Overall hardware platform:
4 pcengines alix boxes for openbsd router/firewall appliances
3 supermicro Opteron servers with KVM/corosync/Sheepdog/csync2 for hosting all VMs
PF + CARP + pfsync + OpenBGPD for routing
Unbound + NSD + Bind for DNS
SSH/OpenBSD ipsec/apache Guacamole for roaming and permanent site-to-site VPN (pcengines ALIX hosted at my inlaws in Japan)
Apache + Lets Encrypt + awstats + relayd for serving web pages and analysis
ZoneMinder for video monitoring. Tied into legacy security system for automation
Postgres for database work. Some mysql/redis
NetDisco + Nagios + NagVis + NFSen + MRTG + Smokeping + PNP4Nagios + NUT + Splunk + Racktables for monitoring. All configs are dynamically generated from netdisco db
OpenSMTPD + Citadel (webcit) for email delivery and webmail
Minetest server for kids. We use this tons as a family, and the kids spend lots of time modding. TW2002 server. TShock server.
OpenELEC for diskless netboot KODI machines around the house
Samba4 Domain controller + NFS for sharing files in different applications
SVN for source control and Config diffs for all servers/tools/network devices
Asterisk via FreePBX / NCID for all phone/CallerID services, including remote handsets at VPN locations
And that's just the ones that I really enjoy using off the top of my head. I hope to find lots more things to try in this thread. Metabase already looks like an awesome candidate!
Hardware actually cost money. Here's a breakdown:
> 4 pcengines alix boxes for openbsd router/firewall appliances
These were around $120 each with 4GB flash storage at the time. They're half that now. Low power, no cooling required, x86, 3 ethernet. You could buy APU2 now for more power
> 3 supermicro Opteron servers with KVM/corosync/Sheepdog/csync2 for hosting all VMs
I used cheap cases, eBay MB/CPU/RAM, tiered storage (green/black/ssd) to keep costs down and infiniband for 10gbit interconnects ($15/card on ebay!). I made sure to get quality components (esp MB/power supplies). One of the servers is also my desktop. I'm guessing they were about $800 each. Having the 3 node cluster is nice. When we had a forest fire threaten our town and we were ordered to evacuate I just grabbed one box and all my data was already replicated to it. When we returned home I plugged it back in and it re-synched back up.
Maintenance has been a non-issue. I haven't had any components die except the occasional HD. Power costs are the main thing. Estimate about $500/yr at $0.10/KWh
> PF + CARP + pfsync + OpenBGPD for routing
I use a local indy ISP that gives me a bunch of static IPs and lets me route a /29 with BGP. I know them fairly well, and get a sweet deal. Doesn't cost more than a regular consumer connect, though it is slower.
I've used OpenBSD since the early 2.x days, and find it very easy to administer. The release and documentation quality are second to none, and I've found the community to be very helpful as long as you've tried to help yourself first.
> Unbound + NSD + Bind for DNS
I keep my Bind server vlanned off and serve everything out thru unbound/nsd. Both of those programs are very easy to set up, the real beast being bind. I know there are better alternatives out there, but I know Bind well and have lots of custom config I don't want to throw away.
> SSH/OpenBSD ipsec/apache Guacamole for roaming and permanent site-to-site VPN (pcengines ALIX hosted at my inlaws in Japan)
If I were to pick one outstanding program on this list it'd probably be Guacamole. Pure HTML5 rdp/vnc/ssh/telnet/etc client that is seriously amazing. I've set it up at a half dozen places now, and it's never so much as hiccuped.
OpenBSD IPSEC is VERY easy to set up, if you've had nightmare experiences with other packages!
> Apache + Lets Encrypt + awstats + relayd for serving web pages and analysis
Apache is the old standard, and awstats is cool for keeping tabs on what is going on in the logs (geoip as well).
Lets encrypt was amazingly easy. I'm using certbot and set it up in under an hour. I'm forcing SSL on all my web services now.
Relayd is another "so simple and it just works" package from OpenBSD. I use it as a front-end load balancer.
> ZoneMinder for video monitoring. Tied into legacy security system for automation
On Debian (my Linux distro of choice), this was simple to set up. Perl scripts to integrate it into my DSC security system. Auto arm/disarm camera recording and relay light control required the IT serial integration board and programmers manual for the system
> Postgres for database work. Some mysql/redis
I've been using postgres forever, so setup and use are second nature. An absolutely incredible piece of software engineering.
