summaryrefslogtreecommitdiffstats
path: root/content/pages/setup.rst
blob: a6eeb77e922e1c51929f8dd64571031803becdee (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
:title: My setup
:status: published

I'm always interested in what tools others are using to get their work done. On this page, I want to share how I get my stuff done, at least the computing part of it. This is also inspired by `The Setup <https://usesthis.com/>`_ and Richard Stallman's `"How I do my computing" <https://stallman.org/stallman-computing.html>`_.


Hardware
########

My laptop is a Thinkpad Edge E530. I was lucky to get it quite cheaply without Windows preinstalled. I like about it that it did not yet fail over the last years. I replaced the crappy hard disk with a SSD to get some performance out of the otherwise not very powerful laptop. The screen is not that good, but the fact that it's a matte screen makes it quite usable in the sunlight. I removed the camera and microphone. `This guide <http://www.insidemylaptop.com/replace-screen-on-lenovo-e530-laptop/>`_ was quite helpful for that, although it's actually for replacing the screen. However, the same steps make it possible to access the camera and microphone module above the screen.

I built my own PC after I had finished school and I still use it today. The CPU is an Intel Core i7-860 and runs overclocked at 3.4 GHz which is still enough for my performance needs. The processor is perfectly cooled by a `Scythe Mugen 2 Rev.B <http://www.overclock.net/products/scythe-scmg-2100-mugen-2-rev-b>`_ which is not only really huge but also very quiet. I added 8 GB of RAM and the motherboard is a `MSI P55-GD65 <https://www.msi.com/Motherboard/P55GD65.html>`_. I can't really say something positive about the motherboard as it made quite some issues over the years. The only bad purchase besides the motherboard was the GPU. I managed to buy a variant of the Nvidia GeForce GTS 250 from EVGA that has the fan always running at 100%. To keep the noise down, I replaced the fan with an `Alpenföhn Klara <http://www.alpenfoehn.de/auslaufmodelle/klara>`_. The power supply is from `bequiet! <http://www.bequiet.com/>`_ and everything is kept inside a nice Aluminium case from Lian Li that also has a side panel window. The only issue is the sometimes oscillating and thus noisy side panel.

For personal data and services for family and friends, I use a HP ProLiant MicroServer N54L as a home server. It is equipped with two 1 TB disks. A TP-Link TL-WDR4300 serves as router with an Allnet ALL0333CJ as modem. This blog and other public stuff is hosted on a `VPS <https://en.wikipedia.org/wiki/Virtual_private_server>`_ which uses `KVM <http://www.linux-kvm.org/page/Main_Page>`_. I'm planning to move from the VPS to another home server as soon as I have access to a fast internet connection that is separate from the one the MicroServer is connected to. I'd like to keep the two servers completely separate from each other so I can use them as backups for each other.

Furthermore, I own two Samsung Galaxy S III phones. One of them is my daily driver and I use the other one for development work on `Replicant <http://www.replicant.us/>`_.


Software
########

Freedom/security aspects and the operating systems I use
--------------------------------------------------------
`I try to use as much free software as possible <{filename}/why_free_software.rst>`_. Unfortunately, we are not yet at the point where we can buy almost any kind of hardware and use it exclusively with free software. My laptop and PC work fine with the free graphics drivers for Intel and Nvidia chips. On the operating system level, I don't depend on nonfree software in the case of the PC, home server and router. However, the laptop needs a nonfree firmware to make the Intel Wireless card work.

My PC, laptop and home server need proprietary hardware initialization software. There isn't a free `BIOS <https://en.wikipedia.org/wiki/BIOS>`_ replacement available yet. I'd like to use hardware that is supported by `Libreboot <https://libreboot.org/>`_ or at least supported by `Coreboot <https://www.coreboot.org/>`_. The `Libreboot website <https://libreboot.org/>`_ explains why it's important that free software boots up your system. It also sums up why security and privacy is only possible on `Intel <https://libreboot.org/faq/#intel>`_ and `AMD <https://libreboot.org/faq/#amd>`_ hardware that is several years old.

..
   A nonfree BIOS causes several issues. Among others, many manufacturers use whitelists to only allow the usage of a certain hardware. This makes it difficult to replace parts of the hardware. The nonfree BIOS is often slow and bloated. It may contain backdoors Security issues are  

Unfortunately, my two phones also need proprietary initialization software. The bootloaders are not even replaceable because the hardware only runs bootloaders that are signed by the manufacturer. `There is also a second nonfree operating system running on the modem and various chips need proprietary firmwares for which there are no free replacements yet <https://redmine.replicant.us/projects/replicant/wiki/GalaxyS3I9300PrivacySecurityEvaluation>`_. The `Replicant website <https://www.replicant.us/freedom-privacy-security-issues.php>`_ explains why these issues need our attention. The graphics chip and GPS even need proprietary drivers that run on the main CPU. I use a QSTARZ BT-Q818XT as external GPS receiver over Bluetooth. It is quite accurate, has a long battery life and works nicely with my updated `BlueGPS <https://code.fossencdi.org/BlueGPS.git/>`_ app version. I don't use any proprietary drivers or other software that runs on the main CPU of the phone, but I use some proprietary firmware to get different functionality working.

