One-Click is your personal Linux system administration companion. A modular infrastructure automation toolkit designed for controlled, repeatable server lifecycle management. It provides a structured approach to managing Linux environments, eliminating manual repetition while maintaining full control and transparency.
Whether you're managing a single server or multiple environments, One-Click ensures your operations remain reliable, reproducible, and efficient.
Human-readable firewall rule parser and executor integrated into the One-Click. Manage firewall rules using intuitive, plain-language commands that can easily be saved, restored and deleted.
The One-Click WordPress module is a full-stack site provisioning engine, not just an installer which automates the creation of complete, isolated web application environments per domain.
The One-Click OS Reinstall module is a network-based server provisioning and recovery system that wraps an external reinstall engine (reinstall.sh) with a guided, fault-tolerant, and interactive selection layer.
One-Click Migrator enables safe, automated, and reproducible server migrations across physical machines, virtual machines, and cloud environments. It supports both full-disk cloning and incremental file synchronization.
Rule Engine is a human-readable firewall rule parser and executor integrated into the One-Click toolkit. It allows administrators to manage firewall rules using intuitive, plain-language commands, which are automatically translated into the appropriate backend commands for iptables, ip6tables and nftables.
RuleEngine supports a raw: entry mode, allowing advanced users to inject full native iptables commands directly into the execution pipeline. Raw mode bypasses natural-language parsing and sends the command straight into the normalization and execution layer.
Raw commands can be chained together as well as with human language parsed input. However, spacing rules are strict to prevent accidental fallback into human-language parsing when using raw:. Chaining can be used with any service. Ports will be mapped without further input.
Test Rules + Changes
Lockout prevention
Alias groups + rules
Security Monitoring + Audit
Active inspection, brute-force detection, protected ports, and controlled incident response built directly into Rule Engine.
Mark critical ports like SSH, MySQL, control panels, and management interfaces as sensitive so firewall changes require confirmation before execution.
Audit SSH brute-force attempts with detected usernames, attacker IP addresses, retry counts, and response history for rapid containment.
Review the combined enforcement layer from RuleEngine and Fail2Ban, including temporary blocks, permanent bans, and previous actions taken.
Create additional Fail2Ban jails with custom names, ports, retry thresholds, and ban timers for application-specific protection models.
Immediately isolate suspicious IPs using timed enforcement with duration control, ideal for live attacks without permanent policy changes.
Escalate repeat offenders into permanent bans with full audit history retained for operational review and compliance tracking.
Aliases allow administrators to group multiple IP addresses under a single logical name such as office, blacklist, or trusted-admins. Instead of repeating IPs across rules, you reference the alias directly—making firewall policies easier to read, safer to maintain, and faster to deploy.
Initial run creates a full snapshot. Subsequent backups transfer only changed files while unchanged files are referenced using hard links. Deleted files remain available in previous snapshots.
Supports single file restore, full directory recovery, complete system restore, and bare-metal recovery scenarios.
Local disk, SSH remote servers, cloud providers via rclone, mounted network storage, and external disks are all supported.
Remote backups use SSH encryption. Cloud backups rely on provider encryption. Authentication is handled via SSH keys or rclone configuration.
rsync for local operations, SSH access for remote, rclone for cloud integration, and filesystems supporting permissions and hard links.
Bandwidth-efficient transfers make it suitable for constrained environments while maintaining fast recovery performance.
Automatic Nginx or Apache virtual host generation ensures each domain remains operationally independent and easy to maintain.
Unique databases and credentials are created automatically per deployment with enforced complexity validation and safer credential handling.
CPU and memory isolation per domain using systemd slices prevents service abuse and improves long-term infrastructure stability.
Provision a complete new WordPress instance
SSL issuance and HTTPS migration
Local + remote backup and restore profiles
Deterministic filesystem structure per domain
Let us handle the backend engineering so your business can scale without operational risk.
Book Consultation