• Shimitar
    link
    fedilink
    English
    arrow-up
    3
    ·
    edit-2
    9 months ago

    It’s a work in progress, but https://wiki.gardiol.org (which is OFC self-hosted)

    Anyway, beefy HP laptop with 32gb ram and Xeon CPU to run all services. 3 RAID-1 (Linux sw raid) usb3 volumes to host all services and data.

    Two isp’s: Vodafone FVA 5G (data capped) for general navigation and Fastweb FTTC (low speed but uncapped) for backup access and torrent/Usenet downloads.

    Gentoo Linux all the way and podman, but as much limited as possible: only immich (that’s impossible to host on bare metal due to devs questionable choices).

    Services: WebDAV/webcal/etc wiki, more stuff, arrs, immich, podfetch, and a few more.

    All behind nginx reverse proxy.

    99% bare metal.

    Self developed simple dashboard

    External access via ssh tunnels to vps

        • Avid Amoeba@lemmy.ca
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          9 months ago

          Not saying it’s not secure, just that I’d have constant doubts whether I’ve covered all the bases if I were doing it. Especially ensuring an intruder can’t compromise anything else if they take it over via some security exploit in PHP or DocuWiki itself.

      • Shimitar
        link
        fedilink
        English
        arrow-up
        1
        ·
        9 months ago

        The service runs as an unpriviledged user, even if, at worst, an intruder would delete or replace the wiki itself. Even the php-fpm behind it runs as that unpriviledged user and is not shared with any other service.

        I doubt an attacker could do anything worse than DoS on the wiki itself.