qlyoung's wiki
Page Tools
User Tools
    Trace:

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
personal_infrastructure [2023/09/08 23:14] – [Typical Deployment] qlyoungpersonal_infrastructure [2025/10/06 03:38] (current) – [Typical Deployment] qlyoung
Line 1: Line 1:
 +====== personal infrastructure ======
 +
 +
 //tldr - docker compose, isolated servers// //tldr - docker compose, isolated servers//
  
Line 29: Line 32:
   pub((public))   pub((public))
   priv((private))   priv((private))
-  access(needs to be publicly accessible) --> pub +  data{stores sensitive data?} 
-  data(stores sensitive data) --> priv +  onlyme{used only by me?} 
-  onlyme(used only by me) --> priv+  data --> |yes| priv 
 +  data --> |no| onlyme 
 +  onlyme --> |yes| priv 
 +  onlyme --> |no| pub
 </mermaid> </mermaid>
  
Line 40: Line 46:
 ===== Public ===== ===== Public =====
  
-For the public sphere, I use cloud-based Linux VMs from one of the affordable providers. I run most of my stuff on a single shared CPU VM with 4 CPU cores, 8gb of RAM and 50gb of disk space (storage is a later section).+For the public sphere, I use cloud-based Linux VMs from one of the affordable providers. I run most of my stuff on a single shared CPU VM with 4 CPU cores, 4gb of RAM and 50gb of disk space (storage is a later section).
  
 For things that need to be exposed in the internet I think cloud is the best choice. From a network isolation perspective serving things from your home means untrusted traffic will be flowing within your home network. Apart from security concerns there are other problems: For things that need to be exposed in the internet I think cloud is the best choice. From a network isolation perspective serving things from your home means untrusted traffic will be flowing within your home network. Apart from security concerns there are other problems:
Line 49: Line 55:
   * Dynamic IP addresses makes access annoying   * Dynamic IP addresses makes access annoying
   * Advertising your home IP address is a mild security concern   * Advertising your home IP address is a mild security concern
 +    * can be mitigated if you rent an ultra cheap VPS and use it as a gateway; I did this initially but realized I can run everything on a cheap vps to begin with
   * Weather / residential power outages impact uptime   * Weather / residential power outages impact uptime
  
Line 394: Line 401:
    $ certbot --nginx -d recipes.qlyoung.net    $ certbot --nginx -d recipes.qlyoung.net
 </code> </code>
 +
 6. ??? 6. ???
 +
 7. Profit 7. Profit
        
 The deployment process is identical for both internal and external services. The deployment process is identical for both internal and external services.
  
-===== Backups =====+====== Backups ======
  
 Everything, private and public, is backed up with [[https://restic.net/|restic]] to offsite locations. It runs daily on a ''cron'' job. Everything, private and public, is backed up with [[https://restic.net/|restic]] to offsite locations. It runs daily on a ''cron'' job.
  
-===== Cost =====+====== Cost ======
  
  
Line 410: Line 419:
 Public bill: Public bill:
  
-  * Compute: $40/mo+  * Compute: $24/mo
   * B2 Storage (~200gb): ~$2/mo   * B2 Storage (~200gb): ~$2/mo
-* Total: ~$45/mo+  * Total: ~$26/mo 
 + 
 +{{tag>from_blog technology}}
Panorama theme by desbest
personal_infrastructure.1694214852.txt.gz · Last modified: by qlyoung
CC Attribution-Noncommercial-Share Alike 4.0 International Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International