My Digital Life [draft]
Identity
Since I use Fastmail, I have the possibility to generate masked email addresses. This means that I typically don't expose my actual email address for services I don't trust. Furthermore, I typically try to keep unique email addresses per service. So if one address starts receiving spam, I just remove that address.
This is not as inconvenient as it may sound, since Bitwarden supports auto-generating these masked email addresses through Fastmail's API.
When signing up for a service without access to generating masked email
addresses, I typically sign up an email address like
static_foo+unique_bar@skogsbrus.xyz.
This way I'm still able to filter spam, unless the service recognizes the +
pattern and removes it.
Aside from these "throwaway" addresses, I have a private address that I keep for personal emails & a public address where I'm available for strangers / new contacts.
Social platforms
I am very private or anonymous on most social platforms, but there are a few exceptions where I have a public persona:
Security
Authentication
My family and I use Bitwarden. We have a Yubikey each, enrolled in an n^2 fashion. We can't look inside each others' vaults, but we can recover them upon request.
In Bitwarden, I store all kinds of secrets. But mostly passwords and usernames.
2FA for services
Wherever it is supported I use Yubikeys and a randomly generated password from Bitwarden. Where Yubikeys aren't supported, I use TOTP stored in Bitwarden.
For most services, an attacker thus has to:
- compromise my 2FA
- compromise my master password or a target service's password.
Home lab
Under construction! For now, have a look at my NixOS config.
All computers that I own (excluding my phone), run either NixOS or MacOS with Nix-Darwin. This means that I'm able to configure them all with on repository to get a smooth and consistent experience.
Networking
I've built my own router on top of NixOS, letting me customize my network exactly as I want it. You can read more about that here. Getting it exactly as I want it is a process though :)
WireGuard
My principal use case for WireGuard is to be able to access my local network from anywhere. To accomplish this, my router allows its WireGuard peers to also access hosts on its local network.
NAS
ZFS
TODO:
- describe reasoning behind datasets
- describe settings
Backups
Currently investigating whether I should build a second NAS for remote backups or if I should use an S3-like solution.
Photo management
Retrieval
I use Syncthing (receive-only) to retrieve photos taken from my phone to my NAS.
Sorting
I use my own script for renaming photos by date and sorting them into sensible folders. This script moves the photos from the Syncthing folder to my actual ZFS dataset for photos.
This script runs as a Systemd service.
Access
For accessing & interacting with my photos, I self-host Photoprism. It works great when using MySQL (SQLite got very slow with lots of photos).
Budget
These aren't all the costs that I've accumulated over the years, but they're the costs that might be relevant for people other than myself to learn from.
Fixed costs
NAS | Cost |
---|---|
Fractal Design Node 304 | $84 |
4x Ironwolf ST8000VN004 8TB 256MB | $999 |
Reused AMD 3 1200 AM4 | $0 |
Reused XFX Radeon RX 460 | $0 |
ASRock Fatal1ty B450 Gaming-ITX/ac | $152 |
Crucial DDR4 2x8GB DIMM | $57 |
WD Green M2 SSD 240GB | $29 |
Total | $1321 |
What? | Cost |
---|---|
NAS | $1321 |
Router | $318 |
2x Yubikeys (free from work) | $0 |
Total | $1639 |
Recurring costs
What? | Monthly cost |
---|---|
Fastmail Standard | $5 |
OVPN | $4 |
Bitwarden Family | $3.33 |
Namecheap domain | $0.93 |
Total | $13.26 |