This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Available services

What services are available and how to use them.

1 - Bitwarden

Your password manager

Information security experts recommend using complex passwords and creating a unique one for each account. Even three or four passwords are difficult to remember, so people often use the same password or similar ones. A password manager solves this problem: it generates complex passwords and stores them in a convenient form.

Bitwarden can be downloaded and configured on your server, which is what we use as part of the SelfPrivacy project. Unlike other free (like freedom) password managers, Bitwarden provides easy synchronization of one database between all devices.

  • WEB-interface: available after SelfPrivacy server configuration, at https://password.YOUR.DOMAIN
  • Official client (GNU/Linux, Windows, macOS, Android, iOS)

Setting an admin token manually

First, make sure your system config is up to date. You may click “upgrade server” in the app and wait for a couple of minutes, or run the following command in the terminal:

cd /etc/nixos
git pull

Then, we have to generate an admin token. Run the following:

nix-shell -p openssl --run 'openssl rand -base64 48'

It will output a string like this:

47pFSgYBbS0G0vCG63nX1yyblzgNaqZ40bNuJnwq2hvOy8ABfe+iHRfBeXlfrRdJ

This will be a password to your admin account. Copy it and paste it somewhere safe. To set it, we will run the following, replacing PASSWORD with the password you just generated:

jq '.bitwarden.adminToken = "PASSWORD"' /etc/nixos/userdata/userdata.json > /etc/nixos/userdata/userdata.json.new && mv /etc/nixos/userdata/userdata.json.new /etc/nixos/userdata/userdata.json

Now, we have to apply the changes:

nixos-rebuild switch

And after rebuilding the system, restart Bitwarden:

systemctl restart vaultwarden

Now, your admin interface is available on https://password.YOUR.DOMAIN/admin.

2 - Gitea

Gitea is a self-hosted Git service

In the age of computer technology, a lot of people deal with program code or configs. The version control system Git is widely used in order not to get confused with them. You can often find links to centralized git-hosting where the security (and sometimes privacy) of the code is questionable.

Owning your own git hosting allows you to store personal files on a private server. One of the best free (as freedom) git-hosting sites is - Gitea. It has all the necessary functionality and a convenient web interface.

  • WEB-interface: available after SelfPrivacy server configuration, at https://git.YOUR.DOMAIN
  • Official console git client (GNU/Linux, Windows, macOS, *unix)

If you want a client with a graphical interface, you can choose it from list of recommendations on the official website.

3 - Pleroma

Decentralized Social Network Server

Any centralized social network will have to take care of moderation, censorship, implementing rules, reading your correspondence as it grows. Another thing is your own social network, which can only belong to you, your family or your team. Only a decentralized network can provide maximum privacy. That’s why we offer you to become part of the Fediverse decentralized network.

At SelfPrivacy we use Pleroma.

  • WEB-interface: available after SelfPrivacy server configuration, at https://pleroma.YOUR.DOMAIN
  • Husky (Android)

Features of Pleroma

  • A social network of any scale: from a personal server with a single account to a massive thematic site;
  • Your social network, your rules. You are the censor, moderator and administrator.

4 - Delta.Chat

E-mail-based messenger with end-to-end encryption

Messengers like Telegram, Signal, Whatsapp cannot be private due to the peculiarity of their architecture - centralization. And peer-to-peer (p2p) services like Tox consume too many resources and are inconvenient to use on a mobile device.

The best solution is to use your mail server for Delta.Chat. Delta.Chat is a messenger based on the email protocol.

If your conversation partner doesn’t use Delta.Chat, it will be just an ordinary email correspondence for him.

Features of Delta.Chat

  • Regular email client with all the features of IM.
  • Reliable end-to-end encryption (e2e), provided a personal email server is used by both interlocutors or a personal key exchange, such as via QR code.
  • Can use any email server, but then you lose control over the meta-information and risk key-swapping man-in-the-middle attack.
  • Slightly slower than usual messengers
  • First message is not encrypted because public encryption keys are sent with it.
  • There are problems with sending files > 5-7MB.
  • There are no convenient channels (chats for mass discussions and sending out information). We recommend using a decentralized social network.

