From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1 ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id UES4EugH3mCKsgAAgWs5BA (envelope-from ) for ; Thu, 01 Jul 2021 20:22:32 +0200 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1 with LMTPS id MBpNDugH3mCAVwAAbx9fmQ (envelope-from ) for ; Thu, 01 Jul 2021 18:22:32 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 98EC7184DC for ; Thu, 1 Jul 2021 20:22:30 +0200 (CEST) Received: from localhost ([::1]:54322 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lz1KW-0006Be-H2 for larch@yhetil.org; Thu, 01 Jul 2021 14:22:28 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:38946) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lz1KK-0006Ap-1c; Thu, 01 Jul 2021 14:22:16 -0400 Received: from server0.selfhosted.xyz ([217.64.149.7]:54890) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lz1KH-0005qJ-Ca; Thu, 01 Jul 2021 14:22:15 -0400 Received: from server0.selfhosted.xyz (localhost [127.0.0.1]) by server0.selfhosted.xyz (Postfix) with ESMTP id EC69E1EFC5A3; Thu, 1 Jul 2021 20:21:54 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=selfhosted.xyz; s=dkim; t=1625163720; bh=HTxHRI0hxDX8SUWqOcESHZYRRC4VSDigQ2Z+KLliDQw=; h=Date:From:To:Cc:Subject:In-Reply-To:References; b=0Fq1TPtgV/WmvQbWgB/6hEXq5zGtvbXUDTHyaXy4njZrdYr9Dt95fyhjBb3CVeG1J vVN3s0Pll/IXW7ewAPIqR/F6oI9/FMdX4hKj+oOk0jsk8WzZRBZgfuyEig+SzrbKfA UCw0VrZHOM+J15mSmUdWS0pnAKeZIviGeQ95e5q5YBtyFUXBjNpoZ+6/2orQ0PfB6f rYC7rblTaEHJVB3V6nk2r3wOJzYtP8sevxfE+myOOb6MxQMDIZRGH11Ms9NXH/5Pbl tMtDMDGHhUFa9EOtvn6532fICtqYIDEEeensRloPSLOkyOJGskm5T1e6Xm0HfmVZjI u0ABw4T6uqbAA== X-Fuglu-Suspect: 901a29afb18845a294484304966af232 X-Fuglu-Spamstatus: NO Received: from webmail.selfhosted.xyz (office.selfhosted.xyz [192.168.1.4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: mail@selfhosted.xyz) by server0.selfhosted.xyz (Postfix) with ESMTPSA; Thu, 1 Jul 2021 20:21:54 +0200 (CEST) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Thu, 01 Jul 2021 20:21:54 +0200 From: david larsson To: Joshua Branson Subject: Re: My very own Guix System Server in my apartment In-Reply-To: <87bl7nz7oo.fsf@dismail.de> References: <87bl7nz7oo.fsf@dismail.de> Message-ID: <41f79f55caf962e490bc0d953072844d@selfhosted.xyz> X-Sender: david.larsson@selfhosted.xyz Received-SPF: pass client-ip=217.64.149.7; envelope-from=david.larsson@selfhosted.xyz; helo=server0.selfhosted.xyz X-Spam_score_int: -19 X-Spam_score: -2.0 X-Spam_bar: -- X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FROM_SUSPICIOUS_NTLD=0.392, PDS_OTHER_BAD_TLD=1.999, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: help-guix@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: help-guix@gnu.org, Help-Guix Errors-To: help-guix-bounces+larch=yhetil.org@gnu.org Sender: "Help-Guix" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1625163752; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=HTxHRI0hxDX8SUWqOcESHZYRRC4VSDigQ2Z+KLliDQw=; b=jtoLa9lHqPGvyJqSc+1VIcV9oryeCPt4ayOSuM20+TQlzC6ojjzaZRaJidxvuPVqxLRo5k Y785iItKOM15Z0rNhXyomErX/i8UtuSu8fX2lbqwgR0nATIOsm1Qj7MJldPKe55E0MjXoU VJ8LUPfD0Uov75/jW+bU4lHHAwkPLexbGWPUM1pRaWWrgewE++gi3SxFq9g/Yb7VphnYJJ qhN+9xI98Ve+ZlrvKqzP2EI3lwCyp9xYZuVjFDA41tlf8ZLkY6pxcB+aZ7y3KV2vFGgRPJ 