Now that I have started this community off with a non-technical post, I will share my own, personal solution to digital privacy. This post will be more technical.

I self-host every service I possibly can from a cluster of servers (mostly low-power ARM SBCs) that are in my room. Until recently, I was just manually throwing services onto servers and then manually configuring everything. As I’ve mentioned before in a GenZedong General Discussion Thread, I am now using an orchestrator called Nomad as well as a service discovery solution called Consul.

This allows me to submit a single configuration file, and my servers all automatically configure themselves to perform whatever task I wanted them to. I’ve placed all my configuration files along with relatively detailed READMEs about them into this repository if anyone wants to take a look at them: https://gitea.arsenm.dev/Arsen6331/nomad.

Due to using SBCs, I am able to do all of this with a power consumption of just 50W.

Here is a list of things I host and what they’re meant to replace:

  • Matrix Dendrite: Discord
  • Nextcloud: Google Drive
  • OnlyOffice: Google Docs
  • Home Assistant: HomeKit/SmartThings/<insert smart home platform here>
  • Gitea: Github/Gitlab
  • Minio: Amazon S3 (storage and download for files)
  • LMS: Spotify
  • SearXNG: Google Search (Note: I used to use my own metasearch engine but switched to SearXNG a couple days ago because mine kept getting ratelimited)

There are more but they’re not really alternatives to anything, I’ll list them here:

  • Authelia: Provides authentication and 2fa for services that don’t provide their own mechanism. Can also work similarly to “Sign in with Google” buttons via OAuth2 and OIDC.
  • Traefik: Reverse proxy that provides access to all the rest
  • Homer: Provides a dashboard for all my services. My instance can be found at: https://dashboard.arsenm.dev
  • Arsen6331 ☭OP
    7·
    2 years ago
    1. Personally, I just use my domain registrar’s DNS service and Let’s Encrypt for TLS certificates. I used to use certbot with Nginx as a reverse proxy, but now I use Traefik, which has a let’s encrypt client built in.
    2. If someone does decide to DDoS me, I’ll use my ISP’s online portal to drop my IP and get a new one or just unplug the modem for a minute or so, which should give me a new IP, then let my ISP deal with them
    3. Most services require very little bandwidth. I only have 20 Mbit upload and it’s enough for all of this.
    4. You can, though you might need to write a custom solution for this. Either way, you’ll need to find ways to proxy and encrypt all the data because they will steal it if they get the chance, and just encryption isn’t enough because they log IP data.