|
|
@ -1,40 +1,28 @@
|
|
|
|
# *Aἰθήρ*
|
|
|
|
# *Aἰθήρ*
|
|
|
|
|
|
|
|
|
|
|
|
> [*Aither*] as a whole neither came into being nor admits of destruction, but
|
|
|
|
> [*Aither*] as a whole neither came into being nor admits of destruction,
|
|
|
|
> is one and eternal, with no end or beginning of its total duration, containing
|
|
|
|
> but is one and eternal, with no end or beginning of its total
|
|
|
|
> and embracing in itself the infinity of time ...
|
|
|
|
> duration, containing and embracing in itself the infinity of time ...
|
|
|
|
>
|
|
|
|
>
|
|
|
|
> — Aristotle, *On the Heavens* [^1]
|
|
|
|
> — Aristotle, *On the Heavens* [^1]
|
|
|
|
|
|
|
|
|
|
|
|
Aether is a fully automated web server configured via **pure** and
|
|
|
|
Aether is a fully automated web server configured via **pure** and
|
|
|
|
**declarative** package management, powered by [NixOS](https://nixos.org). This
|
|
|
|
**declarative** package management, powered by [NixOS](https://nixos.org).
|
|
|
|
allows for all aspects of the server's operation, including config files,
|
|
|
|
This allows for all aspects of the server's operation, including config files,
|
|
|
|
software dependencies, and site content to be deployed and provisioned
|
|
|
|
software dependencies, and site content to be deployed and provisioned
|
|
|
|
automatically.
|
|
|
|
automatically.
|
|
|
|
|
|
|
|
|
|
|
|
In short, it's my personal web server. It's also a NixOS codebase to support
|
|
|
|
In short, it's my personal web server.
|
|
|
|
that server, designed for generic use in other configurations.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
## Modules
|
|
|
|
## Modules
|
|
|
|
|
|
|
|
|
|
|
|
As with all good NixOS configurations, Aether is split into *modules*. Each is
|
|
|
|
As with all good NixOS configurations, Aether is split into *modules* that
|
|
|
|
stored as a subdirectory of the `modules/` directory and defines an specific
|
|
|
|
each provide different functionality. These are stored in the `modules/` directory.
|
|
|
|
function of the server.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Modules are publicly exposed by this flake as `nixosModules.<name>`, and can be
|
|
|
|
|
|
|
|
imported to activate their functionality. Any number of modules can be imported
|
|
|
|
|
|
|
|
independently, and the special `nixosModules.all` flake output can be used to
|
|
|
|
|
|
|
|
import every module at once.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Some modules have options that can be used to configure their effects. If a
|
|
|
|
|
|
|
|
module has options, they can be found in the `options.nix` file inside the
|
|
|
|
|
|
|
|
module directory. More general options used by multiple modules are documented
|
|
|
|
|
|
|
|
in `modules/options.nix`.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
### Module Checklist
|
|
|
|
### Module Checklist
|
|
|
|
|
|
|
|
|
|
|
|
- [x] `basic` - Basic Internet support
|
|
|
|
- [x] `wireless` - WiFi support
|
|
|
|
- [x] `ssh` - SSH support
|
|
|
|
- [x] `ssh` - SSH configuration
|
|
|
|
- [ ] `site` - Static site hosting
|
|
|
|
- [ ] `site` - Static site hosting
|
|
|
|
- [x] `fail2ban` - IP moderation
|
|
|
|
- [x] `fail2ban` - IP moderation
|
|
|
|
- [x] `forgejo` - Code forge
|
|
|
|
- [x] `forgejo` - Code forge
|
|
|
@ -45,29 +33,19 @@ in `modules/options.nix`.
|
|
|
|
## Deployment
|
|
|
|
## Deployment
|
|
|
|
|
|
|
|
|
|
|
|
Aether is designed to separate individual machine details from the abstract
|
|
|
|
Aether is designed to separate individual machine details from the abstract
|
|
|
|
specification of the system, allowing for its code to be used for many different
|
|
|
|
specification of the system, allowing for its code to be used for many
|
|
|
|
types of system. This is handled using *deployments* in the `deploy/` directory.
|
|
|
|
different types of system. This is handled using *deployments* in the
|
|
|
|
|
|
|
|
`deploy/` directory.