> NetDisco + Nagios + NagVis + NFSen + MRTG + Smokeping + PNP4Nagios + NUT + Splunk + Racktables for monitoring. All configs are dynamically generated from netdisco db
This is another stack I've set up at many locations (including businesses). They are a real timesink to integrate together. I have MANY custom scripts to make the config generation from netdisco work properly, but once setup you have total insight into every aspect of your network (and I forgot to list RANCID!). Netdisco/NFSen on their own are still a killer combination, and work as well or better than packages that cost tens of thousands of dollars. I'm happy to help any one trying to set these up if you PM me.
> OpenSMTPD + Citadel (webcit) for email delivery and webmail
Citadel is maybe the weakest thing I have in my stack. I'm looking at the other webmail solutions in this thread carefully
> Minetest server for kids. We use this tons as a family, and the kids spend lots of time modding. TW2002 server. TShock server.
When your kids are asking to learn LUA, you know something is working!
> OpenELEC for diskless netboot KODI machines around the house
Amazing and easy to set up if you already have your own DHCP server you can modify. Just need tftp and nfs after that. Using OLD desktop PCs for this works great. I'm using cast off dell gx290s
> Samba4 Domain controller + NFS for sharing files in different applications
I've been using Samba4 since pre-alpha (TP series) when you had to run your own LDAP server. Things are so easy now its hard to overstate. Using Bind makes it a bit trickier since I need to add some magic entries, but if you use the builtin its a single python script between you and a full SSO AD domain.
> SVN for source control and Config diffs for all servers/tools/network devices
I found SVN config to be a bit of a head-scratcher. I think this is another one where other tools are probably better nowadays. I'm looking at some of the other things people are suggesting.
> Asterisk via FreePBX / NCID for all phone/CallerID services, including remote handsets at VPN locations.
Another timesink. PBXs are hard to configure, and I'd move to another system if there was something less esoteric.
As to why I do it? I find it satisfying to learn how things work, like the idea that I'm master of my own destiny and know how my data is being used
Any specific questions, let me know!
How do you secure your publicly accessible IP at home from the web. I see you use static IP's I guess it's no different than renting a sever? You probably have separate networks (local home vs. serving)
The important thing with securing my public IPs (as with securing anything) is to understand the surface area and minimize risks. With the number of services I'm exposing, I have to be careful. First thing is to keep all OSs up to date. OpenBSD every 6 months and Debian on an ongoing basis.
Next, whenever possible use single-purpose proxies that have been well audited. In my case OpenSMTPD, Unbound and NSD protect the always popular mail and dns servers from attack.
Keeping complicated things off the internet is important. Big CMS packages are constantly under attack. I only run either static pages on my webserver, or very carefully audited custom PHP pages (written with an attacker's eye to exploit injection)
When I expose something more complicated like Guacamole or Citadel that might end up with a known hole in the login screen, I put it behind both SSL and an HTTP simple auth login prompt. It's ancient, and so well tested that it is unlikely to end up with an exploit against it. Or at least less likely than the app its protecting. I've actually been toying around with doing 2 factor auth on these services with a dynamically generated simple auth sent via SMS bridge or IFTTT...
On my internal network, I have my family running linux wherever possible, and keep Java and Flash off the windows PCs. Everyone runs with a nonprivledged account and the OS/software packages/PDF readers are all kept up to date. I think the wife and kid's PCs are probably the most likely things to be compromised on the network, so I keep a close eye on them.
I also take the reactive approach of log alerting, change monitoring and general diligence to the state of my network. If you know what has changed in the last 24 hours it tends to be a small enough dataset to eyeball, and will tend to tip you off when things are wonky. I also have enough logging and data sources (syslog, configs diffs, apache logs, nfsen data, mrtg data) that it would be exceptionally difficult for an attacker to wipe out all trace of their presence.
I do not know of a successful attack against my network, tho I'm not naive enough to think that it hasn't happened. I just haven't realized it if it has.
Its a great hobby if you like this stuff!
Curious what your family thinks having to run Linux. It's my primary os myself with i3-wm. People usually complain "install apps command line" ui, etc .. whatever Ubuntu being as supported as it is that UI is so slow/bloated IMO.
I have Windows as well but use Virtual box and Linux to access the web if it's not just YouTube/Gmail/regular pages with adblock/uorigin running.
