
Sovereign – Ansible playbooks to build and maintain your own personal cloud - spullara
https://github.com/al3x/sovereign/blob/master/README.textile
======
sdfjkl
It's not worth bothering with filesystem encryption on a VPS. Keep in mind
that the hypervisor has full, unrestricted and essentially undetectable access
to the contents of the virtual machine's RAM, so they can read decrypted data,
private keys and cleartext passwords.

If you want even a hint of privacy, you'll have to rent some rackspace and put
a tamper-resistant box of your own in there - and stop trusting it the first
time it goes down unexpectedly.

~~~
rst
... or make sure that your cloud-based resources, whatever they are, only see
ciphertext, and access them only through heavily secured machines that you
hold locally. Which requires the attacker to compromise your laptop, or phone,
or whatever. (Which is almost certainly still possible for an attacker with
the resources of a major government that decides you're of sufficient
interest, but it raises the bar a bit.)

~~~
Terretta
How do you propose bootstrapping the cipher onto a "known compromised" machine
in a known compromised environment?

~~~
rst
Use full end-to-end encryption. The "known compromised" machine doesn't do the
encryption or decryption in the first place; that's done at the physically
secure (you hope!) endpoints.

~~~
Terretta
By cloud resource, did you mean storage? In which case, sure. But if you meant
to do work "in the cloud" on the cipher text's content, the under-bad-actor-
control machine _is_ one of the "ends".

------
grey-area
_I had been a paying Google Apps customer for personal and corporate use since
the service was in beta. Until several weeks ago, that is. I was about to set
up another Google Apps account for a new project when I stopped to consider
what I would be funding with my USD $50 per user per year_

This is exactly how I feel about Google Apps. I used to recommend it to
customers, now I hesitate to recommend it, even though the alternatives aren't
as easy or fully-featured without a lot more work. Thanks to the author for
setting this lot up, I'll definitely be looking at it, and possibly using a
few of the pieces.

Ansible is great though; even if you're not setting up your own private cloud
it's worth taking a look at for deployment. AnsibleWorks really should set up
an extensive library of playbooks like this, each isolated so that they can
easily be mixed and matched. Their examples were a bit limited and specific
last time I looked.

Does anyone have any tales of using Dovecot (good or bad), as I'm considering
installing it?

~~~
oinksoft
I ran a Postfix/Dovecot setup for years and they were both fast, reliable,
lightweight, and very flexible. The #dovecot and #postfix channels on Freenode
are also tremendously helpful if you are in a pickle. (Full disclosure, I
don't run my own mail server anymore except for a few virtual aliases; a good
webmail client was the weak link in the chain and Fastmail provides a reliable
service with a phenomenal web client at a fair price).

~~~
jamespo
roundcube is a very good webmail client nowadays

~~~
oinksoft
I was using Roudcube, but it was not powerful enough for my needs. The
greatest strength of the Fastmail UI are all of the built-in keybindings.
There's one for almost every action, indeed, I find it friendlier than the
best desktop clients I've used, let alone ones like Gmail or Roudcube.

------
hyperplane
> Intrusion prevention via fail2ban and rootkit detection via rkhunter.

Semantics, semantics, but rkhunter is intrusion detection, not prevention. I
don't know what rkhunter would do to stop an intrusion, and fail2ban stopping
a brute-force on your SSH login is hardly the likely intrusion vector for a
server running this many services.

These tools still require a huge amount of systems administration work before
it really counts as a "personal cloud". rkhunter looks for some basic rootkits
but will not really protect you from emerging threats, other than to tell you
you have a file integrity mismatch on a common file such as /usr/bin/login.

Since this is installing everything, it seems wise to add better host-based
intrusion detection/file integrity checking across all services and
configurations, via AIDE[1] or Samhain[2], which you could do with this type
of automated setup. Both can then use the local MTA to alert you directly to
your mail client if something is compromised, plus you gain the security of
your configuration files for these services not having been tampered with.

What about running unattended-upgrades[3] for security patches to things like
Apache et al? Given the adversaries expected here, I assume that we aren't
worried about false packages, etc. as a risk.

[1] [http://aide.sourceforge.net/](http://aide.sourceforge.net/)

[2] [http://la-samhna.de/samhain/](http://la-samhna.de/samhain/)

[3] [https://launchpad.net/unattended-
upgrades](https://launchpad.net/unattended-upgrades)

------
mwcampbell
I was surprised to read that this configuration uses DSPAM rather than
SpamAssassin. Can anyone here compare these two, or point to a recent
comparison?

------
tlrobinson
Docker seems like it could be a nice alternative to Ansible here. I'd love to
see something as easy to use as an "app store" for "personal cloud" servers.
One click to install servers for email, contacts, calendar, dropbox, backups,
etc.

~~~
lifty
I am working on something like what you are suggesting. I currently have only
the email container done(Postix/Dovecot) and working on a small cmdline tool
that will take care of bootstrapping the containers by asking a few simple
questions. The point is to make the whole setup as frictionless as possible,
by providing a sensible set of standards and only asking for the bare minimum
configuration parameters. In the future I plan to expand the tool with a web
interface so you can install and uninstall applications from a central
repository or a git repository.

I will publish what I have soon, just need to build a few more applications
containers(think rss reader, owncloud, git repo).

