Kubernetes and GCP support are currently in early access. To get on the list, book a demo call with the Tembo team: Book a Demo
How it works
The self-hosted stack is a NixOS-based machine image with all services pre-configured. You launch an instance from a Tembo-provided image (AMI, VHD, etc.), run a web-based installer, and configure a single JSON file. No OS setup or image building is required on your end. NixOS gives you atomic updates with automatic rollback — upgrades either succeed completely or roll back to the previous working state. A standard deployment runs these core services, all behind nginx on port 80:| Service | Description |
|---|---|
| Web app | Next.js frontend for the user interface |
| API | REST API for product workflows, auth, and orchestration |
| Agent workers | Configurable workers (default 8) that handle sessions, code execution, and database operations in isolated sandboxes |
| Cron | Scheduled jobs, kicked off from Tembo’s Agents feature or via tool calls from coding agents |
| Admin UI | Administrative dashboard for system management |
| PostgreSQL 16 | Application database (and the job queue) — runs locally or can point to an external instance using your own connection string |
| Redis | Caching |
| Prometheus | Metrics collection and monitoring (optional) |
Web-based installer
Every deployment ships with a built-in installer at/installer/. On first boot, it walks you through setup — configuring services, setting your license key, and tuning options like the number of agent workers. No Nix knowledge is required.
For releases and updates, Tembo can manage them for you, or your team can manually opt in to changes through the installer UI.
How updates are delivered
Updates are pull-based. Your instance checks for new releases by calling Tembo’s release endpoint over outbound HTTPS, authenticated with your license key, then downloads the packaged release. Tembo never connects inbound to your environment to push updates. Because the stack is NixOS-based, updates apply atomically and roll back automatically if they fail. You choose how updates are applied:- Self-service: your team opts in to a new release through the installer UI, on your own schedule.
- Managed (optional): if you would rather Tembo run updates for you, we can do so as an optional service using access you explicitly grant. Contact your Tembo account team to set this up.
What you manage
You manage the infrastructure, networking, secrets, backups, and day-to-day operations of the environment. Tembo provides the application release, deployment guidance, and support for upgrades. You can also work with the Tembo team more directly through support packages, including optional FDE support for features specific to your team. If you want help operating the VM layer, the Tembo team can help manage your VMs and stay ahead of scaling, availability, and downtime risks as usage grows.Security and networking
Self-hosted is designed for teams that want Tembo inside a private cloud, dedicated network, or on-prem environment.- You control ingress, DNS, TLS, and firewall policy
- Application data and runtime configuration stay in your environment
- Outbound access can be limited to the systems Tembo needs to reach, such as git providers, model endpoints, or internal services
- Upgrades happen on your schedule
Who it is for
- Teams that need Tembo inside infrastructure they control
- Organizations with security or compliance requirements around source code, credentials, or runtime data
- Companies that want a simple single-instance deployment, with the option to use an external Postgres database
- Buyers who want a predictable, customer-managed upgrade process