Secure Rust CMS foundation built on Axum, SurrealDB and Fluxheim.
Passkey-first installer. Rootless-ready. Designed for a modern extension ecosystem.
Aetherheim is a Rust CMS foundation for secure single-site publishing. The current 1.0 path focuses on a usable first-run installer, safe site settings, administrator authentication, content publishing, assets, comments, SEO metadata, redirects, public descriptors, and deployment behind Fluxheim or a manual reverse proxy. Later milestones add the polished Leptos admin interface and the Wasm plugin/theme runtime.
Aetherheim is licensed under the European Union Public Licence 1.2.
- Axum HTTP application with central security headers, rate limiting, lockouts, route authorization, and structured health/readiness endpoints.
- SurrealDB-backed schema for installer state, site settings, identity, content, taxonomy, assets, comments, redirects, SEO, layouts, plugins, themes, MCP records, federation records, audit events, and search metadata.
- First-run installer with a one-time token, environment/proxy validation, passkey-first administrator creation, password+TOTP fallback, recovery codes, and automatic installer lockout.
- Administrator sessions stored as keyed hashes, HttpOnly/SameSite=Strict cookie support, route capability checks, and recovery-code login.
- Public site settings for title, tagline, icon/logo assets, localization, reading/writing behavior, media limits, permalinks, privacy, robots.txt, and security.txt overrides.
- Public URL aliases so one single-site install can serve the same site from multiple configured domains.
- Local development helpers for direct installs, SurrealDB 3.0.5, Fluxheim, Fluxheim cache examples, and rootless Podman/Wolfi image smoke tests.
See Roadmap for the planned 1.0 release boundary and post-1.0 work.
- Rust first: memory-safe application code with a pinned stable toolchain.
- SurrealDB native: structured records and graph-ready data model for content, localization, identity, and future network features.
- Security led: passkey-first setup, strict headers, capability checks, dependency policy, audit trail, and OWASP baseline checks.
- Rootless ready: local Podman stack, Wolfi runtime image, and Fluxheim reverse-proxy examples.
- Extension boundary planned: Wasm plugin/theme APIs are tracked in the roadmap without allowing arbitrary host code inside the core.
Run a disposable direct installer test without Fluxheim:
scripts/aetherheim-dev-instance dev startOpen:
http://127.0.0.1:3640/_aetherheim/install
The helper starts SurrealDB on 127.0.0.1:3641, runs Aetherheim on
127.0.0.1:3640, writes the installer token to
.aetherheim-dev/installer-token, and keeps local state under
.aetherheim-dev/.
Destroy the disposable instance:
scripts/aetherheim-dev-instance dev destroyFor Fluxheim-backed local testing:
cp .env.podman.example .env.podman
podman compose --env-file .env.podman -f deploy/podman/podman-compose.yml up -d
AETHERHEIM_BIND=0.0.0.0:3000 cargo runThen open http://127.0.0.1:8080.
- Installation: requirements, environment variables, manual install, and first-run installer behavior.
- Deployment: deployment map for manual, reverse proxy, container, and production paths.
- Reverse Proxy And Cache: Fluxheim/nginx guidance, trusted headers, public URL aliases, and asset caching.
- Containers: rootless Podman dependencies and Wolfi runtime image usage.
- Administration: administrator auth, site settings, recovery codes, scheduled publishing, and public descriptors.
- Backup And Recovery: SurrealDB and storage backup and restore.
- Development: checks, smoke tests, image tests, and release gates.
- Release Process: 1.0 release candidate checklist.
- Security Baseline: OWASP Top 10:2025 evidence and limits.
- Licensing: EUPL-1.2 notes and planned extension exception.
Run the normal local gate:
scripts/checks.shRun checks plus direct and Fluxheim smoke coverage:
AETHERHEIM_RUN_SMOKE=1 scripts/checks.shBefore a 1.0 release candidate:
scripts/release_1_0_gate.shThat wrapper requires a clean tree and enables direct/manual smoke, Fluxheim smoke, Wolfi image smoke, and strict crates.io latest-version resolution by default.