|
|
|
|
Each deployment module is exposed as `nixosModules.deploy-<name>`. Only one
|
|
|
|
|
|
|
|
deployment should be imported; if Aether detects that more than one is imported,
|
|
|
|
|
|
|
|
it will prevent the configuration from building.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Currently, I deploy Aether physically to a
|
|
|
|
Currently, I deploy Aether physically to a
|
|
|
|
[Raspberry Pi 5](https://wiki.nixos.org/wiki/NixOS_on_ARM/Raspberry_Pi_5)
|
|
|
|
[Raspberry Pi 5](https://wiki.nixos.org/wiki/NixOS_on_ARM/Raspberry_Pi_5)
|
|
|
|
running a [modified UEFI bootloader](https://github.com/worproject/rpi5-uefi)
|
|
|
|
running a [modified UEFI bootloader](https://github.com/worproject/rpi5-uefi)
|
|
|
|
to provide Linux support. The NixOS code for this can be found in
|
|
|
|
to provide Linux support. The NixOS code for this can be found in `deploy/rpi5/`.
|
|
|
|
`deploy/rpi5/`, and it is exposed as `nixosModules.deploy-rpi5`.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
> [!IMPORTANT] A complete rewrite of the deployment system using
|
|
|
|
|
|
|
|
> [NixOps 4](https://github.com/nixops4/nixops4) is planned once that project is
|
|
|
|
|
|
|
|
> stabilized. This may result in breaking changes to Aether's public interface.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
## External Usage
|
|
|
|
## External Usage
|
|
|
|
|
|
|
|
|
|
|
|
If you use NixOS and are interested in any of these modules, you can import them
|
|
|
|
If you use NixOS and are interested in any of these modules, you can import
|
|
|
|
for your own config!
|
|
|
|
them for your own config!
|
|
|
|
|
|
|
|
|
|
|
|
### Flake-Based Configuration
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Add this repository as a flake input:
|
|
|
|
Add this repository as a flake input:
|
|
|
|
|
|
|
|
|
|
|
@ -77,25 +55,13 @@ Add this repository as a flake input:
|
|
|
|
}
|
|
|
|
}
|
|
|
|
```
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
Aether's modules can then be accessed as flake outputs. In particular, the
|
|
|
|
Aether modules are then exposed under `nixosModules.<name>` and deployments
|
|
|
|
`specialArgs` parameter can be used to expose the modules in your configuration:
|
|
|
|
under `nixosModules.deploy-<name>`. You can activate a module by adding it
|
|
|
|
|
|
|
|
to your `imports`:
|
|
|
|
|
|
|
|
|
|
|
|
``` nix
|
|
|
|
``` nix
|
|
|
|
nixpkgs.lib.nixosSystem {
|
|
|
|
|
|
|
|
specialArgs = {
|
|
|
|
|
|
|
|
aether = aether.nixosModules;
|
|
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
modules = [
|
|
|
|
|
|
|
|
./config.nix
|
|
|
|
|
|
|
|
];
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
``` nix
|
|
|
|
|
|
|
|
# -- config.nix --
|
|
|
|
|
|
|
|
{ aether, ... }:
|
|
|
|
|
|
|
|
{
|
|
|
|
{
|
|
|
|
imports = with aether; [
|
|
|
|
imports = with aether.nixosModules; [
|
|
|
|
# Deployment
|
|
|
|
# Deployment
|
|
|
|
deploy-rpi5
|
|
|
|
deploy-rpi5
|
|
|
|
# Modules
|
|
|
|
# Modules
|
|
|
@ -103,13 +69,19 @@ nixpkgs.lib.nixosSystem {
|
|
|
|
ssh
|
|
|
|
ssh
|
|
|
|
];
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
|
|
# Required module option
|
|
|
|
# Required by forgejo module
|
|
|
|
aether.domain = "...";
|
|
|
|
aether.domain = "...";
|
|
|
|
}
|
|
|
|
}
|
|
|
|
```
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
For a more complete example of how to use Aether modules, my personal server
|
|
|
|
Any number of modules can be activated at once, and the special
|
|
|
|
config can be found in the `aether/` directory.
|
|
|
|
`nixosModules.aether` output can be used to refer to every module at once.
|
|
|
|
|
|
|
|
Activating more than one deployment will cause issues, so that should be
|
|
|
|
|
|
|
|
avoided.
|
|
|
|
|
|
|
|
|
|
|
|
[^1]: Adapted from
|
|
|
|
Some modules have options that can be used to configure their effects. If a
|
|
|
|
[Book II.1](http://classics.mit.edu/Aristotle/heavens.2.ii.html).
|
|
|
|
module has options, they can be found in the `options.nix` file inside the
|
|
|
|
|
|
|
|
module directory. More general options used by multiple modules are
|
|
|
|
|
|
|
|
documented in `modules/options.nix`.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
[^1]: Adapted from [Book II.1](http://classics.mit.edu/Aristotle/heavens.2.ii.html).
|
|
|
|