Now that I have started this community off with a non-technical post, I will share my own, personal solution to digital privacy. This post will be more technical.

I self-host every service I possibly can from a cluster of servers (mostly low-power ARM SBCs) that are in my room. Until recently, I was just manually throwing services onto servers and then manually configuring everything. As I’ve mentioned before in a GenZedong General Discussion Thread, I am now using an orchestrator called Nomad as well as a service discovery solution called Consul.

This allows me to submit a single configuration file, and my servers all automatically configure themselves to perform whatever task I wanted them to. I’ve placed all my configuration files along with relatively detailed READMEs about them into this repository if anyone wants to take a look at them: https://gitea.arsenm.dev/Arsen6331/nomad.

Due to using SBCs, I am able to do all of this with a power consumption of just 50W.

Here is a list of things I host and what they’re meant to replace:

  • Matrix Dendrite: Discord
  • Nextcloud: Google Drive
  • OnlyOffice: Google Docs
  • Home Assistant: HomeKit/SmartThings/<insert smart home platform here>
  • Gitea: Github/Gitlab
  • Minio: Amazon S3 (storage and download for files)
  • LMS: Spotify
  • SearXNG: Google Search (Note: I used to use my own metasearch engine but switched to SearXNG a couple days ago because mine kept getting ratelimited)

There are more but they’re not really alternatives to anything, I’ll list them here:

  • Authelia: Provides authentication and 2fa for services that don’t provide their own mechanism. Can also work similarly to “Sign in with Google” buttons via OAuth2 and OIDC.
  • Traefik: Reverse proxy that provides access to all the rest
  • Homer: Provides a dashboard for all my services. My instance can be found at: https://dashboard.arsenm.dev
  • holdengreen
    link
    fedilink
    arrow-up
    5
    ·
    2 years ago

    Nice. I’ve been meaning to get back to my stuff also.

    1. I need to take Cloudflare off of greenempower.org. do you have a better idea for DNS?
    2. I’m afraid of getting DDoS’d when I put up public services.
    3. My home bandwidth is limited and I can’t afford/don’t trust cloud services to keep my data.
    4. Maybe I can use a cloud service as a buffer/data cache so my home isn’t overloaded?
    • Arsen6331 ☭OP
      link
      fedilink
      arrow-up
      7
      ·
      edit-2
      2 years ago
      1. Personally, I just use my domain registrar’s DNS service and Let’s Encrypt for TLS certificates. I used to use certbot with Nginx as a reverse proxy, but now I use Traefik, which has a let’s encrypt client built in.
      2. If someone does decide to DDoS me, I’ll use my ISP’s online portal to drop my IP and get a new one or just unplug the modem for a minute or so, which should give me a new IP, then let my ISP deal with them
      3. Most services require very little bandwidth. I only have 20 Mbit upload and it’s enough for all of this.
      4. You can, though you might need to write a custom solution for this. Either way, you’ll need to find ways to proxy and encrypt all the data because they will steal it if they get the chance, and just encryption isn’t enough because they log IP data.
    • FuckBigTech347
      link
      fedilink
      arrow-up
      6
      ·
      2 years ago

      I run many of the same Services as comrade @Arsen6331@lemmygrad.ml except for Matrix (I still use Synapse, Dendrite’s predecessor). I also run my own web crawls and have transmission-daemon to seed some torrents and I have my own personal Pleroma instance. My bandwidth is 50 MBit/s Down and 10 MBit/s Up. It’s not always smooth but it’s okay. I don’t think a cdn of any kind is necessary unless you expect a lot of people to use your services.

      No one will just randomly [D]DoS you, unless you give someone a reason to. I’ve been running these Services public for almost 3 years now and I’ve never once experienced a DoS attack, much less a DDoS. The only thing you might get are random SSH login attempts from bots. But you shouldn’t expose sshd to the public internet on standard port 22 anyways.