ryan.freumh.org
+9
-32
README.md
+9
-32
README.md
···+Eilean enables you to host your own digital 'island', where you control you're own online infrastructure.+Eilean uses [NixOS](https://nixos.org/) to enable reproducible deployments of services such as webservers, mailservers, federated communication servers, Virtual Private Network servers, and more.+However, they still require a lot of manual configuration for domain names, DNS records, user accounts, databases, HTTP proxies, TLS certificates, and more.-While NixOS enables reproducible deployments of many services, they still require much manual configuration.-Adding domain names, DNS records, user accounts, databases, HTTP proxies, SMTP servers all add additional complexity.-Eilean aims to be a personal or community 'island in a box' that requires minimal configuration.-It can achieve this by sharing configration between many NixOS modules (each for an individuial service).+Eilean aims to be a optioned framework to allow the simple deployment of these services on a single machine, and a library of documentation for common issues in managing runtime state like secrets, databases, and upgrades.+By using Nix Eilean modules are extensive to other configurations outside this deployment scenario, such as offloading a particularly resource heavy service to a dedicated machine.-Hosting DNS allows necessary records to be specified decleratively and enabled when the module that required then is.-You will need to point your domain's NS record to your IP address with your registar using a glue record.-Sending email to users on your own domain shouldn't pose any issues, if for example users are signing up to services like Mastodon using an EMail account on the same Eilean.-Sending mail will require TCP port 25 to be unblocked by your network provider, and your IP address to not be blacklisted (e.g. check [here](https://mxtoolbox.com/blacklists.aspx)).
+9
docs/adding_eilean.md
+9
docs/adding_eilean.md
···+Add `github:RyanGibb/eilean-nix` as an input to your flake, and import `eilean.nixosModules.default`.
+199
docs/getting_started.md
+199
docs/getting_started.md
···+If you already have a NixOS system, please feel look at [adding eilean](adding_eilean.md) to an existing system.+- Option 1 (recommended): a Virtual Private Server (VPS) with a cloud provider such as Hetzner, Vultr, or Digital Ocean. Get an IPv4 address^[1].+You can use this referral link to get started on Hetzner: https://hetzner.cloud/?ref=XydbkWdf49TY.+- Option 2: your own hardware, such as an old PC or laptop, Raspberry Pi, or a custom-build server.+Note you'll need a static IPv4^[1] address for reliable hosting^[2]. If you're behind Network Address Translation (NAT) you'll need to set up port forwarding for every service you want to run.+[1]: You could just use an IPv6 address, but much of the Internet is still [IPv4-only](https://stats.labs.apnic.net/ipv6).+[2]: If you don't have a static address, Dynamic DNS is possible but takes some time to propagate. Email reputation is tied to your IP address; using a residential address assigned by your ISP may get your mail blocked.+Resource requirements depends how many service you want to run and how much load they'll be under, but 2 GB RAM and 20 GB disk should be a good starting point.+- Mount the NixOS ISO, either from your provider directly, or by uploading it yourself. For Herzner:+The [official manual](https://nixos.org/manual/nixos/stable/index.html#sec-installation-manual) contains detailed instructions, but the minimum to get your disk partioned is:+We can then mount the primary and boot partions and generate a configuration for you (possible virtualised) hardware:+Without going into too much depth, they enable hermetic evaluation of Nix expressions and provide a standard way to compose Nix projects^[3].+The website [search.nixos.org](https://search.nixos.org/) is a great place to find information on configuration options and packages available, and with `man 5 configuration.nix` you can see the configuration options locally.+One thing you should do at this point is generate a password hash with `mkpasswd` and add it to `root.initialHashedPassword`.+You may need to run `passwd <username>` (where `<username>` is `eilean` by default) to be able to log in as `<username>`^[4].+You should be able to edit `/etc/nixos/configuration.nix` and rebuild you system with `sudo nixos-rebuild switch`.+By default DHCP will be enabled so your machine will discovery it's IP address, however some providers don't enable DHCPv6 or SLAAC so you need to manually configure the IP address.+Note that untracked files aren't seen by Nix flakes, so `git add` any new files you create to use them in Nix.+It may be useful to change the user and group from root so your user account can edit these files:+Check out the default configuration, and files in [modules](../modules/), to see what options there are.+Eilean automates Domain Name System (DNS) record creation and maintence by hosting DNS on the server and managing records decleratively.+Create a Glue record with your registrar with `ns1.<domain>` pointing to your public IP address from step 1.+Once your domain is setup, replace these default values of Eilean with your IPv4 and IPv6 network addresses, and your public network interface:+Set `eilean.username` to what you want your username to be on email, matrix, and any other services.+It's a good idea to enable one service at a time initially or else if you run into issues, e.g. DNS record propitiation, then you may get rate limited by Let's Encrypt for TLS certificate provisioning.+Sending email to users on your own domain shouldn't pose any issues, if for example users are signing up to services like Mastodon using an EMail account on the same Eilean.+Sending mail will require TCP port 25 to be unblocked by your network provider, and your IP address to not be blacklisted (e.g. check [here](https://mxtoolbox.com/blacklists.aspx)).
