Now that I have started this community off with a non-technical post, I will share my own, personal solution to digital privacy. This post will be more technical.
I self-host every service I possibly can from a cluster of servers (mostly low-power ARM SBCs) that are in my room. Until recently, I was just manually throwing services onto servers and then manually configuring everything. As I’ve mentioned before in a GenZedong General Discussion Thread, I am now using an orchestrator called Nomad as well as a service discovery solution called Consul.
This allows me to submit a single configuration file, and my servers all automatically configure themselves to perform whatever task I wanted them to. I’ve placed all my configuration files along with relatively detailed READMEs about them into this repository if anyone wants to take a look at them: https://gitea.arsenm.dev/Arsen6331/nomad.
Due to using SBCs, I am able to do all of this with a power consumption of just 50W.
Here is a list of things I host and what they’re meant to replace:
- Matrix Dendrite: Discord
- Nextcloud: Google Drive
- OnlyOffice: Google Docs
- Home Assistant: HomeKit/SmartThings/<insert smart home platform here>
- Gitea: Github/Gitlab
- Minio: Amazon S3 (storage and download for files)
- LMS: Spotify
- SearXNG: Google Search (Note: I used to use my own metasearch engine but switched to SearXNG a couple days ago because mine kept getting ratelimited)
There are more but they’re not really alternatives to anything, I’ll list them here:
- Authelia: Provides authentication and 2fa for services that don’t provide their own mechanism. Can also work similarly to “Sign in with Google” buttons via OAuth2 and OIDC.
- Traefik: Reverse proxy that provides access to all the rest
- Homer: Provides a dashboard for all my services. My instance can be found at: https://dashboard.arsenm.dev
Nice. I’ve been meaning to get back to my stuff also.
I run many of the same Services as comrade @Arsen6331@lemmygrad.ml except for Matrix (I still use Synapse, Dendrite’s predecessor). I also run my own web crawls and have transmission-daemon to seed some torrents and I have my own personal Pleroma instance. My bandwidth is 50 MBit/s Down and 10 MBit/s Up. It’s not always smooth but it’s okay. I don’t think a cdn of any kind is necessary unless you expect a lot of people to use your services.
No one will just randomly [D]DoS you, unless you give someone a reason to. I’ve been running these Services public for almost 3 years now and I’ve never once experienced a DoS attack, much less a DDoS. The only thing you might get are random SSH login attempts from bots. But you shouldn’t expose sshd to the public internet on standard port 22 anyways.