Skip Navigation

You're viewing a single thread.

101 comments
  • It's a work in progress, but https://wiki.gardiol.org (which is OFC self-hosted)

    Anyway, beefy HP laptop with 32gb ram and Xeon CPU to run all services. 3 RAID-1 (Linux sw raid) usb3 volumes to host all services and data.

    Two isp's: Vodafone FVA 5G (data capped) for general navigation and Fastweb FTTC (low speed but uncapped) for backup access and torrent/Usenet downloads.

    Gentoo Linux all the way and podman, but as much limited as possible: only immich (that's impossible to host on bare metal due to devs questionable choices).

    Services: WebDAV/webcal/etc wiki, more stuff, arrs, immich, podfetch, and a few more.

    All behind nginx reverse proxy.

    99% bare metal.

    Self developed simple dashboard

    External access via ssh tunnels to vps

    • That public wiki gives me the security heebie-jeebies. 🤭 Not saying it's not secure, just that I'd have constant doubts whether I've covered all the bases if I were doing it.

      • The service runs as an unpriviledged user, even if, at worst, an intruder would delete or replace the wiki itself. Even the php-fpm behind it runs as that unpriviledged user and is not shared with any other service.

        I doubt an attacker could do anything worse than DoS on the wiki itself.

      • Why?

        • Not saying it's not secure, just that I'd have constant doubts whether I've covered all the bases if I were doing it. Especially ensuring an intruder can't compromise anything else if they take it over via some security exploit in PHP or DocuWiki itself.

101 comments