Host Shell

We're creating a self-hosting solution based on NixOS.

Self hosting can and should be ...

... declarative
... self contained
... secure by default
... low maintenance
... community owned
... scalable

Stay informed

Goals

Declarative configuration

This property is inherited from being based on NixOS. If you have experienced this, there is not much to add here. If not, host-shell will give you the opportunity to experience the difference first-hand and to join the many experienced system operators and recovering distro hoppers, who have made NixOS their forever home.

Self contained development and operations

Many successful software projects have embraced the spirit of the lisp machine and (make it easy to) ship with development tools:

Unix
Browsers
Any programming language with a built-in REPL
Microsoft Office
AutoCAD
...

Host Shell embraces this philosophy and aims to give you a lisp machine for the cloud age, where, by installing it, you already have a full-fledged devops system, suitable for getting started with a team:

Forge: Comes with a git server with CI.
Introspect: Comes with database and file storage viewers.
Modify: Comes with in-browser IDE. Onboard at lightning speeds. Never fight a team member's local config.
Share: Comes with user / role management and SSO, as well as a copyleft license.

Security made easy

Open source projects can be made to wildly varying standards. Some are meant for use within an established enterprise context and expect you to expertly configure them. Others haven't been updated in decades. Even well-maintained projects with a community focus can have emergent vulnerabilities, requiring a fast response that's just not always feasible.

Host shell - being a deployment tool primarily - gives you the tools, to deploy open source software in a worry-free fashion, even if you have to deploy PHP 4 for your grandma and you'll only be able to look at it every 6 months.

The key phrase is: "Attack surface". Host shell assumes that it's being deployed on the open internet, so it implements various security best practices, and makes it easy to use them for your custom software:

SSH connections only with public key authentications
HTTP user authentication done by nginx, via auth_request
MicroVM containers for services

When faced with a decision between convenience and security, host shell will default to security.

Low maintainance burden

System updates via CI
Reproducability and rollbacks, facilitated by NixOS
Backwards compatibility guarantees, inspired by Clojure

Community ownership

Host Shell is made for and by the community. It emphazises the needs of individuals, associations and small businesses over the needs of corporate enterprise.

In order to prevent corporate exploitation, host shell is distributed with copyleft and will be association-owned (similar to codeberg), once sufficient interest exists.

Scalability

Host Shell aims to be scalable by: building centralized user management and SSO into the core.

Host Shell aims to be scalable by:

Enabling self-hosting of federated software
Encouraging community contribution
Building user-management and SSO into its core
Combining ease-of-setup with ease-of-maintenance

It can be run on anything, from a measly SBC to a big-parallel rack unit. So far, it has been demonstrated on:

Various laptops and workstations
VPS from Hetzner and AWS
A Raspberry PI 4
A 2010 MacPro

The core configuration has been selected in a very memory-conscious way, clocking in at ~ 512M