+83
docs/nix.md
+83
docs/nix.md
···+Nix is a software deployment system that uses cryptographic hashes to compute unique paths for components (i.e., packages) that are stored in a read-only directory: the Nix store, at `/nix/store/<hash>-<name>`.+This provides several benefits, including concurrent installation of multiple versions of a package, atomic upgrades, and multiple user environments.+Nix uses a declarative domain-specific language (DSL), also called Nix, to build and configure software.+We use the DSL to write derivations for software, which describe how to build said software with input components and a build script.+This Nix expression is then 'instantiated' to create 'store derivations' (`.drv` files), which is the low-level representation of how to build a single component.+This store derivation is 'realised' into a built artefact, hereafter referred to as 'building'.+Possibly the simplest Nix derivation uses `bash` to create a single file containing `Hello, World!`:+Note that `derivation` is a function that we're calling with one argument, which is a set of attributes.+Nix realisations (hereafter referred to as 'builds') are done in isolation to ensure reproducibility.+Projects often rely on interacting with package managers to make sure all dependencies are available and may implicitly rely on system configuration at build time.+To prevent this, every Nix derivation is built in isolation (without network access or access to the global file system) with only other Nix derivations as inputs.+> The name Nix is derived from the Dutch word *niks*, meaning nothing; build actions do not see anything that has not been explicitly declared as an input.
+19
docs/nixos.md
+19
docs/nixos.md
···+[NixOS](nixos.org) is a Linux distribution built with [Nix](./nix.md) from a modular, purely functional specification.+It has no traditional filesystem hierarchy (FSH), like `/bin`, `/lib`, `/usr`, but instead stores all components in `/nix/store`.+[NixOS modules](https://nixos.org/manual/nixos/stable/index.html#sec-writing-modules) are Nix files containing chunks of system configuration that can be composed to build a full NixOS system.+While many NixOS modules are provided in the [Nixpkgs](./nixpkgs.md) repository, they can also be written by an individual user.+Together these modules form the configuration which builds the Linux system as a Nix derivation.+NixOS minimises global mutable state that -- without knowing it -- you might rely on being set up in a certain way.+For example, you might follow instructions to run a series of shell commands and edit some files to get a piece of software working.+You may subsequently be unable to reproduce the result because you've forgotten some intricacy or are now using a different version of the software.+Nix forces you to encode this in a reproducible way, which is extremely useful for replicating software configurations and deployments, aiming to solve the 'It works on my machine' problem.+And every new system configuration build creates a GRUB entry, so you can boot previous systems even from your UEFI/BIOS.
+19
docs/nixpkgs.md
+19
docs/nixpkgs.md
···+Nixpkgs^[ [github.com/nixos/nixpkgs](https://github.com/nixos/nixpkgs) ] is a large repository of software packaged in [Nix](./nix.md), where every package is a Nix derivation.+There is also a command line package manager that installs packages from Nixpkgs, which is why people sometimes refer to Nix as a package manager.+While Nix, and therefore Nix package management, is primarily source-based (since derivations describe how to build software from source), binary deployment is an optimisation of this.+Since packages are built in isolation and entirely determined by their inputs, binaries can be transparently deployed by downloading them from a remote server instead of building the derivation locally.+While Nixpkgs also has one global coherent package set, one can use multiple instances of Nixpkgs (i.e., channels) at once to support partial upgrades, as the Nix store allows multiple versions of a dependency to be stored.+This also supports atomic upgrades, as all the software's old versions can be kept until garbage collection.
+9
-7
template/configuration.nix
+9
-7
template/configuration.nix
···