Home

Awesome

GitHub Release GitHub commits since latest release (branch) GitHub commit activity (branch) GitHub Issues or Pull Requests GitHub Issues or Pull Requests GitHub Issues or Pull Requests GitHub Issues or Pull Requests

Documentation Tests Demo Matrix

<hr />

Self Host Blocks

Modular server management based on NixOS modules and focused on best practices.

SHB (Self Host Blocks) is yet another server management tool that is not like the other server management tools.

TOC

<!--toc:start--> <!--toc:end-->

Usage

Caution: You should know that although I am using everything in this repo for my personal production server, this is really just a one person effort for now and there are most certainly bugs that I didn't discover yet.

Flake Module

Self Host Blocks is available as a flake. To use it in your existing project, add the following flake input:

inputs.selfhostblocks.url = "github:ibizaman/selfhostblocks";

Then, pin it to a release/tag with the following snippet. Updating Self Host Blocks to a new version can be done the same way.

nix flake lock --override-input selfhostblocks github:ibizaman/selfhostblocks/v0.2.2

To get started using Self Host Blocks, follow the usage section of the manual. It goes over how to deploy with Colmena, nixos-rebuild and also goes over secrets management with SOPS.

Then, to actually configure services, you can choose which one interests you in the services section of the manual.

Head over to the matrix channel for any remaining question, or just to say hi :)

Installation From Scratch

I do recommend for this my sibling project Skarabox which bootstraps a new server and sets up a few tools:

Full Example

See full example in the manual.

Server Management

Self Host Blocks provides a standardized configuration for some services provided by nixpkgs. The goal is to help spread adoption of self-hosting by providing an opinionated configuration with best practices by default.

Self Host Blocks takes care of common self-hosting needs:

Unified Interfaces

SHB's first goal is to provide unified building blocks and by extension configuration interface, for self-hosting.

Compare the configuration for Nextcloud and Forgejo in Self Host Blocks. The following snippets focus on similitudes and assume the relevant blocks - like secrets - are configured off-screen. It also does not show specific options for each service. These are still complete snippets that configure HTTPS, subdomain serving the service, LDAP and SSO integration.

shb.nextcloud = {
  enable = true;
  subdomain = "nextcloud";
  domain = "example.com";

  ssl = config.shb.certs.certs.letsencrypt.${domain};

  apps.ldap = {
    enable = true;
    host = "127.0.0.1";
    port = config.shb.ldap.ldapPort;
    dcdomain = config.shb.ldap.dcdomain;
    adminPassword.result = config.shb.sops.secrets."nextcloud/ldap/admin_password".result;
  };
  apps.sso = {
    enable = true;
    endpoint = "https://${config.shb.authelia.subdomain}.${config.shb.authelia.domain}";

    secret.result = config.shb.sops.secrets."nextcloud/sso/secret".result;
    secretForAuthelia.result = config.shb.sops.secrets."nextcloud/sso/secretForAuthelia".result;
  };
};
shb.forgejo = {
  enable = true;
  subdomain = "forgejo";
  domain = "example.com";

  ssl = config.shb.certs.certs.letsencrypt.${domain};

  ldap = {
    enable = true;
    host = "127.0.0.1";
    port = config.shb.ldap.ldapPort;
    dcdomain = config.shb.ldap.dcdomain;
    adminPassword.result = config.shb.sops.secrets."nextcloud/ldap/admin_password".result;
  };

  sso = {
    enable = true;
    endpoint = "https://${config.shb.authelia.subdomain}.${config.shb.authelia.domain}";

    secret.result = config.shb.sops.secrets."forgejo/sso/secret".result;
    secretForAuthelia.result = config.shb.sops.secrets."forgejo/sso/secretForAuthelia".result;
  };
};

As you can see, they are pretty similar!

SHB provides an ever growing list of services that are configured in the same way.

Incremental Adoption

SHB's second goal is to facilitate testing NixOS and slowly switching an existing installation to NixOS.

To achieve this, SHB pioneers contracts which allows you, the final user, to be more in control of which piece go where. This lets you choose, for example, any reverse proxy you want or any database you want, without requiring work from maintainers of the services you want to self host. (See manual for a complete explanation)

Two videos exist of me presenting the topic, the first at NixCon North America in spring of 2024 and the second at NixCon in Berlin in fall of 2024.

More Benefits of SHB

By using Self Host Blocks, you get all the benefits of NixOS which are, for self hosted applications specifically:

In no particular order, here are some aspects of SHB which I find interesting and differentiates it from other server management projects:

Roadmap

Currently, the Nextcloud, Vaultwarden services and the SSL and backup blocks are the most advanced and most documented.

Documenting all services and blocks will be done as I make all blocks and services use the contracts.

Upstreaming changes is also on the roadmap.

Check the issues and the milestones to see planned work. Feel free to add more or to contribute!

All blocks and services have NixOS tests. Also, I am personally using all the blocks and services in this project, so they do work to some extent.

Demos

Demos that start and deploy a service on a Virtual Machine on your computer are located under the demo folder. These show the onboarding experience you would get if you deployed one of the services on your own server.

Community

All issues and PRs are welcome. For PRs, if they are substantial changes, please open an issue to discuss the details first. More details in here.

Come hang out in the Matrix channel. :)

One aspect that's close to my heart is I intent to make SHB the lightest layer on top of nixpkgs as possible. I want to upstream as much as possible. I will still take some time to experiment here but when I'm satisfied with how things look, I'll upstream changes.

License

I'm following the Nextcloud license which is AGPLv3. See this article from the FSF that explains what this license adds to the GPL one.