I don't even know how many ports there are on computers, I mean in my experience I've seen up to port 10000, I think you have to enable them? I usually use 21/22/80/443 though I've seen 3000 (websocket), 4200 (angular), 246 or 286 (windows RDP) I don't know...
It's a lot to keep track of web security. OSWAP
Anyway thanks for your time rambled on my end.
Also, websocket is just a protocol upgrade slapped on http/https, so it normally goes over 80/443. If someone's running it on another port, it's probably cause the server they have on their normal http/https doesn't work well with websockets.
Yeah my bad in the RDP, you know I messed up on that. Was trying to get around firewall rules, I edited the registry and changed the port for it... Could not get back in. This was one of Amazon's windows servers, and I mounted it as a volume to another one and could not access the registry to change it back so yeah... Locked myself out haha.
I started my Dad on Ubuntu around 2008, and he hasn't used anything else since. Shortly thereafter my Mom, then my Sisters. Most recently my Step-mom, and Grandparents have gone to Ubuntu.
When I got some castoff laptops from work, I turned them into Sugar notebooks for my kids, and once that became too limiting for them I helped them install mainline Debian. Some of them run Gnome and my oldest runs fvwm.
My wife still runs Windows because of inertia, more than anything TBH.
In my experience, I've only had 1 peripheral that someone has bought that was totally unusable due to drivers (scanner), and the only programs my relatives have asked for that weren't available were my kids wanting to play Roblox, which I didn't want them playing anyways. Thanks to Minetest and buying most Humble Indie bundles I actually have a pretty good library of Linux games for them to play, so there hasn't been much bellyaching from them. Well, that and the Windows gaming/home theatre PC.
I've gone to a 2 strikes and you're out policy on Windows installs. If I have to re-install it for you more than one, and you're either getting Linux or finding someone else to fix your computer. My Grandparents got caught on this policy, but my stepmom actually asked for "That system that Dad has that doesn't get viruses". Happy ever since.
Most people that aren't highly technical tend be served by Firefox/Thunderbird/LibreOffice for 99.99% of their needs. It's mostly Facebook these days TBH.
It makes support dead simple. no-ip.com and SSH let me fix almost anything remotely, and no one has every gotten pwned that I know of.
Other people have answered the port question, but I'll try to go at a slightly lower level. Each open port will have a program running on the host that has opened a listening socket on that port. Netstat can help you find out what is listening, and on what interface/port. As a rule, only root can open ports under 1024, and any well written server will drop all non-required privs. You can check with the ps command. This is somewhat enforced on some OSs, eg OpenBSD with pledge.
From a security standpoint you should verify that you know and understand every server listening on a socket, which interfaces they are bound to (netstat asterisk means all interfaces), and whether they are exposed to the internet via direct interface/proxy/port forward/etc.
One trick to secure services that need remote access: if the service is only for technical users, you can give them each an account with no interactive shell, and then they can ssh port-forward to the port they want to access. Eg. you can make 3389 (RDP) only listen on the local LAN or the loopback device, ssh to your router with port forwarding local port 3399 (or whatever), to remote IP:3389 and point your local rdp client to localhost:3399. Great for ad-hoc limited VPN type connections. That way you only have to be aware of SSH remote holes, and not the more-likely RDP server.
Hopefully if any of this is incorrect, someone will correct me
I'll have to check that out no-ip, so you install openssh server to SSH int their computers? Yeah I like that feature myself too lazy to get up and use the dev desktop.
That's my hope regarding Linux that it's safe, using virtual box and Linux.
Haven't heard of Sugar notebooks.
Yeah I used to run Linux Mint, then Debian, then Ubuntu mostly because of their good driver support, a few times I've had laptops with Debian installed and they couldn't connect to WiFi right off the bat. Then i3-wm because my computers are generally garbage. At least now both my desktop/laptop have 8gb ram. Could go higher maxing out chrome tabs.
Anyway thanks and for the info on the ports, I have used netstat before it's intimidating haha, so many at least when I checked on my windows laptop if I recall right.
Even in BC with $0.10/KWh it still adds up, but I write it down to education, privacy and entertainment : D
Rancher (to control Docker stacks, set up HTTPS with Let's encrypt, etc): http://rancher.com/
GitLab (git repositories): https://about.gitlab.com/
Rocket.Chat (internal chat): https://rocket.chat/
Sentry (production code error handling): https://sentry.io/welcome/
Metabase (DB analytics and graphs): http://www.metabase.com/
Mailu (email server): https://github.com/Mailu/Mailu
Mailtrain (email marketing, using Mailgun or SparkPost): https://mailtrain.org/
KeeWeb (password storage and handling, kind of "self hosted", offline app): https://keeweb.info/
KeeWeb is a drop in replacement for KeePass, it uses the same format, so you can use the same Android clients to open the same file. IMHO It's a lot better than KeePass, especially if you are in Linux.
