toki/aether
1
0
Fork 0
Code Issues Pull requests Activity

Compare commits

base: toki:8ef4845300d07c6ea7aa7bbc5903f29ae1465afc
Branches Tags
toki:main
..
compare: toki:f178336dd80f5ce45edcf945935e9c364ee865a6
Branches Tags
toki:main

No commits in common. "8ef4845300d07c6ea7aa7bbc5903f29ae1465afc" and "f178336dd80f5ce45edcf945935e9c364ee865a6" have entirely different histories.
8ef4845300 ... f178336dd8

5 changed files with 33 additions and 63 deletions
Show stats Expand all files Collapse all files

90
README.md
View file

@ -1,40 +1,28 @@
# *Aἰθήρ* # *Aἰθήρ*
> [*Aither*] as a whole neither came into being nor admits of destruction, but > [*Aither*] as a whole neither came into being nor admits of destruction,
> is one and eternal, with no end or beginning of its total duration, containing > but is one and eternal, with no end or beginning of its total
> and embracing in itself the infinity of time ... > duration, containing and embracing in itself the infinity of time ...
> >
> — Aristotle, *On the Heavens* [^1] > — Aristotle, *On the Heavens* [^1]
Aether is a fully automated web server configured via **pure** and Aether is a fully automated web server configured via **pure** and
**declarative** package management, powered by [NixOS](https://nixos.org). This **declarative** package management, powered by [NixOS](https://nixos.org).
allows for all aspects of the server's operation, including config files, This allows for all aspects of the server's operation, including config files,
software dependencies, and site content to be deployed and provisioned software dependencies, and site content to be deployed and provisioned
automatically. automatically.
In short, it's my personal web server. It's also a NixOS codebase to support In short, it's my personal web server.
that server, designed for generic use in other configurations.
## Modules ## Modules
As with all good NixOS configurations, Aether is split into *modules*. Each is As with all good NixOS configurations, Aether is split into *modules* that
stored as a subdirectory of the `modules/` directory and defines an specific each provide different functionality. These are stored in the `modules/` directory.
function of the server.
Modules are publicly exposed by this flake as `nixosModules.<name>`, and can be
imported to activate their functionality. Any number of modules can be imported
independently, and the special `nixosModules.all` flake output can be used to
import every module at once.
Some modules have options that can be used to configure their effects. If a
module has options, they can be found in the `options.nix` file inside the
module directory. More general options used by multiple modules are documented
in `modules/options.nix`.
### Module Checklist ### Module Checklist
- [x] `basic` - Basic Internet support - [x] `wireless` - WiFi support
- [x] `ssh` - SSH support - [x] `ssh` - SSH configuration
- [ ] `site` - Static site hosting - [ ] `site` - Static site hosting
- [x] `fail2ban` - IP moderation - [x] `fail2ban` - IP moderation
- [x] `forgejo` - Code forge - [x] `forgejo` - Code forge
@ -45,29 +33,19 @@ in `modules/options.nix`.
## Deployment ## Deployment
Aether is designed to separate individual machine details from the abstract Aether is designed to separate individual machine details from the abstract
specification of the system, allowing for its code to be used for many different specification of the system, allowing for its code to be used for many
types of system. This is handled using *deployments* in the `deploy/` directory. different types of system. This is handled using *deployments* in the
`deploy/` directory.
Each deployment module is exposed as `nixosModules.deploy-<name>`. Only one
deployment should be imported; if Aether detects that more than one is imported,
it will prevent the configuration from building.
Currently, I deploy Aether physically to a Currently, I deploy Aether physically to a
