

GitHub stars

License

Overview

Product surface, screenshots, release story, and project scope.

Self-hosting

Docker paths, services, production checklist, and update flow.

AI governance

BYOK AI, model profiles, AGENTOWNERS, local runners, and approvals.

Architecture

Stack, realtime, i18n, roadmap, and operating model.

Install matrix

The README separates a fresh Linux VM, local Docker Desktop demo, pinned production release, and source build. The public page should do the same instead of pretending one command fits every operator.

One-command Docker

Command

shell
curl -fsSL https://raw.githubusercontent.com/neuraparse/taskNebula/main/scripts/quickstart.sh | bash

Docker Desktop

Command

shell
curl -fsSLo compose.yml https://raw.githubusercontent.com/neuraparse/taskNebula/main/docker-compose.desktop.yml && docker compose up -d

Pinned production

Command

shell
TASKNEBULA_IMAGE=neuraparse/tasknebula:0.7.9 docker compose up -d

Source build

Command

shell
git clone https://github.com/neuraparse/taskNebula.git && cd taskNebula && docker compose up -d --build

Topology

The production Compose file keeps core services always-on and gates automation behind profiles. That reduces surprise-on services for first-time self-hosters.

Published image first

The default production path pulls neuraparse/tasknebula, while source builds stay available for teams patching the repo.

latest0.7.9source build

Localhost-bound services

The production Compose file binds database, Redis, and web ports to 127.0.0.1 by default so a reverse proxy can own the public edge.

127.0.0.1TLS proxyhealth checks

No Docker socket in web

Self-update is deliberately a signed handoff to an operator-managed updater. The app container does not need Docker socket access.

signed requestmanual fallbackoperator control

Compose dependency graph

Operating flow
1

PostgreSQL 16 + pgvector

persistent volume

2

Redis 7 with password

cache + pub/sub

3

Optional LiveKit

voice rooms

4

TaskNebula web

GET /api/health

5

Optional cron sidecar

standup/janitor/version-check

Production checklist

TaskNebula's self-host story is strongest when it says exactly what should be pinned, generated, backed up, exposed, and checked.

Image

Pin TASKNEBULA_IMAGE=neuraparse/tasknebula:0.7.9 outside quick demos.

Secrets

Generate AUTH_SECRET, REDIS_PASSWORD, and LIVEKIT_API_SECRET per install.

Network

Keep Compose ports bound to 127.0.0.1 and expose through TLS reverse proxy.

Persistence

Back up postgres_data, redis_data, and uploads_data.

Updates

Pull image, restart, then verify GET /api/health.

Automation

Enable cron only with docker compose --profile cron up -d cron.

AI

Prefer Admin -> Agent control and workspace settings over long-lived env keys.

Update flow

The app can detect Docker Hub image pushes, notify super-admins, and send an opt-in signed handoff to an external updater. Manual Docker commands remain first-class.

Pinned update command

shell
docker compose pull web && docker compose up -d
curl -fsS http://localhost:3000/api/health
Verified from docker-compose.yml, docker-compose.desktop.yml, and the README on June 23, 2026. Deploy ports stay localhost-bound by default and the web container does not receive Docker socket access.

Run it yourself

TaskNebula is positioned as the self-hostable project-management control plane for teams that want inspectable operations, not another black-box SaaS.

GitHub repositoryDocker Hub imageManaged deployment