-- Leo's gemini proxy

-- Connecting to ew.srht.site:1965...

-- Connected

-- Sending request

-- Meta line: 20 text/gemini

2022-03-19

Re: What do you self host?

tags: software


Following ew0k

gemini://warmedal.se/~bjorn/posts/2022-03-18-re-what-do-you-self-host-.gmi

local copy

responding to JDJs post "What do you self host?"

gemini://jdj.golf/gemlog/what-do-you-self-host.gmi

local copy



Server sounds like a big word for a small single board computer, more specifically a APU2 board by pcengines.ch[a]. This board features 3 ethernet interfaces and therefore is used as a gateway, directing all outbound traffic towards the internet connection (Fritz!Box), while providing a number of services to the home network. Regular backup is done using borgbackup to a different system.


Network Services


Anything needed to make systems on the home network talk to each other or the internet is provided on the internal interface:


dnsmasq --- dhcp, dns, bootp/tftp, ipv4

radvd, wide-dhcp6c --- ipv6 autoconfig, announcing a local /60 prefix and gateway

chronyd --- ntp time server

firewall, configuration provided via ferm (For Easy Rule Making)

sshd access, somewhat hardened, public_key access only


Collection of Environmental Data


collector --- perl script; request environmental data from rs485 bus sensors, feed data to mqtt broker

mosquitto telegraf influxdb grafana --- collect environmental data into a database and make said data visible on a web browser


Communication


apt-cacher-ng --- package proxy, download .deb packages once, serve/use often

bip --- chat zombie/proxy; used rarely

agate --- gemini capsule

nginx --- leftovers of a html based blog (static files), practically unused

nginx/nextcloud --- private files/contacts/calendar etc "cloud", not used much, but occasionally nice to have.

nginx/cgit --- git repositories at home

postfix --- mail transfer agent

fetchmail --- periodically collect emails from external mail boxes

dovecot --- imap server for my mailboxes


External Access


This system is not known via dyndns.org or similar, neither is the Fritz!Box. So inbound connections are not permitted. But how to make "home" accessible from abroad? Well, first of all, this use case is not important for me, but I thought it would be nice in case of urgency. So I set up a few .onion services via TOR. Publicly accessible is only the .onion service, which serves a copy of my gemini capsule.


tor --- .onion service for gemini


There is also an "Authenticated Onion Service"[b] in order to connect to the system from the outside. A connection can only be established, if the requester can provide an additional piece of information[c].


tor --- authenticated .onion service for sshd


Cheers,

~ew


---


[a] pcengines.ch/apu2.htm

[b] Onion Service Authentication

[c] see "CLIENT AUTHORIZATION" in the torrc man page


Home

-- Response ended

-- Page fetched on Fri Apr 26 18:30:27 2024