KeeWeb is written in JS with desktop apps using Electron. I moved away from KeePass to KeeWeb because, although KeePass was first, it is old now, it was written for Windows and then ported using Mono to Linux.
As it uses Mono for Linux, that generates some issues. For example, I couldn't copy a password from the interface and paste it in a Terminal (I'm not sure if it was because I use Tmux all the time). It handles the clipboard in weird ways. I had to paste it somewhere else, like the browser and then copy it from the browser to paste it in the Terminal. With KeeWeb it works normally.
Recently they added support for a plug-in that creates a local server compatible with the one created by plug-ins in KeePass. It can then be used by Chrome extensions like: https://chrome.google.com/webstore/detail/chromeipass/ompiai...
That last part is what made me finally decide to go for KeeWeb instead of KeePass. It gives you "LastPass" like functionality in the browser while you keep being the one that handles your encrypted DB. And then you can store that file in Dropbox, so that you have access to it everywhere.
I originally used lastpass years ago and I tried it again recently and hate it. I didn't try the cli, though. That would certainly be a better option than dealing with their horrible web app.
Syncthing mirrors everything between my desktop, laptop, and phone (and there's an Android app that works with OpenKeychain so passwords are accessible from my phone). I haven't done this yet, but it'd be trivial to also run syncthing on a cheap VM somewhere, and replicate the passwords to it (but obviously not my GPG private key) for disaster recovery.
On the desktop I'm using Browsers  and QTPass .
Most services are tied to my email, so I have both 2factor auth AND recovery codes that I have stored in a safe place. Additionally I have the Keepass password written down in a safe (separate) place just in case. This is my backup in case I lose access to my Keepass db.
As one last bit, I have Keepass to auto-lock after a bit of inactivity, so I'm constantly retyping that password. This helps me memorize it.
In many ways this keeps me safer. I stay logged out of most websites by default. It can also protect me against terrible password policies. For example, I once had a bank that limited passwords to 8 characters. I had Keepass remind me to generate and rotate that password every quarter just in case. When Heartbleed dropped, I marked all my passwords in red and only changed them back when I updated that website password.
- GitLab as an alternative for GitHub https://about.gitlab.com/
- Restyaboard as an alternative for Trello http://restya.com/board
Even an hour a month of lost dev time would make it worth it.
Your not just saving developer downtime. Remember that non incident a few months ago? Could be a security issue too.
What certainly has wasted a horrible amount of my time in recent years is working around build systems and package managers that are so badly designed that not only do they have a dependency on some online repository in the first instance, they also make it difficult or impossible to download and cache those dependencies in a supported way so that you can have 100% reproducible builds with nothing but locally hosted resources. Surely this is just about the most basic requirement for a robust software development process?
I self host my gitlab and when there's an update it goes down for several minutes (well actually I don't know if it's unusable, haven't tried, but with the backup and the updates, it's long)
I'm the only one working on it, so that's not a problem for me.
Still, it takes time.
Does Plex count? If so, Plex. I love it, and don't remember how I lived without it.
Definitely suggest giving a try! I'd absolutely love it if the same functionality were available with git/github.
It's basically self-hosted Dropbox, with clients for all mayor Desktop and Mobile OSes. I set it up for a little team project. Just one account, and a shared folder where people with a password could upload. I think we will move to individual accounts at some point.
But it supports much more. It has a calendar similar to Google Calendar and I've switched to it. It also has plugins for image galleries, contacts, LibreOffice in the browser, collaborative editing like EtherPad, and so on. I was very sceptical, but it is really well done.
Everyone is welcome to contribute at https://github.com/nextcloud/ :) And in case anyone is in Berlin, we’re having our annual conference at the moment! https://nextcloud.com/conf/
Do you expose it over the internet or access it through a VPN?
I have mine configured as a public website with most data protected by the inbuilt encryption, and I use EncFS directories to sync more sensitive data across machines. Some things require client-side encryption and this is easy to achieve.
After getting tired paying GSuite/GMail $5/mth per user I figured it's time to get my own email server running again.