1OAk5npQuBhx5+MXCLtI8hG9vHWDchdn1Bz/MnvwFrbDGuLYWVvxhwM9YayC8w== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1625163752; a=rsa-sha256; cv=none; b=rHv8DQyY527Efg5xGIEKrBhDSvUHRdQgR1QFCRN/HauCcWIYWwtQqtFk3+SImPNLzSD25F ZZWhtlWcPnwpzEJ+2grvBdiIcCpb6YEeixbo3ZvoaiT+gHOo9upTMntN9aZiwVQUZc4a6z BH8BwCMixOyCBTz5Psr3njtsBa2D6/QhHNihOaConPwBCBulYOed+OMx+tOoXWIbvMNjYz SrDSdVqfC+Swn7nAJG18/NIsAkJIbs3TO89h8eHBnLvtGEK1vcQQePqgzkP1Rq9rTs9EiX dYFmBuRQhc45An9gJtdCkQFw5T5SiTKc95Eehtf5rxzVA/5cCRU4KCgyAe1bfA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=selfhosted.xyz header.s=dkim header.b=0Fq1TPtg; dmarc=pass (policy=none) header.from=selfhosted.xyz; spf=pass (aspmx1.migadu.com: domain of help-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=help-guix-bounces@gnu.org X-Migadu-Spam-Score: -3.12 Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=selfhosted.xyz header.s=dkim header.b=0Fq1TPtg; dmarc=pass (policy=none) header.from=selfhosted.xyz; spf=pass (aspmx1.migadu.com: domain of help-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=help-guix-bounces@gnu.org X-Migadu-Queue-Id: 98EC7184DC X-Spam-Score: -3.12 X-Migadu-Scanner: scn1.migadu.com X-TUID: qlJjNKlQmZlw On 2021-06-30 17:35, Joshua Branson wrote: > Hello Guix people! > > So I will shortly be setting up my very own Guix System server in my > apartment! I am super excited! I would love to hear any and all > advice. I should probably set up a good firewall. I should probably > use REALLY LONG passwords. AND ONLY use ssh authentication. > > I plan to have this Guix System Server host my websites: > > gnucode.me and propernaming.org. > > I intend this server to host email for the above sites. > > I do have a static IP address a signed by my ISP. > > I want to run cuirass or the Guix Build Coordinator. > > I want to run a GNU FM and or libre.fm instance. > > What else should I do with said server? > > It's a Dell Optiplex 7020 with 30GB of RAM with a 3TB HDD. It cost me > $250 USD. Sounds like you got quite a deal :-P > > > What do you all think? > > Joshua Hi Joshua, I am excited to hear how this goes! I can suggest a few things (that may be a bit advanced): 1. Setup the email servers with a spamassasin spamfilter, and make it pass the big email providers' spam filters (checking with for example: https://duckduckgo.com/l/?uddg=https%3A%2F%2Fwww.mail-tester.com%2F¬rut=duckduck_in). For this you usually need ur ISP to add reverse PTR record in DNS (though most regular ISP's don't help with this). Otherwise there is ovpn.com that lets you self-administer a static VPN ip's reverse PTR record via web portal. You also need a few more records in DNS. 2. A Nextcloud server. 3. If you can manage: a guix service knot DNS server (with DNSSec would be cool). and of course all of the above with the lets encrypt service TLS certs! :-) (and why not publish TLSA records in DNS and sign them with DNSSec :-P ) If you wanna go bold, get a second Dell Optiplex 7020 with the same specs, and setup a Ganeti cluster as described in the Guix blog post :-) I can confirm that those instructions work, as I have a few fun hosting things there myself :) Best regards and best of luck with your new project! David L