Canned internet presense

Once upon a time I’ve participated in the project of canned SOHO server. We thought that we can prepare Linux system which can be sold preinstalled on office server and then office sysadmin have just to plug in internet and LAN cables and fill few forms, and then he’ll got working mail system, file server and everything which is needed for work of small firm.

Now, internet penetration into people’s live is much deeper. So, even private persons need something - email, messenger, account in the social network.

But there are multiple hosting and cloud providers which are ready to deploy virtual private server so, no need to pay for externally reachable IP address. Although growing IPv6 penetration can make home servers feasible again.

So, is it good idea to create preconfigured image for server, which would contain E-Mail server, Matrix node for messenger and some fediverse software for social network, so user have only to type in domain name and fill out user names for ones family members, and got working family server for messenger, social network, mail and calendar/addressbook?

Really I have everything of this and much more on the smallest possible VPS. But this setup grows gradually for years. For instance, just a year ago my messenger was jabber, not matrix.

Now, when I tell in some discussions that running one’s own mail server is very easy, people don’t believe, and tell “You’ll got tons of spam and big providers like gmail wouldn’t accept your mail”.

But it is just plain wrong. If your server have proper reverse DNS and SPF record in your domain I even don’t use DKIM and nobody rejects my mail. But nothing prevent us from setting up DKIM.

Really, it is quite good idea to host DNS for your domain on the same virtual server. There are a lot of strange DNS records which are needed to be manipulated. And it is better to manipulate them from software, then to require user use web inteface of DNS hosting provider. Of course, if hoster supports updates via RFC2136, it can be done this way.

Note also, that nowadays everybody needs TLS sertificate for both https and smtp. And it is good idea to use TLS for IMAP as well. Most end-users use Letsencrypt as certificate, and letsencrypt also has domain validation methods, which require DNS manipulation.

So, it looks like small linux installation with following software installed:

• bind
• some MTA, i.e. postfix
• dovecot
• matrix-synapse
• some fediverse node
• some webmail - prayer, roundcube or squirelmai
• some letsencrypt client
• web-server to act as frontend-proxy
• some administrative web interface which would let set up domain name, add/remove users and change their passwords.

I prefer not to create system users for all users of such server, rather keep virtual user database for dovecot and make dovecot work as SASL to postfix. May be there should be ldap to keep same userbase for mail, matrix and fediverse.

Only problem I see, is how to make all this software coexist on same domain name. Either webmail or Plume want to control entire URL space for domain, Only matrix seems to be good neighbor able to coexist with other services.

Bootstrap is not a problem. First time one can login the to system via IP address with self-signed certificate to set up domain name and request good certificate from Lets encrypt.

Such thing can be distributed as docker image, kvm image and image to be written on SD-card for raspberry pi.

User will need install it somewhere either in some cloud or on physical device, get static reachable IP address, set up this address as primary NS for his domain in his domain registrar’s interface, and persuade provider to set up reverse DNS for this address. All the rest would be done by easy-to-use configuration web-interface of the device.