Fortino

A secure, user-friendly web application that lowers the barrier to hosting services on Guix systems, using a Spritely Goblins agent and Bonfire-based UI.

As far-right movements gain ground in Europe and tech giants like Google abandon ethical limits on AI for surveillance and warfare, the need for free, autonomous, rights-respecting digital infrastructure is no longer optional. In this context, Fortino is both a political act and a practical tool: a web app built on ethical, decentralized technologies (Guix, Bonfire and Spritely Goblins), designed to let small organizations provision and manage self-hosted services without deep technical expertise.

Most organizations depend on tools like Google Docs to function, but lack the skills to host their own infrastructure - even when data sovereignty is critical. Fortino makes self-hosting viable for grassroots collectives, civil society organizations, and climate justice groups: those most in need of digital autonomy and most vulnerable to coercive tech.

The expected outcome is a secure, user-friendly web application that lowers the barrier to hosting services on Guix systems, using a remote agent and Bonfire-based UI. By doing so, Fortino also promotes adoption of other FOSS projects, with the goal of creating a positive feedback loop for all involved projects.

Roadmap

Agent

The first step would be to implement a very basic agent. The least number of functionalities required to query the current Guix configuration state and to reconfigure the system.

CLI interface

Then a command line UI vertical on a single application could be implemented and additional features added to the agent required to setup end to end the application. This will be a command line installer for the Bonfire project. The idea would be that the users could start with a plain Guix install, they would add the Fortino agent to their system and install the CLI installer and are able to easily install a Bonfire instance.

Guile Hoot library

The next step would be a Guile Hoot library to interact with the agent from the browser; it should at least support the same set of functionality as the command line installer.

Bonfire.UI based web interface

With a Webassembly interface to Fortino's agent a Bonfire framework based UI, vertical on a single application, could be implemented.

Web UI derived from Guix configuration records

Finally Web UI support for more applications could be implemented, with a general mechanism to map Guix configuration records to UI widgets.

Comparison with the state of the art

The core mission of Fortino is to radically lower the barriers upheld by technology. To be truly effective in today's society we need first class digital tools that are easy to use, inclusive, safe and rooted in European sovereignty. It is not enough to liberate tech workers alone, we must empower all those engaged in societal transformation without requiring them to learn the equivalent of a Computer Science degree.

While I deeply admire the many valuable efforts in this space - some of which are still active and serve as important reference points - Fortino aims to deliver a feature set that, to my knowledge, no existing project currently offers.

The most inclusive project in this space is YunoHost. Yunohost is a web application, designed to be tightly integrated with Debian, that allows non technical people to deploy end to end web applications on a single machine. In my opinion its pros are the big community and the end to end deployment experience. Its shortcomings are that: package recipes follow a different format than the one of Debian packages, it has some kind of repository concept which I wouldn't classify as a full blown derivative, so contributors have to learn yet another domain specific language with all the idiosyncrasies which come with that. Also all actions performed by Yunohost on the host system are imperative and the outcome achieved is totally dependent on the order they were taken. At last, Yunohost does not have in its scope the management of remote machines. It is designed to manage the system where it is running and nothing else. Fortino's advantages over Yunohost are manyfold: there is no need to maintain an application repository on top of Guix, users can use third party channels for whatever application is not packaged in Guix mainline. Users also don't need to learn a completely new stack on top of Guix if they need to make their own application work. Fortino will support setups a-là Kubernetes where a central main node can control and configure many different nodes (which do not run the whole Fortino suite) but only an agent. Moreover, Fortino will offer all the advantages of Guix, including deriving the expected system state from a central configuration, without stating the order over which operations have to be performed, the ability to roll back configurations and the ability to deploy configurations to remote machines.

Another player is CoopCloud, a Docker swarm based project that provides a command line utility that simplifies the provisioning and management of web applications. CoopCloud, just like Yunohost, requires an additional application repository based on OCI images on top of the native distro one, acts imperatively on the host operating system and requires packagers to learn yet another YAML flavor.

There have been many efforts in creating something similar to Fortino inside NixOS, the most successful of which are SelfHostBlocks and SelfPrivacy. They satisfy different needs from the ones that Fortino is supposed to: they don't have a Web UI, assuming highly technical users that are able to write Nix code and they are not able to manage fleets of machines.

Building on the work of existing projects, Fortino goes further in solving the following challenges: