Personal infrastructure

Why?

• I’m trying to reduce my reliance on big tech (see my DeGoogling project) and want to make it easier to self-host services or manage DNS for services I have others host.
• I want to simplify the process of building and deploying things. Having the right infrastructure and some CI/CD practices in place should make a “deploy first” approach easy.
• My personal software infrastructure is spread across different places—consolidating it would be nice.

Requirements

• [ ] Ability to easily deploy from GH actions.
• [ ] Can manage it using infrastructure-as-code.
• [ ] Object storage and the ability to put a CDN around it.
• [ ] Some sort of serverless function.
• [ ] Relatively inexpensive VMs.
• [ ] A managed relational DB solution would be nice.
• [ ] Not Microsoft, Google, or AWS.
• [ ] A private container registry.
• [x] Ability to manage DNS records.

Log

2025.04.12

• I'd consider this done if I had a way to easily re-provision the setup I've created.

2025.03.25

• Closed AWS account.

2025.03.21

• Removed old NAS backup from S3.

2025.03.18

• Moved NAS backup to DO. It'll be slightly more expensive than S3, which isn't surprising. That's the cost of consolidation and not using a massive player I suppose.

2025.03.14

• Apparently you need to login to your Docker account with a PAT before you can pull anything from Docker hub. Was able to successfully pull from public ECR no problem.
• Now to sort out securing services run with Docker since ufw is apparently useless for this purpose.
  • I think option 2 of the first answer on this site is the best option.
• I think I need to redo my cert. I don't want to keep getting new ones for each subdomain. I'll probably just get a wildcard one and see if I can some how automate renewal by giving something access to my DO DNS so it can update the TXT record.
  • Got a DO API token scoped to just modifying domains.
  • sudo apt install python3-certbot-dns-digitalocean
  • mkdir -p .secrets/certbot/digitalocean.ini
  • sudo vi .secrets/certbot/digialocean.ini
  • dns_digitalocean_token = DIGITALOCEAN_API_TOKEN
  • sudo chmod 600 .secrets/certbot/digitalocean.ini
  • sudo certbot certonly \ --dns-digitalocean \ --dns-digitalocean-credentials .secrets/certbot/digitalocean.ini \ -d "[your domain]" -d "*.[your domain]"
  • That should also setup automatic renewal.
• Successfully got linkding running using this method. Also got bookmarks migrated by doing a simple export/import. DNS isn't setup correctly yet.
• Might be a good idea to setup a credentials helper for Docker.

2025.03.13

• Installed Docker on the droplet, mostly using the instructions outlined here. I deviated on the part regarding how to install Docker and deferred to these.
• Can't download and pull a test image because it says I've reached my rate-limit with Docker hub. Not sure what's going on there...

2025.03.09

• Setup nginx on the droplet using these instructions
• I'm thinking it'd be a good idea to route traffic for my apex domain to my droplet. Then I can use nginx to redirect, or more easily put other services I host on sub-domains. Can still use DNS records if service is somewhere else though.
• Started routing traffic to my apex domain to my droplet and secured nginx using these instructions. Didn't follow them exactly since I still want to host my website on GH pages for now. But the redirect from my apex to the site happens on my droplet now.
• Good next step may be to migrate linkding.

2025.03.07

• Created a DO droplet.
• Set droplet up using these instructions.
• Migrated domain DNS management to DO from Namecheap. Pretty painless.

2025.03.04

• Some initial options to investigate:
  • DigitalOcean
  • Hetzner
  • Vultr
  • Scaleway