This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Available services

What services are available and how to use them

1 - E-mail

Self-hosted e-mail service

E-mail is a time-tested protocol that needs no introduction. A personal mail server will provide special privacy for all correspondence and is useful for registering in online services and personal correspondence, especially for Delta.Chat.

Authentication

Users from the “users” tab of your app are used.

Connection configuration

Login must the username with the domain. For example, user@domain.tld.

SMTP

SMTP Server: your.domain

SMTP Port: 587

Authentication: STARTLS

Username: your_username@your.domain (your full email address)

IMAP

IMAP Server: your.domain

IMAP Port: 143

Authentication: STARTLS

Username: your_username@your.domain (your full email address)

Configuration example for Mozilla Thunderbird

What do we use as our email server?

On the deployed server, the following components are responsible for sending, receiving, filtering emails:

  • Postfix — SMTP server;
  • Dovecot 2 — IMAP server;
  • Rspamd — SPAM filter;

Tips

Alias for addresses

Use aliases for questionable services or one-time needs.

Messages for user+alias@domain.com will go to user@domain.com. It can be useful for spam origin analysis if a unique alias is used for each online service when registering. For example, bank+user@domain.com, cryptoexchenge+user@domain.com, and so on.

Directory Filter

Create directories of filters for different purposes. This will help protect against phishing and clogging your inbox. The message for user-dir@domain.com will create a dir directory in the user@domain.com mailbox and all mail will arrive in the dir directory.

Examples:

  • user-w@domain.com - for registering with web services
  • user-shops - for web-stores
  • user-pay - payment systems
  • user-forum - forum notifications

Features

  • Email is over 50 years old. In IT, this is a sign of maturity and reliability of the technology.
  • Email is the most popular way to get infected with viruses (after hacked software and cracks).
  • Beware of phishing (fraudulent emails), it can rob you of your savings and control over your digital life.

Sending email does not work

Sending email may be blocked by your provider.

Hetzner responds that they do indeed block the email for new accounts. After one month of server operation and the first successful payment, Hetzner asks to contact support to clarify the reasons for using email. You may mention that you plan to use email to communicate with users of your services.

With DigitalOcean, you can’t send emails at all. They would tell you to use a third-party service like SendGrid as a relay. You can track the status of relay support in SelfPrivacy in the issue.

2 - Nextcloud

Swiss knife in the business of working together

Collaboration means file storage, document management, video conferencing, shared event calendars, and things like that. As a rule, people tend to trust personal life and business to third-party services. However, there is an option to keep it all on your own server.

We choose Nextcloud - free software for convenient scheduling and file storage.

Authentication

When creating a server, admin Nextcloud user is created with the password you’ve used for your primary user.

To add new users,

  1. go to the user administration panel, on the web interface of your Nextcloud.
  1. Click the New User button.

How to reset the admin password

To follow the steps below, you’ll need to connect to the server via SSH with administrative rights. A basic understanding of the command line is beneficial ;)

For detailed connection instructions, click here.

After connecting, enter the following command:

nextcloud-occ user:resetpassword admin

You will prompted for a new password, the characters will be hidden.

FAQ

Nextcloud Updater does not work

It’s fine, it should be. Nextcloud is updated via NixOS, and depends on our NixOS repository. Everything happens without your intervention.

Why can’t I use my Nextcloud in third-party services?

This can happen if the third-party service has a restriction to only connect to a specific Nextcloud instance.

Should I use an extension to encrypt my Nextcloud?

We do not recommend it. The encryption keys are stored on the server, which makes such encryption practically useless.

Adding Contacts

  1. Open your Nextcloud, click on the contacts icon in the top right corner. Then click on “Install the Contacts app”.
  1. Click “Download and enable”.
  1. Now you have a new item in the menu.

Adding Calendar

  1. Click on your profile avatar in the top right corner.

  2. In the dropdown menu, click “Apps”.

  3. You will be taken to the app store, go to the “Organization” category and find the “Calendar” app.

  4. Click “Download and enable”.

  1. You now have another new item in the menu.

Synchronizing Nextcloud Across Different Devices

Download the Nextcloud main app (GNU/Linux, Windows, macOS, Android, iOS). It will help you synchronize files.

