Skip to content

Open-Source Infrastructure as Code Management Solution for Multiple Systems designed to be reliable in mission-critical tasks on paranoid and high-security environment.

License

Notifications You must be signed in to change notification settings

Arcanyx-org/NiXium

Repository files navigation

RED ALERT: Quantum Computer Cybersecurity Crisis

Quantum Computers that are efficient enough to break encryption are assumed to be available, NiXium is in crisis mode to try to mitigate the threat in our infrastructure.


NiXium (N/X)

Transparent Nix-based Open-Source Infrastructure as Code (OSS IaaC) Management Solution for Multiple Systems and Domains designed to be a reliable tool for mission-critical tasks in paranoid and high-security environment.

We are using:

Directory layout

├── config -- Project Configuration
├── lib -- Project-Oriented Libraries
├── src -- Source Code Files
 |      ├── nixos -- Source Files Relevant to the NixOS Distribution
 |       |      ├── machines -- Machine Management in the NixOS Distribution
 |       |       |      ├── template -- Example of Machine Management
 |       |       |       |      ├── config -- Invidual System configuration
 |       |       |       |      ├── lib -- Libraries Exported by the Machine to Others
 |       |       |       |      ├── releases -- Management across releases for the invidual machine
 |       |       |       |      ├── secrets -- Machine-invidual secrets
 |       |       |       |      ├── services -- Machine managed services
 |       |      ├── modules -- NixOS-related Modules
 |       |       |      ├── programs -- NixOS-related Programs Adjustments
 |       |       |      ├── security -- NixOS-related Security Management
 |       |       |      ├── services -- NixOS-related Service Adjustments
 |       |       |      ├── system -- NixOS-related System Management
 |       |       |       |      ├── impermenance -- NixOS-related management of impermanence
 |       |      ├── overlays -- Changes on top of nixpkgs
 |       |      ├── users -- Management of Users in NixOS Distribution
 |       |       |      ├── modules -- Home-Manager specific modules applied to all users
 |       |       |      ├── users -- Invidual User Management
 |       |       |       |      ├── kreyren -- Management of Kreyren User
 |       |       |       |       |      ├── home -- User Kreyren's Home Management
├── tasks -- Routines to work with the project
 |      ├── docs -- Tasks related to the project documentation
 |       |      ├── tree -- Task used to generate this file hierarchy output
├── vendor -- 3rd party repos used in this projects

This file hierarchy output is generated using the tree task that processes directories with the .about file containing short description about the purpose of the directory

Provided Services

All of our services are provided primarely through onion routing, for ease of use we recommend that you configure MapAddress so that you can use easily memorable URLs instead of the long and cryptic Onion URLs.

Without MapAddress: somewhereInTheDarks45h5f8h76sd7f98h7sd9h6sg876hsl.org With MapAddress: cool-service.nx

OFFLINE DUE TO QUANTUM CRISIS: monero-project/research-lab#131 (comment)

We provide a private Monero Node for all viewers of this repository to process your Monero transactions through our transparent infrastructure:

Recommended MapAddress: monero.nx
Hostname: jj6qehtyrfvvi4gtwttpg2qyaukqzxwaoxvak534nidlnnelmqtlm3qd.onion
Port: 18081
Username: Monerochan
Password: iL0VEMoNeRoChan<3

Providing system: mracek.systems.nx
Configurtion: https://github.com/Arcanyx-org/NiXium/blob/central/src/nixos/machines/mracek/services/monero.nix

The node is set up to communicate with the outside world exclusively via Tor including it's synchronization with the blockchain for added security and privacy.

The open-source to-do app, access is provided upon special request.

Recommended MapAddress: vikunja.nx
Hostname: u65cyt3tdc66u7ciin55atl5sattytx3rjzzrzhlfdfc2t7pqbhyd6qd.onion
Port: 80

Providing system: mracek.systems.nx
Configurtion: https://github.com/Arcanyx-org/NiXium/blob/central/src/nixos/machines/mracek/services/vikunja.nix

This service is mostly used internally to organize private projects. We recommend you to use the Vikunja Cloud Services instead to support the upstream developers if you are not in position to self-host it.

