💾 Archived View for dctrud.randomroad.net › gemlog › 20200508-self-host-update.gmi captured on 2020-09-24 at 00:44:48. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2020-09-24)

-=-=-=-=-=-=-

I have a self-hosting page on this site, but it's out of date now. I thought I could write a bit here about what I'm hosting myself, and on what before I update it.

I have 2 domains… `trudgian.net` is for important things that I'm not hosting myself (yet) and mostly get left alone. The other `randomroad.net` domain is for my home / lab and self-hosted stuff.

On my primary `trudgian.net` domain I'm using

Zoho

as a paid-for email provider, and my

wwww.trudgian.net

website is just a redirect to this site, hosted on the SDF metarray service. Since family email is on this domain it won't end up 100% self-hosted. If I get hit by a bus tomorrow (or as soon as we are allowed out and about again), then I don't want my family to need to know about dealing with a self-hosted email setup!

On `randomroad.net` I'm now hosting more things, across more servers, than I was a couple of months ago. I previously slimmed down what I was using, but with the COVID lockdown I've had a bit more off-time around computers, and I've been more interested in getting things like self-hosted video chat working. I now host things out on the web using 2 small 1GB NetBSD VPS servers, and a 16GB budget Fedora dedicated server. This means the services aren't running on machines in my physical control but I manage them and I feel this still counts as 'self-hosting'.

NetBSD VPS 1

This is a $5/month 1GB VPS in Dallas from

Vultr

. I'm using Vultr as they allow you to install from an ISO easily, so it has

NetBSD

9.0 on it. This has my primary important services for the domain. I expect Vultr to be pretty reliable, and though it's a small VPS it's very quick to work on.

The server is running:

• DNS master for the domain, using

BIND

• with DNSSEC setup.
• SMTP and IMAP mail for the domain, using

Postfix

and

Dovecot

.

• An

Apache

web server as a place for

• serving random static files simply.

CGit

as a simple/minimal web

• interface for

personal Git

• repositories

.

NetBSD VPS 2

This is another $5/month 1GB VPS from Vultr, but in Atlanta this time. It has NetBSD 9.0 again, and is running the secondary side of services:

• DNS slave for the domain using BIND.
• SMTP secondary MX with Postfix.
• My ZNC IRC bouncer to keep lurking on

freenode

and

SDF

.

Additionally I have a scheduled rsync to pull the important config from the first VPS, so that in the event of some disaster I can have the primary services running again quickly. I don't need real failover for this stuff as it's not that important.

Fedora Dedicated Server

Kimsufi

offers rather oudated budget dedicated servers, but at ridiculously low prices. There are various classes of server offered in Canada and France, with minimum specs stated. If you buy one you will get the RAM and disk you pay for, but the CPU stated is a minimum. I have 16GB RAM, a 2TB HDD, and a quad core 3rd Gen i5 which is better than what I paid for.

I decided to get a Kimsufi server again (I've had one in the past) as:

• I wanted something with enough RAM and disk to try a bunch of
• self-hosting stuff that won't really fit on a small VPS.
• I didn't want to pay the cost of a 4GB+ VPS with 100s GBs of disk.
• I didn't want to host on my re-purposed old desktop at home, as that
• would need opening up my home network because I don't have suitable
• managed networking equipment to create a true isolated DMZ network.
• I don't need reliability. These are services that can go down for a
• week or two without issue.
• Although it's on a relatively slow 100Mbps connection that's better
• than the 20Mbps upstream I have from home, and there's no cap to
• worry about.

Fedora is a slightly unusual choice for a server as it moves quickly, but I use it on my workstation so it's not much more work to keep this server up-to-date as well. I'm not using docker or containers, purely as I do that stuff all day for work and like a change, so it's convenient that Fedora provides more up-to-date packages than the very stable server distros.

This server is now running:

• A

Nextcloud

install. I switched back

• (again) from Syncthing so I have something to sync my iPhone photos
• nicely. Plus my chats with family are moving to Nextcloud Talk away
• from Skype, and I'm looking at the OnlyOffice integration.
• A private

Ampache server

, moved up from a

• home machine so I can stream my personal music collection to myself,
• wherever I am.
• The MySQL, Redis, Memcache etc. services to support these.
• Anything and everything I want to try out.

Kimsufi doesn't give full console access for installs, so I provisioned the OS on only a portion of the drive in the installation tool. This then allows the creation of a large LUKS2 encrypted data partition, where I can keep data so that it is encrypted at rest should the HDD die and be disposed of, or I end the contract. Potentially sensitive OS partition things such as web server logs etc. can be moved to this encrypted partition too. This is not the same as hosting your data at your own home, on a system you have physical control of, but it's sufficient for many purposes.

Backups

I use the excellent

Borg backup

software to pull daily backups down from the NetBSD and Fedora machines to my home machine. Borg works over SSH, setup to use key based authentication, and creates encrypted and de-duplicated backups. The machine the cron job runs on is set to wake on a schedule. It spends most of its time powered down to save a little bit of electricity at home. I only have some small arm boards always-on at home now.

Summing up…

I now have quite a bit more 'stuff' for self-hosting things than I was thinking of a couple of months ago, but it's enjoyable and has let me branch into additional things like self-hosting video chat. Going to definitely draw a line under it for the year. No more computers at home, or VMs and things out on the internet!

--------------------------------------------------------------------------------

This post is day 8 of my #100DaysToOffload challenge.

If you want to get involved, you can get more info from

https://100daystooffload.com

.