How to set up synchronization for contacts and calendar? Instructions for different systems and applications.

How to Synchronize Nextcloud with an Android Smartphone?

  1. Download the DAVx⁵ app on your Android device from F-Droid or the Google Play Store.

  2. Open the app, and create a new account by tapping the “plus” button.

  3. In the account creation menu, select the last option “Nextcloud”.

  4. The app will prompt you to enter the URL of your Nextcloud instance. The URL should look like: https://cloud.YOUR.DOMAIN.

  5. A browser will open. You need to log into your Nextcloud account and grant access.

  1. Return to the DAVx⁵ app. For the name, enter the email address registered in your Nextcloud account settings.

  2. In the “Contact group method” section, choose “Groups are categories of contacts”.

  1. Select the data you want to synchronize.

3 - Gitea

Gitea is a self-hosted Git service

In the age of computer technology, a lot of people deal with program code or configs. The version control system Git is widely used in order not to get confused with them. You can often find links to centralized git-hosting where the security (and sometimes privacy) of the code is questionable.

Owning your own git hosting allows you to store personal files on a private server. One of the best free (as freedom) git-hosting sites is - Gitea. It has all the necessary functionality and a convenient web interface.

If you want a client with a graphical interface, you can choose it from list of recommendations on the official website.

4 - Delta.Chat

E-mail-based messenger with end-to-end encryption

Messengers like Telegram, Signal, Whatsapp cannot be private due to the peculiarity of their architecture - centralization. And peer-to-peer (p2p) services like Tox consume too many resources and are inconvenient to use on a mobile device.

The best solution is to use your mail server for Delta.Chat. Delta.Chat is a messenger based on the email protocol.

If your conversation partner doesn’t use Delta.Chat, it will be just an ordinary email correspondence for him.

Features of Delta.Chat

  • Regular email client with all the features of IM.
  • Reliable end-to-end encryption (e2e), provided a personal email server is used by both interlocutors or a personal key exchange, such as via QR code.
  • Can use any email server, but then you lose control over the meta-information and risk key-swapping man-in-the-middle attack.
  • Slightly slower than usual messengers
  • First message is not encrypted because public encryption keys are sent with it.
  • There are problems with sending files > 5-7MB.
  • There are no convenient channels (chats for mass discussions and sending out information).

5 - Jitsi

Video conference

Zoom and Google Meet are proprietary software that have limitations in their free versions and do not provide access to their clients’ source code.

But there is an alternative — Jitsi, which is an open source videoconferencing service with similar functionality to its proprietary counterparts.

Features of Jitsi

  • Does not require registration;
  • Uses avatar from gravatar.com if you specify mail (may violate privacy!);

6 - Bitwarden

Your password manager

Information security experts recommend using complex passwords and creating a unique one for each account. Even three or four passwords are difficult to remember, so people often use the same password or similar ones. A password manager solves this problem: it generates complex passwords and stores them in a convenient form.

Bitwarden can be downloaded and configured on your server, which is what we use as part of the SelfPrivacy project. Unlike other free (like freedom) password managers, Bitwarden provides easy synchronization of one database between all devices.

Setting an admin token manually

First, we have to generate an admin token. Run the following:

nix-shell -p openssl --run 'openssl rand -base64 48'

It will output a string like this:

47pFSgYBbS0G0vCG63nX1yyblzgNaqZ40bNuJnwq2hvOy8ABfe+iHRfBeXlfrRdJ

This will be a password to your admin account. Copy it and paste it somewhere safe. To set it, we will run the following, replacing PASSWORD with the password you just generated:

jq '.bitwarden.adminToken = "PASSWORD"' /etc/selfprivacy/secrets.json > /etc/selfprivacy/secrets.json.new && mv /etc/selfprivacy/secrets.json.new /etc/selfprivacy/secrets.json

Now, we have to apply the changes. To do this, press “Upgrade server” in your app. After the upgrade is complete, restart Bitwarden using the app.

Now, your admin interface is available on https://password.YOUR.DOMAIN/admin.