[Raspberry Pi 5](https://wiki.nixos.org/wiki/NixOS_on_ARM/Raspberry_Pi_5) [Raspberry Pi 5](https://wiki.nixos.org/wiki/NixOS_on_ARM/Raspberry_Pi_5)
running a [modified UEFI bootloader](https://github.com/worproject/rpi5-uefi) running a [modified UEFI bootloader](https://github.com/worproject/rpi5-uefi)
to provide Linux support. The NixOS code for this can be found in to provide Linux support. The NixOS code for this can be found in `deploy/rpi5/`.
`deploy/rpi5/`, and it is exposed as `nixosModules.deploy-rpi5`.
> [!IMPORTANT] A complete rewrite of the deployment system using
> [NixOps 4](https://github.com/nixops4/nixops4) is planned once that project is
> stabilized. This may result in breaking changes to Aether's public interface.
## External Usage ## External Usage
If you use NixOS and are interested in any of these modules, you can import them If you use NixOS and are interested in any of these modules, you can import
for your own config! them for your own config!
### Flake-Based Configuration
Add this repository as a flake input: Add this repository as a flake input:
@ -77,25 +55,13 @@ Add this repository as a flake input:
} }
``` ```
Aether's modules can then be accessed as flake outputs. In particular, the Aether modules are then exposed under `nixosModules.<name>` and deployments
`specialArgs` parameter can be used to expose the modules in your configuration: under `nixosModules.deploy-<name>`. You can activate a module by adding it
to your `imports`:
``` nix ``` nix
nixpkgs.lib.nixosSystem {
specialArgs = {
aether = aether.nixosModules;
};
modules = [
./config.nix
];
}
```
``` nix
# -- config.nix --
{ aether, ... }:
{ {
imports = with aether; [ imports = with aether.nixosModules; [
# Deployment # Deployment
deploy-rpi5 deploy-rpi5
# Modules # Modules
@ -103,13 +69,19 @@ nixpkgs.lib.nixosSystem {
ssh ssh
]; ];
# Required module option # Required by forgejo module
aether.domain = "..."; aether.domain = "...";
} }
``` ```
For a more complete example of how to use Aether modules, my personal server Any number of modules can be activated at once, and the special
config can be found in the `aether/` directory. `nixosModules.aether` output can be used to refer to every module at once.
Activating more than one deployment will cause issues, so that should be
avoided.
[^1]: Adapted from Some modules have options that can be used to configure their effects. If a
[Book II.1](http://classics.mit.edu/Aristotle/heavens.2.ii.html). module has options, they can be found in the `options.nix` file inside the
module directory. More general options used by multiple modules are
documented in `modules/options.nix`.
[^1]: Adapted from [Book II.1](http://classics.mit.edu/Aristotle/heavens.2.ii.html).

2
aether/config.nix
View file

@ -23,7 +23,7 @@
# Aether modules # Aether modules
imports = [ imports = [
aether.all aether.aether
aether.deploy-rpi5 aether.deploy-rpi5
]; ];

2
flake.nix
View file

@ -27,7 +27,7 @@ outputs = inputs@{ self, nixpkgs, agenix, rpi5-kernel, ... }:
nixosModules = nixosModules =
modules modules
// { // {
all.imports = lib.attrValues modules; aether.imports = lib.attrValues modules;
deploy-rpi5 = { deploy-rpi5 = {
imports = [ ./deploy/rpi5 ]; imports = [ ./deploy/rpi5 ];
aether.deploy.rpi5.kernelPackages = aether.deploy.rpi5.kernelPackages =

2
modules/forgejo/options.nix
View file

@ -1,13 +1,11 @@
args@{ config, lib, ... }: args@{ config, lib, ... }:
{ {
options.aether = { options.aether = {
# Referenced general options
inherit (import ../options.nix args) inherit (import ../options.nix args)
domain domain
https https
acmeEmail; acmeEmail;
# Module-specific options
forgejo = { forgejo = {
subdomain = lib.mkOption { subdomain = lib.mkOption {
type = lib.types.nullOr lib.types.str; type = lib.types.nullOr lib.types.str;

0
modules/basic/default.nix → modules/wireless/default.nix
View file