blog: selfhostingHEADmain

1 files changed, 83 insertions, 0 deletions

diff --git a/content/w/5-selfhosting.md b/content/w/5-selfhosting.md
new file mode 100644
index 0000000..0ad5357
--- /dev/null
+++ b/content/w/5-selfhosting.md
@@ -0,0 +1,83 @@
+---
+title: "Transitioning to self-hosting"
+date: 2026-05-01
+taxonomies:
+  tags: ["web", "self-hosting"]
+---
+
+I have migrated this site from [Codeberg Pages](https://codeberg.page/) (and
+before that, [sourcehut pages](https://srht.site/)[^1]) to a VPS. This is something
+I've been considering for a long time and finally got around to it this week,
+in no small part encouraged by recent discourse (see: [one], [two], [three]).
+
+Git
+===
+
+I already moved off many GitHub years ago, seeing the, uh, direction, it was taking
+after the Microsoft acquisition... I remember when GitHub used to be a good
+example of a lightweight website, but much ink has been spilled already on its
+overall degradation (see above, also [four]).
+
+I've also set up my server to host [my git repos], inspired by the post [Git
+without a forge]. This amounts to a bunch of bare repos and [cgit] as a
+frontend.
+
+However, for now I will continue using [Codeberg](https://codeberg.org/lsof/)
+for public projects for exposure, reachability, ease for potential contributors,
+etc.
+
+Setup
+=====
+
+This site and everything in this domain is running in a cheap VPS (1 vCPU, 1GB
+RAM) with nginx. Using [Tailscale], I can very easily access it remotely. I use
+[Zola] for the static site, building it on my computer and scp'ing the
+generated HTML over to the remote server[^2].
+
+For the git 'server', I created a `git` user with its home in `/srv/git/`,
+where the bare repos live.  This gives me write access to it via ssh with a
+remote like `git@<VPS tailnet IP>:<repo name>`. I have the actual VPS
+firewalled to reject all traffic except for HTTP (port 80) and HTTPS (port
+443), so I can only SSH to it via tailscale, which is good for security
+(probably). I also support regular HTTPS cloning. For the frontend I use [cgit]
+as mentioned. It integrates easily with nginx, is lightweight, and has a
+configurable cache. I've lightly customised its CSS. 
+
+TODOs, Future Plans
+======================
+
+1. Contingency measures to deal with higher traffic load (nginx cache? rate
+  limiting? anti-crawler blockers ([Anubis](https://anubis.techaro.lol/)?
+  [Iocaine](https://iocaine.madhouse-project.org/)?).
+
+2. Performance/load monitoring tools (Grafana?).
+
+3. A personal fediverse server, considering some lightweight options:
+
+    - [Akkoma](https://akkoma.social), well established. Elixir + postgres.
+    - [GoToSocial](https://gotosocial.org/), more frugal. Go + sqlite/postgres.
+    - [snac](https://codeberg.org/grunfink/snac2), very minimalistic. C + UNIXy filesystem-based DB.
+
+4. Run the actual server locally (I have an old Raspberry Pi around, or an old
+   laptop..) and keep the VPS just as a reverse proxy that essentially tunnels
+   the local server over tailscale, maybe with caching and anti-bot filters on
+   top of that. That way I get to run the server locally without exposing my
+   home IP. I like the idea of my servers being something I can physically
+   access.
+
+[one]: https://technomancy.us/204
+[two]: https://lonami.dev/blog/ditching-github/
+[three]: https://dbushell.com/2026/04/29/github-is-sinking/
+[four]: https://mitchellh.com/writing/ghostty-leaving-github
+[Git without a forge]: https://www.chiark.greenend.org.uk/~sgtatham/quasiblog/git-no-forge/
+[my git repos]: https://git.lemon.rip
+[cgit]: https://git.zx2c4.com/cgit/about/
+[Zola]: https://www.getzola.org/
+[Tailscale]: https://tailscale.com/
+
+[^1]: And before *that*, GitHub Pages. I gotta keep this one around for
+    [something I made that the OoT speedrunners
+    use](https://lemon32767.github.io/ootfname.html), or at least just that  page.
+
+[^2]: I *could* automate this step by having a post-receive hook in the server
+   that runs `zola build` when `push`ed to, but it's fine like this.