Introducing Thymis: Web-Based Dashboard and Device Provisioning for NixOS

GitHub: GitHub - Thymis-io/thymis: Thymis is an open-source project that aims to provide a seamless and secure IoT device management solution. With Thymis, users can easily configure and manage their devices running on the NixOS operating system.
Website: https://thymis.io/
Documentation: https://docs.thymis.io/

Hello, NixOS community!

We’re excited to introduce Thymis, an open-source platform designed to make managing NixOS systems, especially on IoT devices, Raspberry Pis, and Mini PCs, simpler and more accessible. Thymis features a user-friendly web-based dashboard, bringing a much-needed graphical interface to the Nix ecosystem.

What is Thymis?

Thymis is a system management solution that leverages NixOS’s powerful configuration capabilities to handle provisioning, updates, and more. It enables you to create fully-configured disk or SD-card images for seamless deployments, ensuring that every device boots up exactly as you intended.

Key Features:

• Web-Based Dashboard: A GUI for NixOS that makes managing configurations and deployments intuitive, even for those new to the system.

  • 

    screenshot-thymis-ui2253×1357 295 KB

• Full Configuration Provisioning: Easily generate disk or SD-card images with your complete setup, simplifying deployment and minimizing manual configuration.

• Extendable Architecture: Use our extension feature to integrate custom modules with your own logic, expanding Thymis to fit your specific needs.

• Seamless Integration: Thymis is built to complement NixOS’s strengths, preserving its atomic updates and rollback capabilities.

Thymis Architecture

Thymis architecture consists of three main components:

• Frontend/Dashboard: Built with SvelteKit and TypeScript, a web-based interface for provisioning and monitoring devices. It communicates with the backend through a REST API.
• Thymis Controller: The core of Thymis, implemented in FastAPI and Python, manages devices and handles the interactions between the frontend and devices. It converts device states into NixOS configurations stored in a versioned Git repository.
• Device Layer: Supports various devices, from Raspberry Pis to servers. The optional Thymis Agent ensures secure communication and consistent configurations across all devices. User defined software modules can be integrated into the system.

For a visual overview, see the architecture diagram below:

architecture1280×2322 284 KB

Why Thymis?

NixOS’s declarative and reproducible configurations are powerful but can be complex to manage at scale. Thymis simplifies this with an easy-to-use interface, making it ideal for deploying consistent setups across all your systems.

Who Is It For?

Thymis is perfect for:

• System administrators who need to deploy uniform configurations across multiple machines.
• Developers looking for efficient provisioning tools.
• NixOS enthusiasts who want a graphical interface to enhance their workflow.

How to Get Started with Thymis

Curious to see Thymis in action? Head over to our GitHub repository to explore the code and learn how you can set it up. You can also visit our official website and our documentation for more details to help you get up and running with Thymis in no time.

Join Us at NixCon 2024

We’ll be presenting Thymis live at NixCon 2024 in Berlin, from October 25th to 27th! This community-driven event is a great opportunity to see Thymis in action, learn about its features, and discuss its future development with fellow NixOS enthusiasts. We hope to see you there!

Stay Connected

We’re building Thymis with the NixOS community in mind. If you have feedback, feature suggestions, or just want to follow our progress, check out our GitHub page and leave a star, write a comment on this post, or send us a mail at our email. We’d love to hear your thoughts and work together to make Thymis the best tool for NixOS management.

The Thymis Team

I find it hard to reconcile “IoT at scale” “Large enterprise” and “up to 200 devices”.

Oooh, this looks cool. I’ll have to find time to play with this on a weekend. I have used OpenBalena in the past for this sort of stuff, would you say it’s comparable?

I think it was suggested before that Thymis is aiming at roughly the same set of use-cases, yes. I’ve used Balena a bit and it’s great for what it does, but also a little restrictive. Fully-fledged nixos on the target would be lovely!

On a related note, I’ve still got a few Pi Zeros (v1) floating around - which are annoyingly armv6. I wonder if enough people still want to use them it’s worth revisiting armv6 builds and binary caches, or if it’s easier just to declare them obsolete and upgrade to the Zero 2 which is armv7…

Have to say my initial excitement was tempered when I realised it was a paid product if you want to use it with more than 5 devices.