Runs on a single $10 Linode instance, pretty easy to setup, super-easy to maintain, does a great job making your emails _not_ end up in the Spam Folder.
I was very pleasantly surprised, and have been hosting email for one of my domains on it for almost 4 years now. It was very easy to set up, and has been very easy to maintain.
Dokku - Heroku-like Docker env for Ruby on Rails development
The only reference I found online is a single deleted blog post. Can someone please point me in the right direction?
Also, i like its dashboards and stats :)
It basically runs almost every service I use:
- Plex. I tried to use XBMC, but Plex just kills it with their mobile app as well so I can just continue watching on the iPad. It's like having your private Netflix.
- OwnCloud, a self-hosted Dropbox/Google Drive. I keep my password database (KeePass) here and it nicely syncs across my devices. I also store non-essential photos there.
- cgit, a simple Git server. I used to run gitlab, but this is much more elegant and simple for archiving repo's and hosting my personal repo's, I don't need much.
- OpenVPN Server, in case I am in a country where there are certain restrictions to what I can access and what not. Also useful in case I need to access some stuff I don't expose over the internet.
- Henk, my personal home-automation system. I've automated various parts of my home, such as lighting, air conditioning, heating, roller blinds etc. It's a bit too exhaustive to outline here. In short, some micro services hooked up over Kafka. I have multiple instances of those services running in some EC2 machines on Google Cloud in case something happens to my home-server. This is probably the most important piece of software I have running. It's fully automated, so if it goes down, I'll lose the comfort of the AC turning on when I am on my way home.
- Camera security system. I used to work at a camera security company. I run their software to monitor my home.
- Transmission, torrent client. I've written some scripts for post-processing downloads. When a move finishes downloading, it moves it into the right location, looks up subtitles on OpenSubtitles.org and adds it to Plex.
- Nginx + LetsEncrypt for all of that. All of those services have web-interfaces. I run the web servers locally and use Nginx's reverse proxy to expose them on a subdomain. LetsEncrypt certificates for all of it.
I've considered renting dedicated machines, but I don't really feel comfortable not having this on my own servers.
Other tid bits:
- I live in Romania, 1Gpbs/down costs about $5/month here. Same goes for electricity, that costs about $15/month for the entire home.
- Webmin for admin and monitoring (better than Nagios imo). http://www.webmin.com/
- Postfix + OpenDKIM for self-hosted email sending & forwarding.
- SFTP/Samba/AFP for my fileserver.
- Ikev2 VPN https://github.com/jawj/IKEv2-setup
- Wekan (Trello clone) https://wekan.github.io/
- Taskwarrior + Taskserver (Todo lists) https://taskwarrior.org/
- Syncthing (File sync) https://taskwarrior.org/
- The Lounge (IRC client) https://github.com/thelounge/lounge/
The "Awesome Selfhosted" GitHub repo is a decent place to discover things: https://github.com/Kickball/awesome-selfhosted
There's also Gitea which is a fork of Gogs after some contributors became concerned with the bus factor, very slow feature development, and occasional disappearance of the maintainer of Gogs. I haven't use it but that's probably what I'd try first now.
Saves me a lot of money vs using something like MailChimp.
Self hosted BI tool.
I always wanted to have the habit of taking lots of notes, but I didn't really like having to carry around a physical notebook. I set up etherpad and now I constantly use it to take notes. It has saved me so many times!
Works on OpenVPN clients and had zero problems connecting multiple users for many months.
I'm having 5 dedicated servers at Online.net + Small VPS at Scaleway & OVH; + some backup boxes at friends behind an ADSL.
Tinc for the private network
Proxmox & CBSD for VMs/FreeBSD Jails
Gitlab. Used gogs in the past but it missed features I needed
nginx + dehydrated (let's encrypt client)
PowerDNS + PowerAdmin
Modoboa (email stack. postfix/amavis/web interface/…)
Rainloop (email web client)
Cloud-Init with No-Cloud
pgsql, mysql, redis, riak, elasticsearch
… :) self-host is <3
edit: typo & forgot minio
Support is fast and always reactive as well.
Also their network is less stable than Online's.
- GoCD - https://www.gocd.org/
Technically it's an email client but since it works in your browser anyway, you can run it on a server as a personal webmail. It can work with a local MTA or regular accounts at other providers for which it provides automatic configuration with ISPDB. It supports all the basic functions and GPG.
Awesome home media library solution. I finally broke down and bought the lifetime license so I can download media to my tablet and watch it offline.
