Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/42loco42/aquaris

Opinionated & high level NixOS module library
https://github.com/42loco42/aquaris

nix nixos nixos-configuration nixos-module nixos-modules

Last synced: 1 day ago
JSON representation

Opinionated & high level NixOS module library

Host: GitHub
URL: https://github.com/42loco42/aquaris
Owner: 42LoCo42
Created: 2023-12-21T20:59:50.000Z (11 months ago)
Default Branch: main
Last Pushed: 2024-04-13T09:01:33.000Z (7 months ago)
Last Synced: 2024-04-13T23:49:10.315Z (7 months ago)
Topics: nix, nixos, nixos-configuration, nixos-module, nixos-modules
Language: Nix
Homepage:
Size: 223 KB
Stars: 3
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.org

Awesome Lists containing this project

README

        * Aquaris - My NixOS module library

Use Aquaris to easily manage related machines, their users and secrets!

** Quickstart

Check out the [[file:docs/quickstart.org][quickstart]] guide and the provided example & template!

- [[file:template/flake.nix][flake.nix]] - Usage of the Aquaris functor & global config

- [[file:machines/example/default.nix][example]] - An example machine-specific configuration

- [[file:template/machines/example/default.nix][template]] - The mostly empty template configuration

** Declarative filesystem configuration

Inspired by [[https://github.com/nix-community/disko][disko]], but dissatisfied with its verbosity,

suboptimal integration and some edge-case bugs,

Aquaris implements a fairly complete filesystem configuration library.

It supports regular filesystems, btrfs subvolumes, swap,

LUKS-encrypted partitions and even complex filesystems like

LVM Volume Groups & Logical Volumes

and ZFS pools and datasets.

With very compact semantics, provided default options

and deep integration into the rest of Aquaris's modules,

most disko users should find this library a worthy replacement

for [[https://github.com/nix-community/disko/blob/276a0d055a720691912c6a34abb724e395c8e38a/example/swap.nix][dozens]] of [[https://github.com/nix-community/disko/blob/276a0d055a720691912c6a34abb724e395c8e38a/example/luks-btrfs-subvolumes.nix][lines]] of [[https://github.com/nix-community/disko/blob/276a0d055a720691912c6a34abb724e395c8e38a/example/zfs.nix][code]]!

** Secrets management

Aquaris includes a powerful secrets management facility (AQS),

with secrets belonging to one of four categories:

- toplevel: included by all NixOS configurations

- keys: encrypted machine keys for easy storage in the repo

- user: personal secrets like SSH keys or password hashes,

  readable by all machines the user is part of

- machine: secrets for machines like API keys or TLS certificates,

  readable only by the respective machine itself

This is inspired by [[https://github.com/ryantm/agenix][agenix]], but without the need to explicitly define

the list of secrets and their corresponding public keys.

Secrets are managed via the [[file:docs/aqs.org][aqs]] command exported by this flake.

** Documentation

- [[file:docs/aqs.org][aqs]] (secrets management command)

- [[file:docs/lib.org][Standard library]]

- Modules:

  - [[file:docs/module/caches.org][Binary caches]]

  - [[file:docs/module/filesystems.org][Filesystems]]

  - [[file:docs/module/home.org][home-manager settings]]

  - [[file:docs/module/machine.org][General machine settings]]

  - [[file:docs/module/persist.org][root-on-tmpfs and persistency]]

  - [[file:docs/module/secrets.org][Secrets management]]

  - [[file:docs/module/users.org][User management]]

** TODOs

Check out the [[file:todo/TODO.org][TODO file]]!