Using nerves as a "more secure" server platform?

I noticed in the nerves docs say “It is specifically designed for embedded systems, not desktop or server systems.” Is there a reason not to use it as a server image beyond the don’t ask for support aspect of this? I saw that cogni had made an ami in aws and I absolutely love the idea of a home server/enterprise environment with all my services deployed as nerves images as opposed to the kubernetes clusters i’m running now. Would i be able to do so and connect my infra to nerveshub and manage firmware and ota via that method? Is the risk that there will be breaking changes or unfeasible? I have a framework laptop riscv board i’m going to try and get nerves running on and if successful id love to build a rack of them running apps to slowly migrate my homelab. I.e. write a replacement for photoprism, write a replacement for jellyfin/plex, etc.

The reduced attack surface of buildroot built linux is very appealing.

Using Nerves for server deployments is perfectly feasible:

GitHub - nerves-project/nerves_system_x86_64 (generic x86 system)
GitHub - nerves-project/nerves_system_vultr: Experimental - join the #nerves channel on elixir-lang slack if interested (Image for vultr cloud provider)

Rewriting photoprism and jellyfin is not quite as feasible the long tail of that work is incredibly long.

You can also put containers on Nerves with a bit of effort: GitHub - nerves-containers/docker_example: Example project using the nerves_containers base systems

Having Elixir orchestrate your Home Assistant/Jellyfin/Photoprism install should be feasible.

I may also have an experiment going that might produce an ARM64 system suitable for VMs. But nothing to show yet.

Security is always up for debate, the big win to me is that you can actually know very specifically what goes into your system and that it is handled explicitly with a read-only filesystem. Also you can set things up to serve no open ports beyond the desired services if you update with NervesHub/NervesCloud.

I have been keen to try it
@axelson, you used the Vultr system right?

Super curious about this. Please make a project thread when you start

Yeah I run 4 little Phoenix apps on Vultr via Nerves: GitHub - axelson/vps

I use MainProxy to easily serve all the apps from one BEAM instance GitHub - Main-Proxy/main_proxy and I use SiteEncrypt to create the SSL certificates: GitHub - sasa1977/site_encrypt: Integrated certification via Let's encrypt for Elixir-powered sites

‘’‘Rewriting photoprism and jellyfin is not quite as feasible the long tail of that work is incredibly long.’‘’

True but for my families needs we dont need all of the features of these platforms so I may be dumb enough to try in the coming years.

“I may also have an experiment going that might produce an ARM64 system suitable for VMs. But nothing to show yet”

This sounds very intriguing! And always love to follow your work!

“Security is always up for debate, the big win to me is that you can actually know very specifically what goes into your system and that it is handled explicitly with a read-only filesystem. Also you can set things up to serve no open ports beyond the desired services if you update with NervesHub/NervesCloud.”

As a guy that did incident response for years i’d add, a smallfootprint linux box and an inventory of software on those machines is very helpful and adds value to security. The option to remove a lot of the extra services etc is also a big win!

I’ll also keep you updated on the riscv board im very excited to give it a shot and I love the idea of old framework boards being repurposed for iot/embedded.

I love this so much! Felt crazy to be trying, but see I’m in good company!