kiara/comparison
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
No description
1 commit 1 branch 0 tags 56 KiB
Find a file
Exact
kiara 1ccc14fb9a
Add README.md
2025-05-20 09:11:36 +02:00
README.md Add README.md 2025-05-20 09:11:36 +02:00

README.md

Comparison to existing solutions

To clarify the positioning of the project, we have identified the following relevant features:

  • portable: making it easy to move the state of provisioned applications to a different deployment
  • maintenance-free: use of reproducible computing so as to ensure potential issues will be tackled by the solution developers up-front
  • autonomous: may be used on environments under the user's control such as bare metal, preventing lock-in and protecting the privacy of the user
  • integrated: out-of-the-box integration among different provisioned applications
  • easy to use: targeting non-technical users

Our project compares to identified parts of the established ecosystem in this space as follows:

  target portable autonomous maintenance-free integrated easy to use
Fediversity ProxmoX ?
upstream managed services software-as-a-service
Containers containers ? ? ?
Yunohost Debian
NixOS bare-metal/VM/container ?
SelfHostBlocks bare-metal/VM/container ?
SelfPrivacy hetzner/digitalocean VM ? ?
Clan bare-metal/VM targets ? ?

Upstream managed services

Quite some open-source projects feature managed services run by their backing entity, as also encouraged by e.g. NLNet to ensure project sustainability. Such services tend to at least unburden users from system administration concerns, and tend to offer paths to switch between the managed service versus self-hosting scenarios as well. That being said, the user-friendliness does not automatically transfer to the self-hosted setting here, whereas managed services also will not necessarily come with desired integrations with one's other applications out of the box using say single sign-on or LDAP.

Container technology

Containers, often authored by application developers, have become a popular way among the tech-savvy to consume and deploy software. As a tool aimed at technical audiences, containers offer the autonomy to deploy anywhere (supporting containers). However, containers by themselves do not properly address the burden of systems administration, making them more of a lower-level tool that still presumes technical expertise.

Self-hosting solutions e.g. Yunohost

Yunohost is a popular self-hosting solution, offering a broad catalog of applications. As self-hosting however, this nevertheless brings a burden of systems administration, in addition to not necessarily targeting the use-case of service portability.

app store GUI over debian to install apps with SSO/LDAP, with customizable tiles. distinguishes applications/services, service logs, app settings incl. domains and availability by role, nextcloud sees LDAP, on demo instance seemed unable to manually install nextcloud plugins; tracked app support incl. architecture, LDAP, SSO, installing multiple times, resource usage (RAM/disk). per app offers scripts such as upgrade/backup - backs up relevant dirs/files.

NixOS

NixOS is a Linux distribution offering the tools to reproducibly package software, and as such is also used in projects such as SelfHostBlocks, SelfPrivacy and Fediversity. It has primarily targeted technical users however, allowing it to function as a toolbox for such projects to build on top of it to build the abstractions closer to user-friendliness. Nevertheless, many projects have ended up contributing back to NixOS and its package repository nixpkgs. Clan, SelfHostBlocks and Fediversity have similarly aimed to contribute relevant contributions back to this project.

SelfHostBlocks

SelfHostBlocks is a project introducing the concept of contracts to NixOS modules, as such offering an additional layer of abstraction to better decouple auxiliary software choices from service definitions. While it has a deployment-oriented sibling project Skarabox (combining nixos-anywhere/disko/nixos-facter/sops-nix/deploy-rs), the use-case nevertheless remains NixOS users running services on QEMU VMs or existing machines.

for forgejo/nextcloud/vaultwarden implements contracts:

  • backups (files/dbs): restic - backs up relevant dirs/files
  • ssl/tls generator: self-signed, Lets Encrypt
  • secrets: sops
  • reverse proxy + domains: nginx
  • SSO: authelia
  • LDAP: lldap

SelfPrivacy

SelfPrivacy offers GUI-based deployment of select NixOS services to hosting providers Hetzner and DigitalOcean. As such, they target non-technical users, although they do not so far offer deploying to bare metal or service portability, both aspects relevant to ensuring user autonomy.

nixos VM gui by app over VPS (hetzner/digitalocean) + DNS (desec/cloudflare/digitalocean) + storage (backblaze) + roled SSO kanidm, also shows use of VM resource and app storage, visualizes job queues. nextcloud sees LDAP, in nextcloud can manually install plugins. backups back up relevant dirs. apps have some common configuration.

their roadmap seems to kind of match with what we want (bare-metal, portability), tho I was not as much of a fan of their choices and code: built on tight-coupling with commercial services, imperative operations, Python, Dart, Nix flakes, KaniDM over proper LDAP, no vars/selfhostblocks...

Clan

Clan is a peer-to-peer computer management framework based on Nix, and has offered contributions including backend-agnostic secret management, tooling for state management of ephemeral variables, and generation of JSON Schema from Nix modules. That said, the project presumes existing Nix installations, and so far presumes ('clans' including) technical users still.

given p2p nix, simplify installs/secrets with UIs to run (private) (a)symmetric distributed 'inventory' services, backups by syncthing backing up relevant dirs.

Fediversity

TODO