5 - Jitsi

Video conference

Zoom and Google Meet are proprietary software that have limitations in their free versions and do not provide access to their clients’ source code.

But there is an alternative — Jitsi, which is an open source videoconferencing service with similar functionality to its proprietary counterparts.

  • WEB interface: available after setting up the SelfPrivacy server, at https://meet.YOUR.DOMAIN.

  • Android

  • iOS

  • Flatpak

  • Also see the builds in your distribution’s repositories.

Features of Jitsi

  • Does not require registration;
  • Uses avatar from gravatar.com if you specify mail (may violate privacy!);

6 - E-mail

Self-hosted e-mail service

E-mail is a time-tested protocol that needs no introduction. A personal mail server will provide special privacy for all correspondence and is useful for registering in online services and personal correspondence, especially for Delta.Chat.

Authentication

Users from the “users” tab of your app are used.

Connection configuration

Login must the username with the domain. For example, user@domain.tld.

SMTP

SMTP Server: your domain

SMTP Port: 587

Authentication: STARTLS

Username: your username @ your domain (your full email address)

IMAP

IMAP Server: your domain

IMAP Port: 143

Authentication: STARTLS

Username: your username @ your domain (your full email address)

Configuration example for Mozilla Thunderbird

What do we use as our email server?

On the deployed server, the following components are responsible for sending, receiving, filtering emails:

  • Postfix — SMTP server;
  • Dovecot 2 — IMAP server;
  • Rspamd — SPAM filter;

Tips

Alias for addresses

Use aliases for questionable services or one-time needs.

Messages for user+alias@domain.com will go to user@domain.com. It can be useful for spam origin analysis if a unique alias is used for each online service when registering. For example, bank+user@domain.com, cryptoexchenge+user@domain.com, and so on.

Directory Filter

Create directories of filters for different purposes. This will help protect against phishing and clogging your inbox. The message for user-dir@domain.com will create a dir directory in the user@domain.com mailbox and all mail will arrive in the dir directory.

Examples:

  • user-w@domain.com - for registering with web services
  • user-shops - for web-stores
  • user-pay - payment systems
  • user-forum - forum notifications

Features

  • Email is over 50 years old. In IT, this is a sign of maturity and reliability of the technology.
  • Email is the most popular way to get infected with viruses (after hacked software and cracks).
  • Beware of phishing (fraudulent emails), it can rob you of your savings and control over your digital life.

Sending email does not work

Sending email may be blocked by your provider.

Hetzner responds that they do indeed block the email for new accounts. After one month of server operation and the first successful payment, Hetzner asks to contact support to clarify the reasons for using email. You may mention that you plan to use email to communicate with users of your services.

With DigitalOcean, such a problem has not been observed, but if you have encountered this, try to get in touch with the hosting support.

7 - Nextcloud

Swiss knife in the business of working together

Collaboration means file storage, document management, video conferencing, shared event calendars, and things like that. As a rule, people tend to trust personal life and business to third-party services. However, there is an option to keep it all on your own server.

We choose Nextcloud - free software for convenient scheduling and file storage.

Authentication

When creating a server, admin Nextcloud user is created with the password you’ve used for your primary user.

To add new users, go to the user administration panel, on the web interface of your Nextcloud.

  • WEB interface: available after SelfPrivacy server configuration, at https://cloud.YOUR.DOMAIN
  • Official application (GNU/Linux, Windows, macOS, Android, iOS)

How to reset the admin password

To follow the steps below, you’ll need to connect to the server via SSH with administrative rights. A basic understanding of the command line is beneficial ;)

For detailed connection instructions, click here.

After connecting, enter the following command:

nextcloud-occ user:resetpassword admin

You will prompted for a new password, the characters will be hidden.

FAQ

Nextcloud Updater does not work

It’s fine, it should be. Nextcloud is updated via NixOS, and depends on our NixOS repository. Everything happens without your intervention.

Why can’t I use my Nextcloud in third-party services?

This can happen if the third-party service has a restriction to only connect to a specific Nextcloud instance.

Should I use an extension to encrypt my Nextcloud?

We do not recommend it. The encryption keys are stored on the server, which makes such encryption practically useless.