The two servers, the PC and the laptop are running `Debian Stable <https://www.debian.org/>`_. I tried many different `distributions <http://distrowatch.com/>`_, but I always came back to Debian. It has a huge community, focuses on free software and is stable and secure. The router is running `Openwrt <https://openwrt.org/>`_. `Replicant 6.0 <https://redmine.replicant.us/boards/21/topics/12057>`_ powers the phones.

I use various tools to make my desktops and servers more secure and to reduce the maintenance burden. For example, I make heavy use of AppArmor to confine critical or Internet-facing applications. `Here <https://code.fossencdi.org/config.git/tree/apparmor-profiles>`_ are some of my customized profiles. My kernels are hardened with `grsecurity <https://grsecurity.net/>`_ including PaX.

Desktop
-------
For some time, I switched between `Xfce <https://www.xfce.org/>`_, `KDE's Plasma Desktop <https://www.kde.org/workspaces/plasmadesktop/>`_ and `GNOME 3 <https://www.gnome.org/gnome-3/>`_ as my desktop environment of choice. Quite some time ago, I settled with `i3 <https://i3wm.org/>`_ which is not even a desktop environment but an awesome tiling window manager. It is very lightweight, fast and makes a completely keyboard-driven workflow possible. `Here <https://code.fossencdi.org/config.git/tree/i3-config>`__ is my config file. `LightDM <https://www.freedesktop.org/wiki/Software/LightDM/>`_ is my favorite display manager and `urxvt <http://software.schmorp.de/pkg/rxvt-unicode.html>`_ is my default terminal. `/r/unixporn <https://www.reddit.com/r/unixporn/>`_ is a great source for nice-looking customizations for i3 and urxvt. `I use Emacs for almost all text-related tasks <{filename}/pages/notes.rst#emacs>`_. `Redshift <http://jonls.dk/redshift/>`__ keeps eyestrain away when working later at night.

Of course, `my photo and video editing workflow only involves free software <{filename}/pages/notes.rst#media>`_, although some of my older `photos <https://fossencdi.org/gallery/index.html>`_ were edited with nonfree software because I wasn't yet aware about free software at the time. Sometimes, I use a Wacom Bamboo tablet for editing photos, creating vector graphics or annotating documents in `Xournal <http://xournal.sourceforge.net/>`_. `qpdfview <https://launchpad.net/qpdfview>`_ is my go-to PDF viewer because it makes it possible to open many PDF files in a tabbed view and it syncs nicely a PDF preview of my `LaTeX <https://www.latex-project.org/>`_ documents.

My music is handled by `MPD <https://www.musicpd.org/>`_. It's a daemon that can be accessed by different interfaces. On the desktop, I use `ncmpcpp <https://rybczak.net/ncmpcpp/>`_. On the phone, I stream music from my PC with `MPDroid <https://github.com/abarisain/dmix>`_. I like about MPD that it almost always plays my music without any hiccups, even when the machine is under full load including heavy disc IO.

`youtube-dl <https://rg3.github.io/youtube-dl/>`_ in combination with `mpv <https://mpv.io/>`_ and `MediathekView <http://zdfmediathk.sourceforge.net/>`_ are used to access videos that are available on the Internet. My IRC setup consists of `WeeChat <https://weechat.org/>`_ and `ZNC <http://wiki.znc.in/ZNC>`_. `pass <https://www.passwordstore.org/>`_ stores all my passwords. The ugly but extremely handy `Ding dictionary lookup program <https://www-user.tu-chemnitz.de/~fri/ding/>`_ is my dictionary and thesaurus interface.

Self-hosting
------------
In my experience, setting up email processing is the most difficult part of a self-hosted setup. On the servers, my mail is handled by `Postfix <http://www.postfix.org/>`_, `Dovecot <http://dovecot.org/>`_, `amavisd-new <https://www.amavis.org/>`_, `SpamAssassin <https://spamassassin.apache.org/>`_, `Postgrey <http://postgrey.schweikert.ch/>`_, `Roundcube <https://roundcube.net/>`_ and `ClamAV <https://www.clamav.net/>`_. Everything is glued together with MySQL.

On my home server, `Tiny Tiny RSS <https://tt-rss.org/gitlab/fox/tt-rss/wikis/home>`_ aggregates all my various reading sources including news, blogs, comics and software updates. I also have an `ownCloud <https://owncloud.org/>`_ instance running, but it's only used to share files with others. At some point, I will replace ownCloud with `Coquelicot <https://coquelicot.potager.org/>`_ which is much easier to maintain and does everything that is needed for file sharing. I do my own file syncing with `git-annex <https://git-annex.branchable.com/>`_. Calendar and contacts are synced with `Radicale <http://radicale.org/>`_. I also maintain an `Etherpad <http://etherpad.org/>`_ instance for notes and to work together with others on documents. `Prosody <https://prosody.im/>`_ works best for me as a Jabber/XMPP server. Besides `Tor <https://www.torproject.org/>`_, I experiment with `I2P <https://geti2p.net/en/>`_, especially with the file sharing part of it. `BIND <https://www.isc.org/downloads/bind/>`_ does my DNS, but shame on me: I still didn't have the time to set up `DNSSEC <https://en.wikipedia.org/wiki/Dnssec>`_ and `DANE <https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities>`_. But I use `Unbound <https://www.unbound.net/>`_ as a recursive DNS resolver on my routers and on my laptop. In this way, I have at least DNSSEC validation support available.

Together with the services that are hosted `here <https://fossencdi.org>`__, I am able to self-host every service that I need and that involves my personal data.