| I self‐host mostly because local copies of things give me some privacy (sites won’t know what my IP is searching for), and it also lets me work easily when Comcast is down… which is annoyingly frequent in my neighborhood. All of these machines are running OpenBSD, except the gaming machines and the HTPC. • Outgoing Email: OpenSMTPD, with mandatory TLS. Since I’m the only one sending email from my domain, the outgoing relay is hidden behind my LAN and my DKIM keys never leave my network. Outgoing mail gets routed via Wireguard through a VPS so it doesn’t look like it’s coming from a residential IP block. • Incoming Email: OpenSMTPD on my MXes, with MTA‐STS and DNSSEC/DANE so as many senders use TLS as possible. Delivers to Maildir on my LAN, which I access directly using mblaze over SSH (https://github.com/leahneukirchen/mblaze) and IMAP via Dovecot (which supports Maildir backend). • Roundcube webmail. • DNS zones: NSD running on two VPSes, slaves pulling their config via WireGuard from the master which runs in a VM on my LAN. • Public webserver, with personal (public) homepage, Git repositories (clonable and browsable via CGit), photo gallery, files/images/random files when I need to share them by sending a link in IRC, etc. • Matrix: Synapse for the server, Element for the client. Besides hanging out in Matrix rooms I use this for one‐on‐one audio calls with my friends (generate a link, send it to them, and chat through the browser). • Pleroma, so I can interact with the Mastodon network. • Apertium for text translation. The range of languages is a bit limited but for supported pairs it’s nice to avoid Google Translate. • A home theater PC in my living room running Kodi, which pulls all my Blu‐Rays from a home NAS. • A powerful gaming machine that uses Steam to stream games to either the HTPC or my Steam Deck. I only use this at home… I wonder how bad the latency would be if I connected to it when on a trip? • My music collection, whether ripped from CD or bought digitally, is automatically tagged and sorted with Beets, and I run the web plugin to access it over the web. Beets’s web interface is kind of primitive; I would love to replace it with something like FunkWhale. • Full mirrors of websites with free content: Wikipedia, Wikimedia Commons, Wiktionary, Stack Overflow, Project Gutenberg, Standard Ebooks • Full OpenBSD package mirrors • OpenStreetMap, running OSRM (routing) on top of an open source Leaflet/Mapbox demo I set up years ago. I’ve been meaning to update this to something more modern and less reliant on Mapbox software. • Radicale for CalDAV/CardDAV, so my calendar and contacts are synced across all my devices automatically. • Home adblocking with Unbound (what most people use PiHole for I guess). DNS lookups for my home network are anonymized with DoH over Tor (CloudFlare provides documentation for how to do this). • Ways to access my home network when away from home: WireGuard VPN in a roadwarrior configuration; public‐facing SSH (with WebAuthn‐backed keys); failing that, an HTTPS proxy with Squid. (Yes, I have been stuck at conferences where the wifi network blocked SSH, WireGuard, and all traffic that wasn’t HTTP/HTTPS or DNS from the blessed server!) |