Solo-engineer-stack as code: Vercel + Supabase + Cloudflare + DigitalOcean in one Terraform repo.
Built by Sarma Linux.
The four services I use most as a solo engineer in 2026, fully described in Terraform. Run terraform apply and you have:
- A Next.js Vercel project linked to a GitHub repo
- A Supabase project with environment variables wired into Vercel
- A Cloudflare zone with DNS records, R2 bucket, and Workers KV namespace
- A DigitalOcean droplet running a worker, with monitoring on
All in one apply. Tear down with one destroy. Reproducible across personal projects, client work, demo environments.
graph LR
GH[GitHub repo] --> V[Vercel project]
V --> S[Supabase project]
V --> CF[Cloudflare zone]
V --> DO[DigitalOcean droplet]
CF --> R2[R2 bucket]
CF --> KV[Workers KV]
DO --> Mon[DO Monitoring]
classDef cloud fill:#a78bfa,stroke:#a78bfa,color:#fff
class V,S,CF,DO cloud
git clone https://github.com/sarmakska/terraform-stack.git
cd terraform-stack
cp terraform.tfvars.example terraform.tfvars
# Edit terraform.tfvars with your credentials
terraform init
terraform plan
terraform apply# terraform.tfvars
project_name = "my-app"
domain = "example.com"
github_repo = "you/my-app"
vercel_api_token = "..."
supabase_access_token = "..."
cloudflare_api_token = "..."
digitalocean_token = "..."API tokens are scoped: each provider gets only the permissions it needs.
modules/vercel— project, env vars, custom domain, deployment hooksmodules/supabase— project, database password, JWT secret rotationmodules/cloudflare— zone, DNS, R2 bucket, Workers KV namespacemodules/digitalocean— droplet (Hetzner-equivalent if you swap providers), DO monitoring
Each module is independent. Use only the ones you need:
module "vercel" {
source = "./modules/vercel"
...
}
# Skip the others if you only want Vercel- Multi-environment management (use Terraform workspaces or Terragrunt for that)
- A replacement for Pulumi/CDK if you prefer those
- Production-ready out of the box for high-compliance environments (you will need to harden it)
- Free of opinions: it picks specific regions, SKUs, and config patterns
- Vercel module (project, env, domain)
- Supabase module (project, secrets)
- Cloudflare module (zone, R2, KV)
- DigitalOcean module (droplet, monitoring)
- AWS module (EC2, RDS, S3) for those who insist
- GCP module (Cloud Run, Cloud SQL, GCS)
- Hetzner Cloud module
- Tailscale module for secure private networking
- Outputs for CI/CD: GitHub Actions secrets
MIT.
Built by Sarma Linux.
Part of a portfolio of twelve production-shaped open-source repositories built and maintained by Sarma.
| Repository | What it is |
|---|---|
| Sarmalink-ai | Multi-provider OpenAI-compatible AI gateway with 14-engine failover and intent-based plugin auto-routing |
| agent-orchestrator | Durable multi-agent workflows in TypeScript with deterministic replay and Inspector UI |
| voice-agent-starter | Sub-second full-duplex voice agent loop. WebRTC, mediasoup, pluggable STT / LLM / TTS |
| ai-eval-runner | Evals as code. Python, DuckDB, FastAPI viewer, regression mode for CI |
| mcp-server-toolkit | Production Model Context Protocol server starter (Python / FastAPI) |
| local-llm-router | OpenAI-compatible proxy that routes to Ollama or cloud providers based on policy |
| rag-over-pdf | Minimal end-to-end RAG starter for PDF corpora |
| receipt-scanner | Vision OCR for receipts with Zod-validated JSON output |
| webhook-to-email | Webhook receiver that forwards events to email via Resend |
| k8s-ops-toolkit | Helm chart for shipping Next.js to Kubernetes with full observability stack |
| terraform-stack | Vercel + Supabase + Cloudflare + DigitalOcean modules in one Terraform repo |
| staff-portal | Open-source HR / ops portal — leave, attendance, expenses, kiosk mode |
Engineering essays at sarmalinux.com/blog · All projects at sarmalinux.com/open-source