Self-Healing Home Server
Always-on infrastructure agent with SSH access — diagnose issues, restart services, and recover from common failures across your homelab.
- Tools
execmemorymemory_search- Channels
telegram- Uses
cronssh
Homelab and small-business infrastructure live in a gray zone — too much for "just SSH when something breaks", not enough to justify proper SRE. A self-healing agent watches the boring stuff (disk space, service health, backup completion), tries the obvious fixes itself (restart, prune, retry), and pings you only when human judgement is needed.
What it does
- Periodic health checks across configured servers (SSH-based)
- Auto-remediates known issues: full disk → run cleanup, dead service → restart, OOM → kill + log, expired cert → renew via certbot
- Escalates unknown failures to Telegram with full context
- Maintains a running incident log in memory
- Weekly digest: "this week I auto-recovered from N issues, escalated M"
What you'll need
- A list of servers to manage (with SSH key access from the Flowly host)
- Exec tool — built in
- Memory for incident log
- Cron for periodic checks
- An understanding of your stack so you know what "common" failure patterns look like
Setup
1. Set up SSH access
The Flowly host needs passwordless SSH to each managed server. Add
your ~/.ssh/id_ed25519.pub to each server's authorized_keys. Test
manually first: ssh user@server uptime.
2. Define the server inventory
3. Define remediation playbooks
4. Schedule health checks
5. Weekly digest
Tips
- Start with read-only. First two weeks, the agent should only diagnose and report — no auto-actions. You build trust, you see what it would have done. Then enable remediation for confirmed-safe patterns.
- Audit log everything. Every SSH command + output goes to memory. When something breaks, you can reconstruct what the agent saw and did.
- Conservative playbooks. When in doubt, escalate. A false-alarm ping costs you 30 seconds; an auto-action that destroyed data costs you a day.
- Backup first, automate second. Make sure your snapshot/backup story is solid before granting any write access.
- Don't store credentials in the agent context. SSH keys live on disk, not in prompts. Database passwords live in the apps, not in what the agent reads.
- Phone-home checks are dangerous. Don't have the agent decide "let me reboot prod to fix this." Add an explicit allow-list of reboot-allowed hosts (if any).