Identity

E-mail

Because I use Fastmail, I have the possibility to generate masked email addresses. This means that I typically don't expose my actual email address for services I don't trust. Furthermore, I typically try to use unique email addresses per service. If one address starts receiving spam, I just remove that address and I find out which service leaked it.

This is not as inconvenient as it may sound, since Bitwarden supports auto-generating these masked email addresses through Fastmail's API. For new accounts, I'm thus able to generate a unique email address and password with the Bitwarden browser plugin.

When signing up for a service without access to Bitwarden, I typically sign up an email address like static_foo+unique_bar@skogsbrus.xyz. This way I'm still able to filter spam, unless the service recognizes the + pattern and removes it.

Aside from these "throwaway" addresses, I have a private address that I keep for personal emails and a public address where I'm available for strangers / new contacts.

Social platforms

I am very private or anonymous on most social platforms, but there are a few exceptions where I have a public persona:

Security

Authentication

My family and I use Bitwarden. We have a Yubikey each, enrolled in an n^2 fashion. We can't look inside each others' vaults, but we can recover them upon request.

In Bitwarden, I store all kinds of secrets. But mostly passwords and usernames. Account credentials are typically one of the following combinations:

  • email, password, TOTP
  • email, password, Yubikey
  • email, password, verification code over secondary email/text

In a sense, Bitwarden is a single point of failure in my digital life. If an attacker manage to breach it, they will be able to pwn most of my accounts. But to do so, the attacker must know my master password and get a hold of my Yubikey.

Pwning individual accounts is also hard, depending on the service's security, since most use 2FA.

Home lab

I have lots of computers that I manage with Nix(OS). This lets me keep one configuration up-to-date, and not have to worry about which machine I'm on: they have roughly the same configuration and are all easy to maintain.

Have a look at my NixOS config for more information. The main benefit with using NixOS to maintain multiple devices is that the function of maintenance and time is logarithmic: you spend most of the time in configuring one device. Configuring two, three, or four adds very little overhead.

Networking

One of the devices that I maintain with NixOS is my home network router.

It was a very rewarding experience in setting up a (simple) network infrastructure from scratch, which you can read more about here.

WireGuard

My principal use case for WireGuard is to be able to access my local network from anywhere. To accomplish this, my router allows its WireGuard peers to also access hosts on its local network.

Reverse Proxy

Certain services, such as photoprism, is nice to be able to reach without VPN. For these I've set up a port forwarding from my router to my server, where Caddy + Authelia combine to provide a dead simple, 2FA-secured reverse proxy for any service locally hosted on my server.

The setup for this may become a separate blog post in the future.

NAS

ZFS

The server storage is managed with ZFS to provide data integrity. Datasets are configured per media type, such as photos, videos, music, or games. Since datasets are separate file systems, moving a file between two datasets means actually copying the data byte-for-byte. So configuring datasets to be organized by media type makes sense, since I'll never have a good reason for moving a photo to the video dataset.

Backups

For backups, I have a Terraform-managed repository for cloud infrastructure. I currently use Backblaze as a remote backup target.

Photo management

Retrieval

I use Syncthing (receive-only) to retrieve photos taken from my phone to my NAS.

Sorting

I use my own script for renaming photos by date and sorting them into sensible folders. This script moves the photos from the Syncthing folder to my actual ZFS dataset for photos.

This script runs as a Systemd service.

Access

For accessing & interacting with my photos, I self-host Photoprism.

Budget

These aren't all the expenses that I've accumulated over the years, but they're the costs that might be relevant for people other than myself to learn from.

Note that these expenses were paid for in SEK in various points of time, but have been converted to USD as per an exchange rate in 2023 (~10-11 SEK/USD).

Fixed costs

NASCost
Fractal Design Node 304$84
4x Ironwolf ST8000VN004 8TB 256MB$999
Reused AMD 3 1200 AM4$0
Reused XFX Radeon RX 460$0
ASRock Fatal1ty B450 Gaming-ITX/ac$152
Crucial DDR4 2x8GB DIMM$57
WD Green M2 SSD 240GB$29
Total$1321
What?Cost
NAS$1321
Router$318
2x Yubikeys (free from work)$0
Total$1639

Recurring costs

What?Monthly cost
Fastmail Standard$5
OVPN$4
Bitwarden Family$3.33
Namecheap domain$0.93
Backblaze storage$5
Total$13.26