I’ve now been running my personal server, Thulium, for seven years and four-and-a-half months, and three of those years have elapsed since my previous post. Not much had changed in those intervening years until very recently, so I thought I’d map them out here.
Bigger, better VPS
Thulium still lives as a Hetzner VPS in Germany. However, it has been upgraded to:
- A CPX21 cloud server in Nuremberg with 3 vCPUs, 4 GB RAM, and 80 GB disk space for 7.05€/month; and
- A BX11 storage box in Falkenstein with 1 TB storage for 3.20€/month.
I consolidated the storage box and the attached volume, so now my borg backups to into the storage box. I use a total of 255.69 GB of the storage box, according to the Hetzner dashboard, with its snapshots taking up 54.1 GB and borg backups taking up 59.71 GB, well exceeding the original storage box’s 100 GB of storage. I also upgraded the server for disk space reasons, of which 65 GB is used up, with Nextcloud alone taking up 43 GB, also past the original disk space of 40 GB.
New domain, new me
It seems that every time I make major changes, I also buy a new domain name. All of my public-facing services are now hosted at various subdomains of ionchy.ca, although the domain itself redirects to ionathan.ch, which in turn points to a static website hosted on sourcehut pages. I used Dynadot as the domain registrar (which I used for types.pl), since I had issues with verifying my Canadianness through Glauca, although I do use Glauca’s nameservers to set DNS records. I’ll still hold on to ionathan.ch, which feels more appropriate for academic-related things and matches my GitHub username, but I’m using ionchy.ca for most other things, including my Bluesky handle.
Server services
Now onto the exciting stuff: all the new things I’m self-hosting! I downgraded when I moved from my home server to a VPS, but now I’m back with even more fun things. Only three of them are public-facing:
- The same Nextcloud instance, ever as before;
- Gitbert is now on Forgejo, migrated from Gitea after the fork; and
- 🆕 A single-user instance of Gotosocial.
In fediverse news, cybre.space shut down in January 2023, which I joined on 25 April 2017, according to my records — that’s almost six years of cybre! After that, I briefly hopped back to the server I was on before, octodon.social, which also shut down in April 2025 after eight years of operation since 2017. So I finally set up my own instance on 12 March 2025, which will shut down when I’m tired of it.
Two services are now what I consider internal:
- The FreshRSS instance, originally exposed at rss.ionathan.ch; and
- 🆕 Gotosocial’s fork of the standalone Mastodon frontend.
These I access on a VPN with my server, my laptop, and my phone, set up through Wireguard. I intend on only exposing services that actually need to be public, like my Git server or my fediverse account. I’d like to also only access my Nextcloud instance privately, but I haven’t yet figured out how to modify the configs to do so, since Nextcloud doesn’t seem designed for this kind of usage.
Finally, my mail server is running as before, but alongside Postfix as the SMTP server, I now also use Dovecot as an IMAP server so that I can send and receive emails from my phone. This requires punching a few more holes in my firewall, summarized in this table.
| Port | Protocol | Service |
|---|---|---|
| 22 | TCP | SSH |
| 222 | TCP | Git SSH |
| 80 | TCP | HTTP |
| 443 | TCP | HTTPS |
| 443 | UDP | HTTP/3 |
| 25 | TCP | SMTP |
| 465 | TCP | SMTPS |
| 993 | TCP | IMAPS |
| 51820 | UDP | Wireguard |
On the networking side, I’ve enabled Brotli compression and HTTP/3 in Nginx, which uses port 443/UDP. I’ve also finally enabled fail2ban, which is now banning an astonishing number of attempts to SSH into my server.
What I don’t host
I continue to not self-host this website nor my public-facing wiki. These have hopped around a lot in the past while — my website was originally on GitHub Pages, then on GitLab Pages when GitHub was sold to Microsoft, then briefly on Codeberg when a bunch of people were emigrating from GitHub after GitHub was announced to be absorbed by Microsoft CoreAI, finally settling on Sourcehut Pages after Codeberg announced storage limits and succumbed to LLM scrapers due to their recent visibility in the public eye. While Sourcehut Pages also has a static site limit of 1 GB (a whole 250 MB more than Codeberg!) and has also suffered from LLM scrapers, I’m placing my bets on Sourcehut’s relative obscurity combined with its maturity. I’m also hoping that once Forgejo federation is complete, I can federate my instance with Codeberg’s, so having a Codeberg account would eventually be redundant.
The next seven years of Thulium?
It’s hard to say what will and won’t remain on Thulium, or what more I’ll add to it, or whether I’ll continue to want to be a server maintainer. I have a few exit routes in mind — creating an alt on types.pl, migrating to Codeberg entirely, borg backups directly from my laptop to the storage box.
So far I’m still enjoying managing these things myself, so what’s on my mind is hosting even more things! In the immediate future, I might host my own public SearXNG instance, and now that I have a VPN set up, I’m contemplating a private Immich app, but that might require moving my photos from the storage box to a mounted volume (it turns out the storage box really is for storage, and live retrieval doesn’t work great). I’m also thinking about how to showcase my film photos and hosting them myself instead of on Flickr, which isn’t really the use case of Immich, so it would be a different app. In that case, I don’t necessarily need to host the actual files myself, and it would be best to use a CDN to propagate them anyway; something like bunny.net would work for me.