Tech: srvpun

In this blog thingy I will talk about what VPS I use, what I host on it, the distro I've installed on it, and more.


I'm using Vultr, I choose Vultr over something like Digital Ocean or other VPS's because:

Distro & kernel

Like I said before I'm using CRUX because I feel locked down using any other distro.

I'm using an almost generic (mostly up-to-date) kernel with KVM support compiled in. I'm currently running the 4.10 kernel with bfq I/O scheduler patch. I didn't really make a lot of changes to the kernel besides remove some useless device drivers like the USB driver.


So the primary use of my VPS is to host this very website, I've tried pretty much every httpd before settling with Caddy. Here are some nice httpd's I tried but dropped for one reason or another:

So now I'm using Caddy, it's pretty much perfect: written in go (which I'm learning), built in automagic ssl/let's encrypt support, a simple yet powerful config file, and easy to install addons... Oh, and it uses http\2.

I'm pretty much using my website as a filehost (using a forked version of the Caddy upload addon), and to host some stuff like my various RICE pages. I recently also started working on this blog thingy you are reading right now.

Anohter thing I'm using my VPS for is hosting a Syncthing node, Syncthing is pretty much like Dropbox, but free (as in freedom and free beer), p2p, and doesn't have NSA backdoors. Like Caddy it's also a pretty new project, and also written in go.

I'm really liking so far, the only downside is that it doesn't have (official) support for inotify yet, so it uses some sleep interval to sync directories. Although there is a program called syncthing-inotify which provides inotify support, and there's also a WIP inotify PR on Github, so maybe it'll land in the official syncthing tree someday.

Ok, so I didn't really like Syncthing, because it often had conflicting files or randomly deleted files. So I switched to Unison, it's pretty mnml. It's pretty much a bidirectional rsync, and it isn't a daemon (although you can make it be). Most importantly it just werks for me.


So yeah that's pretty much what I use my VPS for, for now, I still need to up the security a bit, maybe use a hardened kernel for example, make some unprivileged user that runs Caddy (just did this, I also recompiled my entire box using the fortify source and stack protector cflags).