Compared to others, its goal is to make best practices easy, be declarative, robust and fully featured.
I’m a self hosting and data sovereignty advocate and this project is my contribution to this space.
Best practices easy is made by adding a layer on top of the stock nixpkgs modules that make for example Vaultwarden easy to secure (/admin behind SSO with Authelia) and easy to backup. One doesn’t need to understand how to setup Authelia nor what folders to backup. That is taken care for you. https://shb.skarabox.com/services-vaultwarden.html
Robust thanks NixOS being a declarative OS, for example by adding a grub menu for every new deployment, making rollbacks easy. But also thanks to extensive tests that for example validates that the SSO integrations do not break on upgrades.
Fully featured because for every service it provides, it makes setting up the reverse proxy, backup, LDAP, SSO, etc. easy and importantly in a standardized way thanks to contracts I’m adding https://shb.skarabox.com/contracts.html
All of this is not meant to stay in this project though. I’m slowly working towards upstreaming everything into nixpkgs. I’m starting with upstreaming a feature that allows out of band secrets to be interpolated into config files easily https://github.com/NixOS/nixpkgs/pull/328472 I make extensive use of this is Self Host Blocks already.
Finally, I’m using this project for my home server and one in my parent’s place. So I’m using it in “prod” already.
Self Host Blocks https://github.com/ibizaman/selfhostblocks is a modular server management based on NixOS modules and focused on best practices. The manual can be found here https://shb.skarabox.com/
Compared to others, its goal is to make best practices easy, be declarative, robust and fully featured.
I’m a self hosting and data sovereignty advocate and this project is my contribution to this space.
Best practices easy is made by adding a layer on top of the stock nixpkgs modules that make for example Vaultwarden easy to secure (/admin behind SSO with Authelia) and easy to backup. One doesn’t need to understand how to setup Authelia nor what folders to backup. That is taken care for you. https://shb.skarabox.com/services-vaultwarden.html
Declarative is taken care by NixOS but it goes further than the stock nixpkgs modules. For example it installs the needed Nextcloud apps for LDAP and SSO fully unattended. https://shb.skarabox.com/services-nextcloud.html#services-ne...
Robust thanks NixOS being a declarative OS, for example by adding a grub menu for every new deployment, making rollbacks easy. But also thanks to extensive tests that for example validates that the SSO integrations do not break on upgrades.
Fully featured because for every service it provides, it makes setting up the reverse proxy, backup, LDAP, SSO, etc. easy and importantly in a standardized way thanks to contracts I’m adding https://shb.skarabox.com/contracts.html
All of this is not meant to stay in this project though. I’m slowly working towards upstreaming everything into nixpkgs. I’m starting with upstreaming a feature that allows out of band secrets to be interpolated into config files easily https://github.com/NixOS/nixpkgs/pull/328472 I make extensive use of this is Self Host Blocks already.
Finally, I’m using this project for my home server and one in my parent’s place. So I’m using it in “prod” already.