The warden of your servers โ status, resources, cost/expiry and security of Linux hosts over SSH.
Project description
Vordr ๐บ
In Norse lore, the Vรถrรฐr is the guardian spirit that follows each person from birth to death, watching without rest. Here, Vordr stands guard over your servers.
Vordr is a CLI that watches your Linux hosts over SSH and answers, in one place, the questions that matter day to day:
- Are they up? โ state, uptime, load, RAM, disk and containers for every host.
- Will I be charged? โ how long you've hosted each one, when the server renews and when the domain expires, and how much you spend per month. The feature that prevents the surprise charge.
- Are they secure? โ failed logins, listening ports, fail2ban, pending updates and reboot-required.
No agents installed on the servers, no database, no secrets in the code: Vordr only
needs your ~/.ssh/config.
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Vordr ยท server status โ
โโโโโโโโโโโโโฌโโโโโโโโโโโฌโโโโโโโโโโฌโโโโโโโฌโโโโโโฌโโโโโโโโฌโโโโโโโโโฌโโโโโโโโโโค
โ host โ state โ uptime โ load โ ram โ disk โ docker โ expires โ
โโโโโโโโโโโโโผโโโโโโโโโโโผโโโโโโโโโโผโโโโโโโผโโโโโโผโโโโโโโโผโโโโโโโโโผโโโโโโโโโโค
โ web โ โ online โ 2w 5d โ 0.28 โ 32% โ 22% โ 5/6 โ 53d โ
โ db โ โ online โ 4w 4d โ 0.04 โ 18% โ 62% โ 6/6 โ 6d โ โ
โโโโโโโโโโโโโดโโโโโโโโโโโดโโโโโโโโโโดโโโโโโโดโโโโโโดโโโโโโโโดโโโโโโโโโดโโโโโโโโโโ
Why it exists
Anyone running a few servers ends up collecting loose commands and repeated logins to answer simple questions. Vordr folds that into a single layer that:
- looks at all hosts at once, with comparable metrics colored by threshold (load per CPU, disk/RAM %);
- warns before a renewal charges again;
- gives a quick security audit without logging into each machine.
Vordr collects metrics via small sh scripts that emit KEY=value (stable and
testable) instead of parsing fragile colored output โ but it still offers a --raw
mode that reproduces the native output of a status_command of yours, when you set one.
Install
Requires Python 3.11+ and the ssh client configured with the hosts you want to watch.
pipx install vordr # recommended (isolated tool on PATH)
# or, for development:
pip install -e ".[dev]"
Quick start (just a token)
For cost and billing you don't need to configure anything: give a provider token and Vordr discovers your account's servers on its own.
vordr secret set hetzner # or: vordr secret set vultr
vordr cost # lists the account's servers, with cost and age
vordr billing # balance/credit and next charge
The config.toml is optional and only covers what the API can't know: a nice label,
the SSH alias (for status/resources/security) or a pinned price that differs
from the list price (promo/legacy). What you write in the config always wins over the API.
Configuration (optional)
Hosts are aliases from your ~/.ssh/config โ no IP, user or key is stored by Vordr.
Each host has two lifecycle blocks: [hosts.X.server] (the hosting) and
[hosts.X.domain] (the domain) โ both with all-optional fields, filled from the
API/RDAP when you leave them blank.
vordr init # wizard: imports servers from the API and maps SSH aliases
In a terminal, vordr init is a wizard: with a saved token, it lists the account's
servers, suggests the SSH alias for each (reading your ~/.ssh/config) and asks whether
there's a fixed price to pin โ generating the config without you writing TOML. In a
pipe/CI, or without a token, it writes a commented template.
If a server has no SSH alias (you leave it blank, or write ssh = ""), it becomes
billing-only: it shows in cost/billing, but status/resources/security
ignore it (with a warning), since there's no way to contact it.
[thresholds]
warn_days = 14
critical_days = 7
[hosts.web]
ssh = "web" # alias in ~/.ssh/config
label = "Web"
# status_command = "my-status" # optional: your script for `vordr status --raw`
[hosts.web.server] # the hosting
provider = "Hetzner"
since = "2024-03-01" # since when you've hosted (hosting age)
expires = "2026-08-15" # YYYY-MM-DD โ next server renewal
cost = 6.99
currency = "USD"
cycle = "monthly" # monthly | yearly
[hosts.web.domain] # the domain (optional)
name = "web.example.com"
registrar = "Cloudflare"
expires = "2027-03-01"
cost = 12.00
currency = "USD"
cycle = "yearly"
Vordr ships no hosts. Without a config and without a token, the commands just point
you to the next step (vordr secret set or vordr init). The SSH-based commands
(status, resources, security) need the aliases in the config; cost and billing
work with just the token.
Usage
vordr status # board of all hosts
vordr status web # a single host
vordr status --watch 5 # refresh every 5s (full screen)
vordr status --raw # host's native status_command output
vordr resources # CPU/load, memory and disk in detail
vordr security # audit: logins, failures, ports, fail2ban, updates
vordr cost # table: hosting, server/domain renewal, cost/mo
vordr cost web # detailed lifecycle panel for one host
vordr cost --offline # no network: uses only the config
vordr billing # balance/credit and next charge per provider
vordr hosts # lists what's configured
vordr secret set hetzner # stores the API token (chmod 600, outside the repo)
vordr secret status # shows which providers have a token (masked)
All colors follow thresholds: green (ok), yellow (attention), red (critical) โ for disk/RAM, load per CPU and days until the charge.
cost automation (no typing dates)
cost fills in what you didn't provide โ and the config value always wins (handy
for promo/legacy prices):
- Domain: give just
namein[hosts.X.domain]and the expiry comes from RDAP (public, no credential), cached in~/.cache/vordr/rdap.json. - Server: with
provider = "Hetzner"or"Vultr"and a token configured, thesince(creation date) and the monthly cost come from the provider's API.
