Taking back control of my digital life

I&#x27;ve been steadily moving everything back home ever since Snowden revealed just how much snooping is going on, and with the last few years worth of scandals, it seems i&#x27;ve made the right choice.<p>Initially i went the Raspberry Pi route, and in a few months i had 4 or 5 of them running, which was where it started turning into a chore. While i enjoy tinkering, i don&#x27;t particularly enjoy keeping a host of machine up to date.<p>Fast forward a couple of years, and my home setup now looks like this :<p>- UBNT EdgeRouter for that sweet affordable hardware L2TP&#x2F;IPSec VPN.<p>- Intel NUC6, Running everything internet facing in FreeBSD Jails.<p>- Intel NUC7, Running everything internally available through Docker, along with Time Machine backups.<p>- Synology DS716+, Holds all data from both NUC machines, as well as personal files (documents&#x2F;photos&#x2F;music&#x2F;movies)<p>Resilio Sync is running on the external NUC to provide an &quot;always on&quot; node.<p>I have a couple of ODroid HC1 boxes that holds my backups, one at home and one at a remote location.<p>The only thing i have yet to migrate is mail, which is still located at GSuite. I&#x27;ve moved several times, but every time i decide it&#x27;s not worth the effort. Since &quot;everybody&quot; uses GMail every mail i send will eventually get indexed as well, regardless of where i store my own mail. I use GSuite for hosting 5 domains, and i&#x27;ve yet to find an alternative that doesn&#x27;t require either lots of money or lots of administration from me.

Recently I was wondering what if all our phones and computers all connected to our own personal &quot;platform&quot; that we have full control over.<p>Route everything on the phone through a personal platform. Gain control of location, IP, maps caching, etc.<p>Centralize at a personal level.

Out of interest, have any self-hosters here tried <i>one big machine</i> with lots of VMs, as opposed to a stack of NUCs&#x2F;Pis?<p>The recent Intel scares have got me interested in firmware and Libreboot again, and a HN commenter[0] pointed me at some extremely beefy (e.g. 16 cores!) AMD motherboard&#x2F;CPU combos, that it’s possible to run fully-free firmware on.<p>Without doing much actual research, Xen on a big box seems like it could be a good way to have a single physical machine where I ‘deploy’ different services in VMs.<p>Anyone gone this route, or can think of any problems with this approach? It seems like it could be a little easier to manage, but I’m sure there are extra considerations for networking and security.<p>[0]: <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;threads?id=153791098c" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;threads?id=153791098c</a>

The main issue with this approach for me is that Google et. al. clearly have much better physical security than my apartment. In exchange for in-principle privacy improvements and possibly forth amendment protection you take on a huge risk of burglaries, fires, floods, power outages, etc, plus of course the workload of being your own sysadmin.<p>Also, if you&#x27;re paranoid, your data is more exposed. You can turn off all your devices with disk encryption when they&#x27;re out of your control (usually) but if you turn off your NAS while your away from home it&#x27;s useless. And if it&#x27;s on, physical access, and therefore your data, is easy to obtain by the moderately motivated.<p>Google is like a feudal lord: they might own you, but they&#x27;ll protect you from everyone else weaker than them.

