-- Leo's gemini proxy
-- Connecting to ew.srht.site:1965...
-- Connected
-- Sending request
-- Meta line: 20 text/gemini
Following ew0k
responding to JDJs post "What do you self host?"
Server sounds like a big word for a small single board computer, more specifically a APU2 board by pcengines.ch[a]. This board features 3 ethernet interfaces and therefore is used as a gateway, directing all outbound traffic towards the internet connection (Fritz!Box), while providing a number of services to the home network. Regular backup is done using borgbackup to a different system.
Anything needed to make systems on the home network talk to each other or the internet is provided on the internal interface:
dnsmasq --- dhcp, dns, bootp/tftp, ipv4
radvd, wide-dhcp6c --- ipv6 autoconfig, announcing a local /60 prefix and gateway
chronyd --- ntp time server
firewall, configuration provided via ferm (For Easy Rule Making)
sshd access, somewhat hardened, public_key access only
collector --- perl script; request environmental data from rs485 bus sensors, feed data to mqtt broker
mosquitto telegraf influxdb grafana --- collect environmental data into a database and make said data visible on a web browser
apt-cacher-ng --- package proxy, download .deb packages once, serve/use often
bip --- chat zombie/proxy; used rarely
agate --- gemini capsule
nginx --- leftovers of a html based blog (static files), practically unused
nginx/nextcloud --- private files/contacts/calendar etc "cloud", not used much, but occasionally nice to have.
nginx/cgit --- git repositories at home
postfix --- mail transfer agent
fetchmail --- periodically collect emails from external mail boxes
dovecot --- imap server for my mailboxes
This system is not known via dyndns.org or similar, neither is the Fritz!Box. So inbound connections are not permitted. But how to make "home" accessible from abroad? Well, first of all, this use case is not important for me, but I thought it would be nice in case of urgency. So I set up a few .onion services via TOR. Publicly accessible is only the .onion service, which serves a copy of my gemini capsule.
tor --- .onion service for gemini
There is also an "Authenticated Onion Service"[b] in order to connect to the system from the outside. A connection can only be established, if the requester can provide an additional piece of information[c].
tor --- authenticated .onion service for sshd
Cheers,
~ew
---
[c] see "CLIENT AUTHORIZATION" in the torrc man page
-- Response ended
-- Page fetched on Fri Apr 26 18:30:27 2024