nexum turns your pile of servers (bare-metal or Proxmox) into one tidy, self-service compute platform. Invite people, set quotas, hand out access, and stop babysitting SSH keys by hand. No public IPs, no shared root passwords, no spreadsheet titled "who has the good GPU".
An admin sets the rules once. From then on, access is self-service, and always revocable.
Admin invites a person by email. They set a password and upload an SSH key, that's the only credential that ever matters.
Admin picks an Environment (a policy: GPU isolation mode, quotas, expiry) and hands it out, to one node or dynamically across a pool.
nexum generates a ready-to-use SSH config or a NetBird peer key. No public IP on the node, no manual firewall rules.
The agent on each node applies the policy in real time, cgroups, MIG partitions, or full container isolation, and revokes instantly on expiry.
Everything you'd otherwise stitch together yourself, user management, GPU isolation, tunneling, in one small, self-hosted binary + dashboard.
From soft visibility limits to hardware-level NVIDIA MIG partitions or full per-session containers, pick the trust level per Environment.
Nodes stay off the internet. SSH ProxyJump or a NetBird mesh does the tunneling, pluggable, swap providers per Environment.
Admin approves every account. Access to compute is always mapped to a real, revocable identity, no shared logins.
Assign a GPU pool and let nexum pick the free node, or pin someone to specific hardware, CPU/RAM always travel with the GPU.
Talks directly to the Proxmox VE API, spin up per-user VMs/LXCs with GPU passthrough, or manage bare-metal SSH access, side by side.
An internal CA issues every agent its own certificate. Every heartbeat and policy push is mutually authenticated, no shared secrets.
Sets CUDA_VISIBLE_DEVICES per session. Fast to set up, best for trusted lab environments.
Hard CPU/RAM limits via cgroup v2, plus GPU masking at the login session, blocks accidental overreach.
Real hardware isolation: the GPU is split into independent instances at the silicon level.
The full session runs inside Docker with GPU passthrough, isolated CPU, RAM, and filesystem too.
A Python control plane holds the dashboard and policy; a tiny Go agent runs on each node and only calls home, nothing needs to be reachable from outside.
Everything below runs on your own server. No account with us, no data leaving your infrastructure.
# download the latest release and start the stack wget https://github.com/cikubo/nexum/releases/latest/download/nexum-release.tar.gz tar xzf nexum-release.tar.gz && cd nexum cp docker/.env.example docker/.env # set DB password, JWT secret, SMTP docker compose -f docker/docker-compose.yml up -d
# visit your domain, nexum detects there's no admin yet # and shows a setup wizard to create the first account open https://your-nexum-host/
# dashboard → Nodes → + Add node → copy the generated command, run it on the node curl -fsSL https://your-nexum-host/install-agent.sh | sudo bash -s -- \ --node-id 3afc8d3b-... --token h4nQWZ6WhM... \ --control-plane https://your-nexum-host
Self-hosted via Docker Compose. Download the latest release, no source access needed.