Recently I&#x27;ve been playing around with something like this, or really; getting back to something like this. Years ago I was an idealistic graduate student who didn&#x27;t have any &quot;free&quot; (you-are-the-product) digital service or social media accounts - I used Lavabit (before it got shut down) for email and a couple of cheap VPS providers to run a little blog and IRC bouncer. I had a dumb &quot;burner&quot; phone, a RockBox-based MP3 player, ran Tomato on my router, and ran Debian on most everything else.<p>I think the main factors that killed it for me, that made me drink the Kool-Aid so to speak, were a combination of getting an Android phone and the shutdown of Lavabit (with all the hassle that incurred - notifying dozens of colleagues, mailing lists, etc of the change). Concurrently with this I had just gotten my first industry gig at a pretty large networking equipment company, on a team with mostly older, mellowed, senior engineers for whom programming was &quot;just a job&quot;. I didn&#x27;t want to seem like a &quot;paranoid weirdo&quot; who had some black-hat alter ego. I sold out.<p>Since, I&#x27;ve pretty much moved wholesale to Google. I still don&#x27;t use any other digital services - Google has basically become my one-stop shop, for better or worse. I use Android, Chrome, Gmail, Drive, Music, Books, Search, Maps, Keep, Photos, basically the whole damn suite. It&#x27;s a beautifully unified and seamless experience. I feel in-general, Google gets just about everything right (I don&#x27;t use Docs - I still write docs in LaTex, haha). It&#x27;s quite a 180 from what I had before.<p>But ultimately, I think this has caused me a lot of cognitive dissonance. I&#x27;ve spent a lot of time thinking about how to &quot;get back&quot; lately, but this is tempered by how much control I&#x27;ve already given up and, well, what is frankly a pretty damn high quality and convenient experience and there are some things (like Maps, and Photos) which I really don&#x27;t want to give up. I also don&#x27;t hold any delusions that anything I do is going to be &quot;more secure&quot; from any threat model, really. I guess I just miss all the DIY. The creativity and control.<p>Anyways, recently I&#x27;ve been building an ARM64-based &quot;mini-homelab&quot; around an Archer AC1750 router running OpenWRT, a stack of three Odroid C2 SBCs, and an Nvidia Jetson TX1 (with a 50K LUT FPGA on the m.2 PCIe slot). I also have an ARM64 VM in the cloud. Once that&#x27;s all set up, I&#x27;ve been considering how much I can &quot;get back&quot; under my control.

&quot;I think the only thing I would like to have automated but have not yet is getting photos from our phones on the server, right now they still go through iCloud.&quot;<p>I use Nextcloud for this, every picture I take is directly synced to my own basement. I can browse them and share them directly from the ui. Nextcloud also offers a nice webui for your email and allows syncing of you calendar and contacts from iPhone or Android. For me it allowed me to switch away from Google for my phone&#x27;s back-end.

This is a great read, but I&#x27;d like to hear more about the nitty gritty, what server hardware you use, it seems like you have 3 pis and then a bunch of really advanced enterprise-level stuff for other work... I&#x27;d love a guide on what you did to get here. The internet really needs something like that.

The amount of lost time spent sysadminning and configuring and securing these things is not a potential risk, it is a real cost.<p>Getting NSLed or TOSed is a potential risk, not a guarantee. For most people who are doing nothing controversial or interesting and who are just using the cloud to receive service notifications and correspondence from friends (who are also doing nothing controversial or interesting), it isn’t a loss of control.<p>This is a real trade-off, and neither is right. But don’t pretend that keeping a half dozen complex services up, backed up, and secured isn’t a huge time investment. You can’t get that back.

The MVP of this approach would be buying a $60 external USB HD and backing everything up to that on a daily basis. Works great if you &quot;only&quot; have a few TB or less of data.<p>Here&#x27;s a bash script + the set up I&#x27;m running to do that: <a href="https:&#x2F;&#x2F;nickjanetakis.com&#x2F;blog&#x2F;automatic-offline-file-backups-with-bash-and-rsync" rel="nofollow">https:&#x2F;&#x2F;nickjanetakis.com&#x2F;blog&#x2F;automatic-offline-file-backup...</a>

I have a similar home setup, but don’t recommend using Pis for disk-intensive workloads due to SD Card volatility. My HomeKit setup, for instance, is Dockerized and runs on an ODROID board with EMMC storage, and the build server for my ARM containers boots from an SD card but has an USB hard drive.

I&#x27;d love to see a YT channel or a website that teaches how to do stuff like this for the non-tinkerer. I&#x27;m thinking along the lines of Primitive Techknology&#x27;s channel where he simply shows the process step-by-step.

Very cool, would love to see more content on this topic. Setup guides of individual services, issues you&#x27;ve run into, more on hardware choices, and definitely more on your smart home setup.