mentholmike / wagmios

Wagmios Give your agent a homelab **WAGMIOS** is a self-hosted Docker management platform built native for **OpenClaw agents**. Give your agent a scoped API key and it can manage your homelab -- install apps, start/stop containers, pull images -- with every action visible and auditable. Scope = permission. No sudo, no daemon access, just the exact access you grant. > **Think of it as your homelab's command center.** Built for folks who want the power of Docker without memorizing every CLI flag. --- ✨ What It Does • WAGMIOS Marketplace -- Install 34+ self-hosted apps in seconds. Plex, Jellyfin, Ollama, Home Assistant, and more. • Container Management -- List, create, start, stop, restart, and delete containers through a clean REST API. • Scope-Based Permissions -- Give AI agents exactly the permissions they need. Nothing blanket. If the key doesn't have , the agent can't delete anything. • OpenClaw-Native -- Built for OpenClaw agents. Every action is visible and auditable. • Real-Time Activity -- WebSocket-powered activity feed shows you everything happening in your homelab. --- 🏃 Quick Start Option 1 -- Pull from Docker Hub (Recommended) No build step. Images are pre-built for both x86_64 and ARM64. Option 2 -- Build from Source Clone the repo and build locally with Docker. > **Note:** Building from source requires Docker on your machine. On ARM64 (Apple Silicon, ARM Linux) no extra setup is needed -- the images build for both architectures automatically. • Open the UI • Frontend -- http://localhost:5174 • Backend API -- http://localhost:5179 • Health -- http://localhost:5179/health • Get Your API Key On first launch, the Setup Wizard walks you through: • Name your API key (e.g. , ) • Pick the permissions you want to grant • Copy your key and keep it safe --- 🔑 The Scope System Explained Every WAGMIOS API key has **scopes** -- granular permissions that control exactly what an agent can do. **The rule is simple:** if the key doesn't have the scope, the API returns . The agent can't work around it. --- 🌐 Multi-Machine Management WAGMIOS isn't just for one machine. Because the API is standard HTTP with an header, any OpenClaw agent that can reach your backend's port can manage that machine's Docker host -- from anywhere. **The model is simple:** one agent, many machines, each with its own scoped key. How It Works • Install WAGMIOS on each machine you want to manage • Each instance gets its own URL and its own set of API keys • Your agent holds one key per machine, each with only the scopes that machine needs • The agent can't cross machines, can't escalate its own permissions, and every action is logged in each instance's activity feed > **Each WAGMIOS instance is fully independent.** There is no shared state, no cluster, no sync between instances. Each deployment is standalone. One Agent. Multiple Machines **Example dialogue:** > **User:** "Install Jellyfin on the media server and make sure Nginx is running on the NAS." Skill Setup Give your agent one key per machine, label them clearly. Each key lives in your agent's skill config: The agent knows which URL to hit for which machine -- and the scope system ensures it can only do what you've explicitly allowed on each one. Security: Network Exposure WAGMIOS binds to all interfaces ( ) by default. That's fine on a trusted LAN -- but if you're exposing it beyond your local network, follow these steps first: • Local LAN only -- No extra steps. Keep port 5179 firewalled from the internet. • Internet / VPN -- Put a reverse proxy in front and terminate TLS there. Never send API keys over plain HTTP outside your LAN. **Treat your WAGMIOS API key like an SSH key.** Over a trusted LAN it's fine. Over the open internet, always use TLS. **Caddy (automatic HTTPS):** **Nginx:** --- 🤖 For AI Agents WAGMIOS is designed to be controlled by AI agents through its API. **Example dialogue:** **What agents can do with WAGMIOS:** • Install and manage apps from the marketplace • Start/stop containers based on your requests • Monitor your homelab's status • Pull Docker images **What agents should only do through WAGMIOS:** • Access Docker (the skill makes every action visible and auditable) • Escalate their own permissions • Delete system containers (wagmios-backend, wagmios-frontend) • Read/write files outside the containers directory --- 🏪 WAGMIOS Marketplace Browse 34+ pre-configured apps at marketplace.wagmilabs.fun or directly in the app. Media & Entertainment • Plex -- Port 32400. Stream movies, TV, music to any device • Jellyfin -- Port 8096. Free, open-source media server • Immich -- Port 2283. Self-hosted photo backup from your phone Home Automation • Home Assistant -- Port 8123. Open source smart home platform AI & Local Models • Ollama -- Port 11434. Run LLaMA, Mistral, and other open-source AI models locally • Open WebUI -- Port 8080. Chat interface for Ollama ###arr Stack • Sonarr -- Port 8989. Automatically download TV shows • Radarr -- Port 7878. Automatically download movies • Prowlarr -- Port 9696. Manage all your torrent indexers in one place Monitoring • Uptime Kuma -- Port 3001. Beautiful server monitoring dashboard • Grafana -- Port 3000. Visualize metrics and logs • Prometheus -- Port 9090. Time series database for metrics Security • Vaultwarden -- Port 80. Self-hosted Bitwarden password manager Networking • Nginx -- Port 80. Web server and reverse proxy • Pi-hole -- Port 80. Block ads network-wide • AdGuard Home -- Port 3000. DNS-level ad blocking • WireGuard -- Port 51820. Fast, modern VPN | And More Transmission, qBittorrent, Nextcloud, Filebrowser, Minecraft, n8n, RSSHub, and more. --- 🛠️ API Reference **Base URL:** **Auth:** All requests require the header. Containers • List -- -- requires • Logs -- -- requires • Start -- -- requires • Stop -- -- requires • Restart -- -- requires • Delete -- -- requires Images • List -- -- requires • Pull -- -- requires • Delete -- -- requires…