Use Aquaris to easily manage related machines, their users and secrets!
Check out the quickstart guide and the provided example configuration!
Inspired by disko, but dissatisfied with its verbosity, suboptimal integration and some edge-case bugs, Aquaris implements a fairly complete filesystem configuration library.
It supports regular filesystems, btrfs subvolumes, swap, LUKS-encrypted partitions and even complex filesystems like LVM Volume Groups & Logical Volumes and ZFS pools and datasets.
With very compact semantics, provided default options and deep integration into the rest of Aquaris’s modules, most disko users should find this library a worthy replacement for dozens of lines of code!
Aquaris uses sillysecrets for powerful group-based secret management. Every group can become an encryption target (by specifying a public key) and can also contain the secrets of other groups or grant them access to their own.
Want to run services in virtualisation.oci-containers for security reasons,
but all those huge Docker images eat your disk space, require manual updates
and provide attackers with useful shell utils or, worst of all, root access,
just because upstream couldn’t be bothered to make them work rootless?
Just use Nix packages! Aquaris includes PNOC, the module for Pure NixOS Containers, which simply bind-mounts service closures from your host’s Nix store into empty containers. It also runs every container under its own service account and optinally integrates with the secrets management facility if secrets should be provided as files in a container.
- Standard library
- Modules:
Check out the TODO file!