It seems like a useful thing to have and I am curious if there is a demand for
such a tool.

~~~
nickstinemates
For installation, are you planning on using one of the existing project like
DockerUI[1] or Shipyard[2]?

1:
[https://github.com/crosbymichael/dockerui](https://github.com/crosbymichael/dockerui)
2:
[https://github.com/ehazlett/shipyard](https://github.com/ehazlett/shipyard)

~~~
lifty
The project is based on Docker. The nice part about it is that its really
convenient to interact with the Docker daemon via its http api, with a minimum
amount of work. Although all the underlying tech that Docker is built upon was
widely known, the useability of Docker is the thing that sets it apart.

------
616c
I like the use of Dovecot, but I got tired of resource consumption with
OwnCloud, despite it being a very, very cool project (and Android not speaking
CardDav or CalDav natively, sigh; the ONE thing that makes me like iOS).

In any event, I have been looking into Cyrus IMAP because a) it used by
Fastmail, they even host their forked version of the code [0] and b) there is
a alpha-beta feature right now for a CardDAV and CalDav server baked in. [1]

Maybe I can try and work on my own sovereign-like setup with this.

[0] [https://github.com/brong/cyrus-
imapd/tree/fastmail](https://github.com/brong/cyrus-imapd/tree/fastmail)

[1]
[http://cyrusimap.web.cmu.edu/mediawiki/index.php/Latest_Upda...](http://cyrusimap.web.cmu.edu/mediawiki/index.php/Latest_Updates)

------
vsviridov
Addition of XMPP messaging via eJabberd would be welcomed. Also, potentially
use Baïkal for CalDAV/CardDAV as an option...

~~~
mwcampbell
For XMPP I highly recommend Prosody ([http://prosody.im/](http://prosody.im/))

~~~
286c8cb04bda
I second this.

Every couple of weeks, ejabberd will attempt to eat all of the RAMs.
Scheduling restarts was easier than trying to figure out why that was
happening.

Since switching to prosody, we've seen much better stability.

------
dkoch
Are there any new and modern open source HTML5 webmail clients available?

It's been several years since I last set up self-hosted email. At the time
Roundcube was the best out there, but it wasn't in the same league as Gmail.

~~~
rufugee
It's the full stack instead of just the web client, but Zimbra has a very full
featured (and closest I've found to gmail) ajax interface.

------
mrbill
I'm a bit confused as to why postgrey is being used (it's circa postfix 2.1.x)
when postfix's "postscreen" is now built-in and just as good.

~~~
ciupicri
As a side note, the postscreen(8) man page [1] says that "this service was
introduced with Postfix version 2.8.". Also RHEL 6 comes with
postfix-2.6.6-2.2.el6_1.i686.

[1]
[http://www.postfix.org/postscreen.8.html](http://www.postfix.org/postscreen.8.html)

------
NickABusey
It would be great if someone could set this up as an AMI for idiot proof setup
on AWS.

~~~
thejosh
Spin up an instance using Debian then run the script.

Done.

~~~
platz
I think the issue is all the strings that must be grepped for and replaced in
the scripts prior to installation.

------
mcovey
Instead of going through all this hassle with private clouds just to avoid
using a service like Dropbox, I have some shell scripts that use rsync and
curl to grab almost everything I want to back up from my hard drive and the
internet (rss subscriptions, bookmarks), and generate a tar.7z.gpg file. The
7z archive is AES256 encrypted as well.

I feel relatively safe that I could drop this file anywhere I want and it
would be useless to anybody without access to my brain or keystrokes, so I
just put it in unsecure cloud storage. If I'm wrong about that, then I'm
screwed, because all of my finances and identity would be full compromised.
Each backup is pretty small since it's mostly text files and a few binaries
and images. I have a minimal amount of media files so I don't bother to back
up larger things that are mostly replaceable.

------
luikore
I think it could be of more coolness if named "Hegemon", which is more
connected to "Ansible"...

------
j2d3
I have been wanting to do this, hadn't gotten around to detailing all the
pieces I'd need to put together, and also I've been wanting to check out
ansible. Thanks for this writeup!

------
rufugee
the problem I seem to run into when into when hosting my own email these days
is that my IP (currently with ovh) keeps getting marked by sbls because of
some other bad citizen in the same block. I've been looking at sendgrid and
authsmtp as potential ways to avoid this, but would love to hear what others
are doing... those of you who hosts... how do you prevent from getting black
listed?

------
sherr
Thank you. Not only a good real world example of server provisioning with
Ansible, something I've been meaning to try, but a pretty well chosen set of
services to install and configure. I'm already using Postfix and Dovecot over
SSL but will surely learn from the rest of the setup.

------
ciupicri
Is it to me or I need to somehow compute the hash of the password used for
email? [1]

[1]
[https://github.com/al3x/sovereign/blob/master/roles/mailserv...](https://github.com/al3x/sovereign/blob/master/roles/mailserver/vars/main.yml#L15)

------
programminggeek
I refuse to use reaper technology run my cloud.

------
mratzloff
I've been thinking about setting something like this up in Switzerland or
someplace. Any suggestions?

~~~
ef4
I don't see a reason to buy overseas hosting. So long as your body is still in
the US, the NSA could get your data if they really wanted to.

But the real goal here is not to stop a targeted government attack. It's to
avoid cost-effective, bulk surveillance. For that, a server in your basement
is quite good.

------
Nux
Very nice!

