1
0
Fork 0
Modular server management based on NixOS modules and focused on best practices.
Find a file
2023-02-19 20:50:39 -08:00
caddy merge config with unit for caddy 2023-02-19 20:37:52 -08:00
haproxy add resolvers to haproxy 2023-02-19 20:37:52 -08:00
jellyfin add todos for jellyfin 2023-02-19 20:37:52 -08:00
keycloak move keycloak db to consolidated location 2023-02-19 20:37:52 -08:00
keycloak-cli-config fix vaultwarden sign up process without verifying email 2023-02-19 20:37:52 -08:00
keycloak-haproxy merge config with unit for haproxy 2023-02-19 20:37:52 -08:00
nginx merge config with unit for nginx 2023-02-19 20:37:52 -08:00
oauth2-proxy fix vaultwarden sign up process without verifying email 2023-02-19 20:37:52 -08:00
php-fpm merge config with unit for php-fpm 2023-02-19 20:37:52 -08:00
postgresdb use keycloak2 as subdomain 2023-02-19 20:37:52 -08:00
ttrss use correct subdomain for keycloak 2023-02-19 20:37:52 -08:00
vaultwarden fix vaultwarden sign up process without verifying email 2023-02-19 20:37:52 -08:00
all-packages.nix move keycloak db to consolidated location 2023-02-19 20:37:52 -08:00
extra-builtins.nix add pass plugin to read secrets from password store 2023-02-19 20:37:52 -08:00
LICENSE Initial commit 2022-12-17 15:39:17 -08:00
nix-pass.sh add pass plugin to read secrets from password store 2023-02-19 20:37:52 -08:00
README.md reformat a bit the readme 2023-02-19 20:50:39 -08:00

Self Host Blocks

Building blocks for self-hosting with battery included.

SHB's (Self Host Blocks) goal is to provide a lower entry-bar for self-hosting. I intend to achieve this by providing building blocks promoting best practices to self-host a wide range of services. Also, the design will be extendable to allow users to add services not provided by SHB.

As far as features and best practices go, I intend to provide, for all services:

  • Protection and single sign-on using Keycloak, where sensible.
  • Automated backup of data and databases with Borgmatic.
  • Encrypted external backup with Rclone.
  • Central logging, monitoring and dashboards with Prometheus and Grafana.
  • Integration with external services that are hard to self-host, like email sending.
  • Deployment of every services on the same or different machines.
  • Home dashboard with Dashy.
  • Vault to store passwords and api keys using Password Store, those shouldn't be stored in config or on disk.
  • Test changes using local virtual machines to avoid botching prod.
  • Automated CI tests that can be run locally using virtual machines.

Implementation is made with the disnix suite - Disnix, Dysnomia, NixOps - built on top of the nix ecosystem.

Progress Status

Currently, this repo is WIP and the first two services I intend to provide are Tiny Tiny RSS and Vaultwarden. Vaultwarden was chosen as it's IMO the first stepping stone to enable self-hosting. Tiny Tiny RSS was chosen because it is somewhat lightweight.