Personally I selfhost, for my own personal use, and have more NixOS VMs than that!!

The whole “at scale” part refers more to the architecture and design concepts, than any pricing plan. There is always the option to just do more devices if the foundation is good. The exact numbers are likely to change in the future anyway.

The software itself is still at an early state and is not optimized for organizing hundreds of devices. However, we believe that the core concepts, especially using NixOS, will make the scaling much more reasonable in the long run.

you are always free to fork the repo and adjust the code to use more devices for personal projects. The core software will always be open source and the pricing is to allow us to continue working on the project.

Thanks for clarifying that

Would be interested to see the actual “at scale” problems for IoT on NixOS solved. For me that’d be zero touch and secure provisioning (e.g. with TPM2, and/or DevID). NixOS is still lacking quite in this part compared to commercial solutions.

Ok. But we can agree that mastering state for 200 devices could be done on a single board computer, or t3a.nano on aws? I think software looks cool, but the marketing copy is embarrassing. I wish you guys the best of luck.

We’ve also encountered the problem of armv6 support and decided to drop the matter until we see it as a worthwhile effort.

If a customer or project approaches us with a fleet of armv6 devices (like the Pi Zeroes) we would of course consider building and hosting the necessary infrastructure (build machines, binary cache, packaging, etc.).

We’ve taken the path of just declaring the Zero 1 obsolete for us and have recommended and used the Zero 2 for us.

We are of course also interested in having a robust “zero touch and secure provisioning”, as currently our deployment model in Thymis definitely is not perfect and does not provide strong enough guarantees to fully satisfy us.

Since you mention commercial solutions, are there some you had good experiences with and could point them out for us to study?

The Thymis controller can of course run on a low resource device such as a single board computer, or t3a.nano, with slight issues in the memory requirements of a nixpkgs evaluation for NixOS system building.

Interesting deployments that may build artifacts instead of only substituting during updates, such as a custom patched kernel or similiar, do of course require many more computing resources.

Our marketing copy is also very work in progress until the project can stand on it’s own legs, so we would appreciate any general or concrete feedback on that too.

Not sure I really buy this:

1. the cost of building the artifact doesn’t scale with the number of devices
2. even doing a staggered updated to fleet of 1000s of devices isn’t likely to saturate a gig nic, which you’ll find on a pi
3. you can fit many thousands of embedded linux images on a single ssd.

I’m not saying this to be jerk: my full time job is running a fleet of multiple 10s of thousands of devices, and our in house deployment management system… runs on a t3a.micro. If you want to be able to sell this to decision makers then you need to be some combination of cheaper / better than your competition and it’s a lot easier to sell cheaper than better.

Concrete marketing feedback: drop anything about scale until you have some semblance of it. But that’s just my opinion, feel free to ignore.

EDIT: to be clear about something: I am critical because I am a potential customer! Maybe next year we look at a next gen product, it will probably run embedded linux. Maybe it could run nix.

you can use standard tools like terraform or ansible to render configuration.nix and call nixos-rebuild switch.

We just released Version 0.1.1 which fixes support for public https instances, sorry for the inconveniences if you have tried thymis out already and ran into this.

Thanks to @tasiaiso for reporting this.

A very interesting project, but I think your pricing is way off.

Also, I do not know in what IoT business “large-scale” is max 200 devices… Often first phase pilots (after Proof Of Concepts) are more than that.

I agree with you and @bme. Thymis is not ready for deployments with over 200 devices yet. We are currently looking at smaller use cases with local partners like digital signage in transport hubs, single production lines, etc. to develop Thymis further. If you have a case with more devices that may benefit from Thymis, we would appreciate you reaching out to us.

This is incredible work, congrats!

(I was working on something semi-similar using elixir, postgres, and nix just in my spare time. But didn’t create a nice UI. Also what I was working on could handle deploy, but also eventually could do much of basically what hashicorp nomad, consul, vault does, too.)