Skip to content

Self Host Blocks

Configuration Management

Modular server management based on NixOS modules and focused on best practices. `AGPL-3.0` `Nix`

Track releases GitHub Website
Nix Latest v0.8.0 · 1mo ago Security brief →

Features

  • Provides an opinionated NixOS‑based server management OS for self‑hosting
  • Offers a collection of standardized NixOS modules that unify service configuration interfaces
  • Includes automated VM tests to ensure all services build and work correctly
  • Introduces contract abstractions to increase modularity of nixpkgs modules

Recent releases

View all 16 releases →
v0.8.0 Breaking risk
Breaking changes
  • Bumped Nextcloud version to minimum 32 (and verified up to 33) due to nixpkgs update; all provided apps are tested compatible with Nextcloud 33.
Notable features
  • Added Immich Public Proxy service
  • Homepage service with dashboard contract implemented across services
  • Added scrutiny service
Full changelog

Update

nix flake update selfhostblocks --override-input selfhostblocks github:ibizaman/selfhostblocks/v0.8.0

See https://shb.skarabox.com/usage.html#usage-flake-tag

Breaking Changes

  • Bump of Nextcloud version to 32 and 33 because of nixpkgs bump. All provided apps are verified compatible with Nextcloud 33 thanks to new tests.

New Features

  • Added Immich Public Proxy service
  • Add homepage service with dashboard contract implemented by all services
  • Add scrutiny service.
  • ZFS module now supports setting permissions
  • Add landing page for mailserver and dashboard contract integration

Bug Fixes

  • Use configurable dataDir in arr stack
  • Forgejo ensures ldap is setup when sso is configured
  • Add nixpkgs patches on aarch64-linux too
  • Self-signed certs are now idempotent
  • Prometheus scrapes metrics at 15s interval instead of 1m

Other Changes

  • Arr stack declares ldap groups, declare ApiKeys and bypasses auth for readarr when sso is enabled
  • Forgejo declares ldap group

New Contributors

  • @Danguilhen made their first contribution in https://github.com/ibizaman/selfhostblocks/pull/654
  • @dniku made their first contribution in https://github.com/ibizaman/selfhostblocks/pull/666

Changelog: https://github.com/ibizaman/selfhostblocks/blob/v0.8.0/CHANGELOG.md
Commit: https://github.com/ibizaman/selfhostblocks/compare/v0.7.3...v0.8.0

View release on GitHub
v0.7.3 New feature
Notable features
  • mailserver module integrating with Simple NixOS Mailserver enabling full provider backup
Full changelog

v0.7.3

New Features

  • Add mailserver module integrating with Simple NixOS Mailserver and allowing full backup of an email provider.
  • Bump nixpkgs from https://github.com/NixOS/nixpkgs/commit/5e2a59a5b1a82f89f2c7e598302a9cacebb72a67 to https://github.com/NixOS/nixpkgs/commit/bfc1b8a4574108ceef22f02bafcf6611380c100d. Full diff.
    On top of minor changes, the most notable one was:
    • Updated Jellyfin LDAP and SSO plugins and configuration. @Codys-Wright

Bug Fixes

  • Fix Restic and Authelia modules referencing systemd services without the .service suffix and leading to

Changelog: https://github.com/ibizaman/selfhostblocks/blob/v0.7.3/CHANGELOG.md
Commit: https://github.com/ibizaman/selfhostblocks/compare/v0.7.2...v0.7.3

View release on GitHub
v0.7.2 Breaking risk
Notable features
  • Added Firefly‑III service integration
  • Jellyfin supports declarative plugin installation and full LDAP/SSO configuration
  • Nextcloud version 32 is fully supported
Full changelog

What's Changed

New Features

  • Forgejo uses secrets contract for smtp password.
  • Add Firefly-iii service.
  • Jellyfin can install plugins declaratively.
    (Support is quite crude and WIP).
  • Jellyfin configures LDAP and SSO fully declaratively, including installing necessary plugins.
  • Nextcloud 32 is fully supported thanks to tests for version 31 and 32.

Fixes

  • Revert Authelia to continue using dots in systemd service names.
    This caused issue with nginx name resolution.

Other Changes

  • Authelia uses non deprecated smtp.address option.
  • Add documentation for Nginx block
  • Now a user which is only member of the admin LDAP group of a service can login.
    Before, some services required a user to be member of both the user and admin LDAP group.
    This is ensured by regression tests going forward.

Changelog: https://github.com/ibizaman/selfhostblocks/blob/v0.7.2/CHANGELOG.md
Commit: https://github.com/ibizaman/selfhostblocks/compare/v0.7.1...v0.7.2

View release on GitHub
v0.7.1 Bug fix
Notable features
  • Enhanced Grafana dashboard for SSL certificate renewal jobs
Full changelog

Big changes are:

  • Enhance Grafana dashboard showing SSL certificate renewal jobs. https://shb.skarabox.com/blocks-monitoring.html#blocks-monitoring-ssl
  • Fix let's encrypt certificate renewal jobs by removing duplicated domain name.
    Also adds an assertion to catch these kinds of errors.

In the documentation:

  • Distinguish description for contract databasebackup from backup's by @KiaraGrouwstra in https://github.com/ibizaman/selfhostblocks/pull/598

Changelog: https://github.com/ibizaman/selfhostblocks/blob/v0.7.1/CHANGELOG.md
Commit: https://github.com/ibizaman/selfhostblocks/compare/v0.7.0...v0.7.1

View release on GitHub
v0.7.0 Breaking risk
Breaking changes
  • pkgs overrides must now be passed in flakes; update configuration per the Usage documentation example.
Notable features
  • Grafana dashboard displaying backup job statistics and alerts for missed or failed backups within the last 24 hours.
  • SSO integration added to Grafana.
  • Paperless service introduced.
Full changelog

Big changes are:

  • Fix pkgs overrides not being passed to users of SelfHostBlocks.
    This will require to update your flake to follow the example in the Usage section.
  • Add a Grafana dashboard showing stats on backup jobs
    and also an alert if a backup job did not run in the last 24 hours or never succeeded in the last 24 hours.
  • Add SSO integration in Grafana.
  • Add Paperless service.
  • Allow to upload big files in Immich.

In the documentation:

  • Add recipe to setup DNS server with DNSSEC.

Changelog: https://github.com/ibizaman/selfhostblocks/blob/v0.7.0/CHANGELOG.md
Commits: https://github.com/ibizaman/selfhostblocks/compare/v0.6.1...v0.7.0

View release on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

About

Stars
460
Forks
16
Language
Nix
View on GitHub Homepage Documentation

Install & Platforms

Platforms
linux

Community & Support

Community

Similar tools

OpenVox
DebOps
agno
What To Cook?
utensils/mcp-nixos

Beta — feedback welcome: [email protected]