Introduction
Aangat Lahat is a small server that I had set up for myself, family, friends, and people in my affinity groups. In Tagalog, Aangat means "to lift up" or "to rise up" and lahat means "all" so aangat lahat to me can mean either "we should lift each other up" as in mutual aid or "we should all rise up" as in to rebel against oppressive systems like capitalism and nation states. So the services under Aangat Lahat is my way of offering some sort of digital mutual aid for online communications.
Installing FreedomBox
A lot of the work is done by FreedomBox which is a part of the Debian project. All I needed to do to get started was run $ sudo DEBIAN_FRONTEND=noninteractive apt-get install freedombox
on a server running Debian. After that, I'm able to use the web-based interface from there to install and configure the services that I want. Right now, it's running on Vultr with a rather beefy 2 vCPU, 4096 MB RAM, 100 GB NVMe machine. I chose this because I had the intention of sharing the server with other people, but to be honest it's a little excessive at the moment since I'm not running any particularly demanding services.
Currently it runs email, an XMPP server, a CalDAV and CardDAV server, an RSS reader, file sharing, and an IRC bouncer shared with 5 people at the moment, so it uses very little resources. To put this more concretely, the highest CPU usage is 6% in the past month! Memory usage is around 2Gb total at the moment. So it seems like there's a lot of space for more people to use it or perhaps even more services in the future depending on people's needs.
Privacy adjustments
Since I'm sharing the server with other people, I wanted to figure out how I could limit the information that I have access to as an admin. Currently, I have rspamd subject privacy enabled which obfuscates the subject in the rspamd logs, and I also set the system logs to only be kept in memory only which prevents a lot of metadata from being saved to disk and backed up. I'm hoping people would consider using encryption as well whenever email or chat so that I don't ever have access to them.
Backup setup
FreedomBox can create daily backups to disk, but you can also set it up to back up to a remote server that supports SSH access like rsync.net in case of disk failure. Make sure the the backup is encrypted as well so that no one else has access to the backups.
Increasing email reputation
I found out soon after setting up the server was that the IP that I got had a low reputation (based on the blacklists that I was in, it seems that the IP address I had used to be an open proxy and potentially part of a botnet as well), and the domain I had was untrusted as well because it was too new. So I did a bunch of work to make my server as reputable as possible:
Add DKIM signing: One of the things that didn't come with FreedomBox is DKIM signing which ensures that the email isn't forged by a different person, so I followed this tutorial to enable it on the server.
Set up reverse DNS: On Vultr, I was able to setup reverse DNS easily through their control panel. This, from what I understand, is something that improves the email's reputation.
Contact spam blocklists: It also took a lot of work to contact blocklists and convince them that I'm doing everything correctly and that I'm not sending spam out into the world.
Uptime notification
On a separate server, I have a monitoring tool set up which sends me notifications when one of my services go down. You can find that here on lahat.computer/status/bababa-din.
No copyright. This website is marked with CC0 1.0. Do whatever you want with anything in here. Steal, copy, distribute, modify, even sell. Fuck private property.
-
Mastodon: @jag@weirder.earth and @durian@ni.hil.ist
-
Contact: jag@aangat.lahat.computer
-
Photos: Flickr
-
Zines and masks: Durian Distro
-
Bookmarks: Bookmarks