I have a self-hosting page on this site, but it's out of date now. I thought I could write a bit here about what I'm hosting myself, and on what before I update it.
I have 2 domains…
trudgian.net is for important things that I'm not hosting
myself (yet) and mostly get left alone. The other
randomroad.net domain is for
my home / lab and self-hosted stuff.
On my primary
trudgian.net domain I'm using Zoho as a paid-for email provider,
and my wwww.trudgian.net website is just a redirect to this site, hosted on the
SDF metarray service. Since family email is on this domain it won't end up
100% self-hosted. If I get hit by a bus tomorrow (or as soon as we are allowed
out and about again), then I don't want my family to need to know about dealing
with a self-hosted email setup!
randomroad.net I'm now hosting more things, across more servers, than I was a
couple of months ago. I previously slimmed down what I was using, but with the
COVID lockdown I've had a bit more off-time around computers, and I've been more
interested in getting things like self-hosted video chat working. I now host
things out on the web using 2 small 1GB NetBSD VPS servers, and a 16GB budget
Fedora dedicated server. This means the services aren't running on machines in
my physical control but I manage them and I feel this still counts as
NetBSD VPS 1
This is a $5/month 1GB VPS in Dallas from Vultr. I'm using Vultr as they allow you to install from an ISO easily, so it has NetBSD 9.0 on it. This has my primary important services for the domain. I expect Vultr to be pretty reliable, and though it's a small VPS it's very quick to work on.
The server is running:
NetBSD VPS 2
This is another $5/month 1GB VPS from Vultr, but in Atlanta this time. It has NetBSD 9.0 again, and is running the secondary side of services:
- DNS slave for the domain using BIND.
- SMTP secondary MX with Postfix.
- My ZNC IRC bouncer to keep lurking on freenode and SDF.
Additionally I have a scheduled rsync to pull the important config from the first VPS, so that in the event of some disaster I can have the primary services running again quickly. I don't need real failover for this stuff as it's not that important.
Fedora Dedicated Server
Kimsufi offers rather oudated budget dedicated servers, but at ridiculously low prices. There are various classes of server offered in Canada and France, with minimum specs stated. If you buy one you will get the RAM and disk you pay for, but the CPU stated is a minimum. I have 16GB RAM, a 2TB HDD, and a quad core 3rd Gen i5 which is better than what I paid for.
I decided to get a Kimsufi server again (I've had one in the past) as:
- I wanted something with enough RAM and disk to try a bunch of self-hosting stuff that won't really fit on a small VPS.
- I didn't want to pay the cost of a 4GB+ VPS with 100s GBs of disk.
- I didn't want to host on my re-purposed old desktop at home, as that would need opening up my home network because I don't have suitable managed networking equipment to create a true isolated DMZ network.
- I don't need reliability. These are services that can go down for a week or two without issue.
- Although it's on a relatively slow 100Mbps connection that's better than the 20Mbps upstream I have from home, and there's no cap to worry about.
Fedora is a slightly unusual choice for a server as it moves quickly, but I use it on my workstation so it's not much more work to keep this server up-to-date as well. I'm not using docker or containers, purely as I do that stuff all day for work and like a change, so it's convenient that Fedora provides more up-to-date packages than the very stable server distros.
This server is now running:
- A Nextcloud install. I switched back (again) from Syncthing so I have something to sync my iPhone photos nicely. Plus my chats with family are moving to Nextcloud Talk away from Skype, and I'm looking at the OnlyOffice integration.
- A private Ampache server, moved up from a home machine so I can stream my personal music collection to myself, wherever I am.
- The MySQL, Redis, Memcache etc. services to support these.
- Anything and everything I want to try out.
Kimsufi doesn't give full console access for installs, so I provisioned the OS on only a portion of the drive in the installation tool. This then allows the creation of a large LUKS2 encrypted data partition, where I can keep data so that it is encrypted at rest should the HDD die and be disposed of, or I end the contract. Potentially sensitive OS partition things such as web server logs etc. can be moved to this encrypted partition too. This is not the same as hosting your data at your own home, on a system you have physical control of, but it's sufficient for many purposes.
I use the excellent Borg backup software to pull daily backups down from the NetBSD and Fedora machines to my home machine. Borg works over SSH, setup to use key based authentication, and creates encrypted and de-duplicated backups. The machine the cron job runs on is set to wake on a schedule. It spends most of its time powered down to save a little bit of electricity at home. I only have some small arm boards always-on at home now.
I now have quite a bit more 'stuff' for self-hosting things than I was thinking of a couple of months ago, but it's enjoyable and has let me branch into additional things like self-hosting video chat. Going to definitely draw a line under it for the year. No more computers at home, or VMs and things out on the internet!
This post is day 8 of my #100DaysToOffload challenge.
If you want to get involved, you can get more info from https://100daystooffload.com.