Claim of "NX" Custom Top Level Domain

This repository claims the "NX" as it's Custom Top Level Domain ("cTLD") and kindly asks all DNS providers and Network Solutions to acknowledge it, we don't recognize the Internet Corporation for Assigned Names and Numbers ("ICANN") as authority due to their monopolistic position on assignments of Top Level Domains and their unreasonable high fees for cTLDs to attempt to decentralize this assignment.

Contributions

Generic Changes

All changes need to be discussed in a form of an issue to be approved for merge with the exception of "Tagged Code" which is always up for grabs.

Tagged Code

Tagged Code is code that has a "tag" over it:

# FIXME-QA(Krey): Make it possible to accept list of strings for better readability without the `toString`
# FIXME-QA(Krey): Figure out how to get a list of unsigned integers into a string `${toString config.services.tor.settings.SOCKSPort}` in `proxy` and `tx-proxy` for Tor port
# FIXME-UPSTREAM(Krey): These options should be added to NixOS Module for better maintanability
services.monero.extraConfig = toString [
  "prune-blockchain=1" # Use the pruned blockchain to save space
  "proxy=127.0.0.1:9050" # Use Tor Proxy to access the internet
  ...
];

Which is the self-review which the developer adds in a scenario where they were unable to address the issue in a reasonable amount of time during their development which doesn't block merge. Those are often cosmetic, maintainability and readability issues. If you use the repository-provided vscodium, then you will get a configured extension to find these easily or you can run:

$ grep -A 10 -rP "(FIXME|DOCS|)((\\-.*|)\\(.*\\))" /path/to/this/repository

To get them printed in your terminal.

Peer-Review The Code

The used programming, scripting and frameworking languages are separated into invidual files and all follow coding standardization, any peer-review is always very appreciated.

Notes to the implementation:

  • POSIX Shell Script: The environment and libraries are managed by the Nix Daemon so they do not include shebang and bash options as those are supplemented by Nix, all these files should include notice at the first line about this management (please report this to us if it's not present). Additionally Nix runs these files through a very strict shellcheck where any unhandled failure or warning will terminate evaluation with detailed info about the isuse prior to executing the script.
  • Nix Language: Is the sole exception that does not follow the standard coding practices provided by upstream as they are considered not sensible and introduce too many security issues that are not fixable at the current NixOS Foundation Administration chaired by Eelco Dolstra for us to be in the process of writting an alternative one. NixOS/nixpkgs/133088 NixOS/nixpkgs/133089 NixOS/nixpkgs/243089 NixOS/nixpkgs/254625 NixOS/nixpkgs/296013 NixOS/nixpkgs/296013

Donate - Finance

For financial aid to help us maintain the system and continue provide the public services we accept Monero, refer to https://github.com/Kreyren#donate for details.

Donate - Hardware

We are almost always accepting any functional or broken hardware (notebooks, phones, PCs, etc..) to either refurbish for resell or add to our infrastructure.

If you want to donate Hardware then contact @Kreyren or make a new issue, preferably in the central europe area.

Kreyren: I also accept broken/locked iDevices (please don't send me stolen devices, return them to their owners instead) as apple often artificially shortens their lifespan through various means e.g. serilizing the replacement parts, making the glass replacement extremly uneconomical, etc.. to force their customers to buy a new model and I like to mess with Apple by fixing them and selling them for cheap, installing Linux on them or making new PCBs with better chips~

References

Manuals

Guides

Feel Free To Contribute Relevant Topics

NixOS Configs

Collection of NixOS configurations that you might find useful as a reference for your configuration:

Feel Free To Add Yours

Relevant References through GitHub Querries:

Relevant Projects

Krey Nix Tips

Update your NixOS and other inputs

To update NixOS (and other inputs) run nix flake update

You may also update a subset of inputs, e.g.

$ nix flake lock --update-input nixpkgs --update-input home-manager

Credit: Samuel Sung

Free Up The Disk Space

To free up disk space you can clear unused nixos generations

# nix-env -p /nix/var/nix/profiles/system --delete-generations +2 # Remove all NixOS Generations but last 2
# nixos-rebuild boot # Build a new generation and deploy it on next reboot

This can easily safe you few Gigabytes if you don't have set maximum number of generations.

Credit: Samuel Sung

Feel Free To Add Your Tips

About

Open-Source Infrastructure as Code Management Solution for Multiple Systems designed to be reliable in mission-critical tasks on paranoid and high-security environment.

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published