Introduction

freshair.farm is a hub of open-source services that I run in order to promote and help educate friends & family on data privacy.

Current Services

Matrix

I run a federated matrix instance for friends and family to avoid other services such as WhatsApp, Facebook Messenger and Telegram as much as possible. I also run a rotating list of clients (Element, Cinny, etc). Registration is currently not open to public.

Forgejo

Foregejo is an open source git version control server. I chose to run this myself as I do not trust any existing services out there to not feed my code into LLMs. You can visit the site here. Registration is currently not open to public.

Vaultwarden

Vaultwarden is a Rust implementation of the Bitwarden vault specification. This allows users of the Bitwarden ecosystem to store their vault somewhere else. I run this to allow friends & family to have access to a free password manager. Registration is currently not open to public.

Redmine

Redmine is an open source project management web application. My friends and family use this to track various projects. You can visit the site here. Registration is open to public, but approval is manual.

Retrospective

Initial motivation: I found the current landscape of tech frustrating. I wanted to connect with my friends, and I wanted to have things like password managers, but I can't trust what's out there. From supply chain attacks, to service providers that refuse to update their system even when confronted with vulnerabilities, I just had enough and wanted to host something myself. I figured if the more avenues they had to access these tools, the better! Further, I thought it would be fun to learn what goes into maintaining services that people use and rely on.

What I've learned: It is dangerous and scary exposing your computer to the internet. Given that I'm a one man team, it was important for me to realize that I cannot realistically be looking at this 24/7. This influenced 3 decisions, first being that I would keep the list of services to a minimum, I would disable open registration to tools that are sensitive, and avoid exposing the underlying server to the internet as much as possible.

This led me down a path of proxies, tunnels, VPNs, and all that fun stuff. I won't go into too much detail in terms of how I've got everything setup, but I'm fairly proud of what I've accomplished.

Ansible is also a great tool. I think it's great that we have "infrastructure-as-code" these days. Plus, the idempotency part makes things really safe.

What I'd do differently: A better VPS host. I am very unhappy with my current host. I've experienced a few unexplained services outages.

Next steps: I would like to add more security and services to the site. I also need a landing page.