But even without the license the software is rock solid and amazing.
Other than that my list resembles other lists.
pcengines apu for home router
gitlab (I actually found that gitlab was overkill for personal use so I either use gitlab.com private repos or just git+ssh at home)
nextcloud for family pics
siptrack for password and inventory management
openvpn to access my LAN
I have a kvm hypervisor at home with a homebuilt nas for setting up testing and PoC virtually.
the nas is fedora+zfs+iscsi with one 4x2.5" SATA 5.25" bay in an external cradle connected with eSATA and one internal 5.25" bay with 6x2.5" sata disks. all disks 1TB, two separate zpools with raidz.
I've tried in vain to find an open-source equivalent that has TeamCity's world view regarding snapshot dependencies and VCS triggers, but so far my search has left me empty-handed. That, plus the wide variety of niceties it bakes in (manually cancelling a build that was running for much longer than usual? It will automatically offer to add a note to that build that it was cancelled because it was hung. Etc.) has made it hard to use anything else. The search continues...
For those who don't know, they give out $free licenses to open source projects so it's a viable and more customizable alternative to TravisCI for your next Github adventure if you want to try it out.
It's even $free for closed source with <= 20 build configurations. I'm sitting on... 19
Website: nginx + Let's Encrypt + Piwik (analytics)
Blog: Pelican static site generator
File sharing: Seafile
There is probably more.
The Github Integration makes it easier for people to contribute.
KeeWeb (for accessing KeePass database) - https://github.com/keeweb/keeweb
I've started to use QueryClips for all of my simple querying and sharing. It's got some advantages over Heroku Dataclips, like the ability to invite your colleagues, support for MySQL, etc.
Disclosure: I made the app.
nginx deserves particular mention for handling a HN frontpage crowd on a single-core VM without even blinking.
I wish it had a proper API, though.
I plan to start self hosting a copy of five-filters rss, which scrapes full text from rss feed articles. It is basically the ultimate ad blocker / AMP replacement.
Self-hosted option absolutely annihilates Chart.io and Periscope Data on pricing.
Does Syncthing count as self hosted too?
EDIT: Oops, wrong definition.
- znc bouncer
- caddy server that proxies to a few sites
- dnscrypt server
Aria2c for torrents and other downloads.
Wireguard for vpn.
- Koel (Web-based music player; https://github.com/phanan/koel)
- Aria2 (generic downloader; https://aria2.github.io/)
- GPodder (podcast downloader; https://gpodder.github.io/)
- PiHole (mostly for curiosity, I now use full-blown DNS & DHCP servers; https://pi-hole.net/)
- OpenVPN (https://openvpn.net/)
- Pritunl (OpenVPN failover; https://pritunl.com/)
- PlexPy (Plex monitoring; https://github.com/JonnyWong16/plexpy)
- BIND (DNS server; https://wiki.debian.org/Bind9)
- ISC-DHCP (https://wiki.debian.org/DHCP_Server)
- Smokeping (connection monitoring; https://oss.oetiker.ch/smokeping/)
- Ansible (central host with playbooks; https://www.ansible.com/)
- Graylog (log aggregation; https://www.graylog.org/)
- Wallabag ("read it later"; https://wallabag.org/en)
- Home Assistant (home automation; https://home-assistant.io/)
- Bookstack (documentation; https://www.bookstackapp.com/)
- Observium (network devices monitoring; https://www.observium.org/)
- PfSense (firewall & permanent VPN for some containers; https://www.pfsense.org/)
- Rancher (Docker orchestration; http://rancher.com/)
Rancher (Cattle environment):
+ ELK stack (https://www.elastic.co/)
+ Concourse CI (just to experiment, I prefer GitLab's CI; https://concourse.ci/)
+ Dumpster (my own temporary file upload platform, with additional YubiKey support; https://github.com/nmaggioni/dumpster)
+ Own Telegram bot (talks with ELK)
+ Let's Encrypt renewal daemon
+ FaaS (either https://github.com/iron-io/functions or https://github.com/alexellis/faas, even though I'm actually waiting for https://openwhisk.incubator.apache.org/)
+ Private Docker registry
I may have left something out, some more services/containers/VMs are disabled due to low usage.
portainer for nice docker mgt ui
discourse for forums
wordpress w discourse sso
netdata for health monitoring
actionherojs for microsvcs
cocalc for notebooks
looking at nextcloud if i can get libreoffice to behave w ssl