Supported providers: Hetzner (HCLOUD_TOKEN) and Vultr (VULTR_API_KEY).
Tokens never live in the repository: they're read from an environment variable or from
~/.config/vordr/secrets.toml (chmod 600, in .gitignore), with env taking precedence.
Configure with vordr secret set <provider>. Values coming from the network are tagged
with (API) / (RDAP).
โ ๏ธ The API price is the list price of the type/plan โ if your account has a promo/locked value, set
costin the config (it wins). The Vultr API uses an IP allowlist and the token is full-access (there's no read-only): guard it well.
Balance and next charge (vordr billing)
With a token configured, vordr billing answers when and from where the charge
comes โ each provider has a model:
- Prepaid (e.g. Vultr): shows credit, the cycle's pending usage and the
runway โ how many days the balance still covers (summing the account's server
costs) and the date it runs out. Useful when running on a bonus/credit: the card is
only charged once the balance hits zero. A summary of that line also appears in the
footer of
vordr cost. - Postpaid (e.g. Hetzner): the Cloud API doesn't expose a balance;
billingshows the next charge date (1st of the next month) and the estimated monthly cost.
How it works
| Layer | File | Responsibility |
|---|---|---|
| SSH transport | src/vordr/ssh.py |
Runs remote commands (BatchMode, timeout). |
| Metric probe | src/vordr/probe.py |
sh scripts โ KEY=value โ dataclasses. |
| Configuration | src/vordr/config.py |
Reads the TOML; days/cost computation. |
| Domain expiry | src/vordr/rdap.py |
Public RDAP + on-disk cache (no credential). |
| Provider API | src/vordr/hetzner.py, src/vordr/vultr.py |
Read-only clients (since, price, balance). |
| Secrets | src/vordr/secrets.py |
Tokens outside the repo (env > chmod-600 file). |
| Formatting | src/vordr/format.py |
Pure functions (uptime, bytes, color thresholds). |
| CLI | src/vordr/cli.py |
Typer + Rich; orchestrates everything in parallel. |
Hosts are queried in parallel (ThreadPoolExecutor), so watching 2 or 10 servers
takes essentially the same time.
Secure by design
- Read-only: Vordr only runs read commands (
/proc,df,ss,last, โฆ). - No secrets in the repository: hosts are SSH aliases; the real
config.tomlstays out of version control (see.gitignore). - No interactive
sudo: privileged checks usesudo -n(non-interactive) and degrade gracefully when there's no permission โ they never block the terminal. BatchMode: if the key isn't available, it fails fast instead of prompting for a password.
Development
pip install -e ".[dev]"
ruff check .
pytest
The tests never touch the network: the SSH layer is injected (monkeypatch) and the
parsing/formatting logic is tested against real samples of server output.
License
MIT โ see LICENSE.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file vordr-0.6.0.tar.gz.
File metadata
- Download URL: vordr-0.6.0.tar.gz
- Upload date:
- Size: 39.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
640e9643850d015d794f43098953c06b400c394c8dfdaf9ef6273d56bfb49a46
|
|
| MD5 |
9e6414804e01d2a7e6a6e39aca783427
|
|
| BLAKE2b-256 |
d408b85fd9060c1e336f11603662c1d66e9bfc0804b37385e5dd6b3006ce1931
|
Provenance
The following attestation bundles were made for vordr-0.6.0.tar.gz:
Publisher:
publish.yml on gusta-ve/vordr
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
vordr-0.6.0.tar.gz -
Subject digest:
640e9643850d015d794f43098953c06b400c394c8dfdaf9ef6273d56bfb49a46 - Sigstore transparency entry: 1958342242
- Sigstore integration time:
-
Permalink:
gusta-ve/vordr@e7cf4a89919669ec51a27106149ac931c47d483d -
Branch / Tag:
refs/tags/v0.6.0 - Owner: https://github.com/gusta-ve
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@e7cf4a89919669ec51a27106149ac931c47d483d -
Trigger Event:
push
-
Statement type:
File details
Details for the file vordr-0.6.0-py3-none-any.whl.
File metadata
- Download URL: vordr-0.6.0-py3-none-any.whl
- Upload date:
- Size: 34.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c9e0cbe6d042f335a12db63853360f447df7fd4f5591fec59a82e648072bfae0
|
|
| MD5 |
6188207c76f5ebca06ab2400c8f9f9a9
|
|
| BLAKE2b-256 |
7ebe91e539040d40d1f09d3ebea1bf7eafd6f342b0e473d29c38faab3e68eed0
|
Provenance
The following attestation bundles were made for vordr-0.6.0-py3-none-any.whl:
Publisher:
publish.yml on gusta-ve/vordr
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
vordr-0.6.0-py3-none-any.whl -
Subject digest:
c9e0cbe6d042f335a12db63853360f447df7fd4f5591fec59a82e648072bfae0 - Sigstore transparency entry: 1958342596
- Sigstore integration time:
-
Permalink:
gusta-ve/vordr@e7cf4a89919669ec51a27106149ac931c47d483d -
Branch / Tag:
refs/tags/v0.6.0 - Owner: https://github.com/gusta-ve
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@e7cf4a89919669ec51a27106149ac931c47d483d -
Trigger Event:
push
-
Statement type: