arcana/arkheon
0
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
Track your Nix closures over time
169 commits 2 branches 0 tags 1,019 KiB
  • SCSS 76.7%
  • Python 11.7%
  • Nix 5.9%
  • TypeScript 5%
  • HTML 0.3%
  • Other 0.4%
Find a file
Exact
Tom Hubrecht e6a0a2f609
All checks were successful
Run pre-commit on all files / pre-push (push) Successful in 1m20s
Details
chore: New forgejo setup
2025-12-28 15:34:31 +01:00
.forgejo/workflows chore: New forgejo setup 2025-12-28 15:34:31 +01:00
LICENSES feat: Add REUSE compliance 2025-06-23 16:58:22 +02:00
nix chore: New forgejo setup 2025-12-28 15:34:31 +01:00
scripts feat: Add REUSE compliance 2025-06-23 16:58:22 +02:00
src chore(frontend/system-diff): Refactor 2025-09-20 23:57:40 +02:00
.envrc feat(nix): Add sprinkles 2025-09-20 23:55:13 +02:00
.flake8 chore: Reformat using black 2024-02-14 10:46:37 +01:00
.gitignore feat: Add REUSE compliance 2025-06-23 16:58:22 +02:00
.prettierignore chore: New forgejo setup 2025-12-28 15:34:31 +01:00
Arkheon.png chore: Update image 2025-06-22 11:15:46 +02:00
default.nix feat(nix): Add sprinkles 2025-09-20 23:55:13 +02:00
pyproject.toml chore: Update git-hooks 2025-06-23 16:58:22 +02:00
README.md feat: Add REUSE compliance 2025-06-23 16:58:22 +02:00
REUSE.toml chore: New forgejo setup 2025-12-28 15:34:31 +01:00
TODO.md feat: Add REUSE compliance 2025-06-23 16:58:22 +02:00

README.md

Arkheon

Arkheon is a very simple FastAPI-based web application to record memories of your NixOS deployments.

Arkheon preview

API documentation

Records a deployment

POST /record/<identifier>
{ "toplevel": $toplevel, "bootspec": $bootspec, ... }

This will record a deployment at this point in time for that <identifier> machine.

Developer TODO

Short term

  • API to register webhooks to call upon deployments: regex on machine identifier?
  • Production packaging
  • NixOS module

Medium term

  • Client side NixOS module / automation:
    • colmena can record at any effective activation (i.e. can compute it at dry activation time the closure, send it only if any switch operation is done either boot, test or effective activation).
  • Move to PostgreSQL
  • Do proper bulk insertion when possible
  • Cache results to comparisons as they are immutable (on-disk? LRU policy?)
  • Pre-compute comparisons between deployment N - 1 and N at record time as a background task
  • NixOS tests
  • Prometheus endpoint for metrics?
  • Recognize if a deployment is idempotent and do nothing, e.g. if the closure is already stored, create a new deployment and reflink it to the previous one.
  • Netbox synchronization
  • Linking Git metadata and deployment data

Long term

  • Deployments/closures can be sealed to prevent any tampering, do something like FSPRG:
    • Generate a verification key that should be stored somewhere else.
    • Generate a sealing key that can stay on the deployment of arkheon.
    • and do it like FSS.
    • Will probably require the involvement of Rust to write it properly and re-expose it via Python.