Web presence architecture ideas wanted

I want a grand (big picture) architecture that I can begin working toward, and I am hoping for some pointers/structure I can hang new ideas/learnings onto.

The goal:
I want to build a web presence that contains pictures and mathematics like one by Arvind Rao. Notably, Arvind’s blog can be scaled up or down in a browser (ctrl scroll-wheel), and everything changes proportionally (no chucky bits). Arvind uses Jekyll and MathJax as posted on Quorum. I want this primarily for my own reference, but I’d be happy if others find it useful. I am pretty sure the site won’t ever see much traffic.

I want to divorce personal email from Google by using something like Tutanoa.

I also want the capability to add downloadable content (data tables, shell scripts, …) if needed.

Finally, I want to work with stable providers and be independent of any particular provider. I want to structure it all so it is a) moveable and b) easily understood by a reasonably skilled Linux professional. Item b ensures I have a hope of doing routine maintenance myself and get professional help as needed.

KISS (keep it simple stupid) vs. high speed, slick or flashy. I need interfaces that don’t change and services that don’t break, and I want as few dependencies between parts so things are easily patched (because of new web attacks, …).

Idea so far:
Use a virtual private server to host the presence.

Administer the virtual server from my home linux system using a secure outbound only connection.

Make a static web page (Jekyll+MathJax).

I have no idea how fit Tutanoa into the scheme.

I’ve never dealt with any of these, so comments and suggestions are appreciated. In particular, anything resembling an ordered list of things to do. Please feel free to constructively criticise. My background has many holes in it, so please err on the side of using full names so I can search using them.

For my site, I use Pelican, which I see is a competitor to Jekyll, and a quick search found some people using MathJax with it. So, you’re on the right track with Jekyll there.

I personally run my own mail server, but I also have email at protonmail, and a quick read shows that you’re on the right track with Tutanoa. You would just configure your mail client to use their mail servers, or you would use their mail client, and either way you would have people use your address there instead of your gmail address.

I run my public VMs at DigitalOcean, and I automate the install with infrastructure-as-code concepts, so moving to a new hosting provider would be pretty simple. I use WireGuard in my network, and I connect to my DigitalOcean VMs over WireGuard (inbound SSH to them is blocked at the DO firewall). I have a more complicated setup than you would want, but a simple setup using a single WireGuard tunnel from your home-based Linux system to your DOVM would be fine, or a single ZeroTier network would be fine.

I love all those names you dropped (Pelican, proton, infrastructure-as-code, …). They help a lot. Things I need to learn about.

You’re referring to the mail client on the VM here?

I’m thinking the place to start is contracting the VM service (like Diginal Ocean), doing an OS install, and setting up something like Wireguard to drive from the linux box in my lab (in that order). That seems like a reasonably complete-in-itself chunk of work to test and learn on.

I was referring to the mail app on your computer/laptop/phone. Instead of connecting your mail app to a Gmail server or a Yahoo server or an iCloud server, you’d connect to a Tutanoa server – that is, assuming they support IMAP. But, I see that Tutanoa (like Protonmail) does not offer IMAP service – so, in that case you would use their mail app.

I have written a lot about my setup on my website – unixdude.net – feel free to ask questions there or here and I’m happy to write about it. Many of my blog posts come from questions about how I have things set up.

Regarding Wireguard, you would connect from your Linux system at home to the one at DigitalOcean: your system at home is almost certainly NATted behind a firewall and on a DHCP address. Your DigitalOcean VM will have a static address that is not NATted, so you can reach it directly.

Were you able to start on this project? I have been for the past year of to wanting to setup a more professional NAS setup that can replace my paid cloud services. No movement there. Been busy, but also I don’t have a clear path forward in my mind.

I’ve been started for a while now, but it takes a long time for me to learn things, and this project is getting low priority time slices. Recently I started a mini-project as a stepping stone: make a website on my minis forum system for my personal use (mostly for notes). I plan to serve the personal site using the same tools (e.g. Jekyll) the public site will use, and it’ll force me to solve the problem of how to co-mingle public and private notes. I’ll add a big drive to it and use it to backup the win 11 pc (need to see if win 11 and samba get along). I’ve had a USB wifi antenna on my desk this last week for which I’m searching for debian drivers. Step 0 in this project is getting a network connection.

In parallel, is my effort to move mail from Google to somewhere else. There are subtle differences between providers, and it’s taking me a long time to understand things well enough to decide. Tuta was a clear favorite for a while (many green check marks), but I recall feeling like they used too-much encryption. A few months ago, I learned of some other services that looked attractive and need looking into. Proton had some bad press a while back; I’m looking for independent and not interested in selling me out. I also recall not understanding how to set them up (++research to do).

Step 0 with the minis forum system seems like the right one, as it’ll get me back into the groove of basic sys admin and networking for which I’ve forgotten all but the concepts. I can work without fear of failure on this; worst is starting over with build scripts kept on a UBD drive. Once I start backing up my work pc, I’ll be much more cautious. Maybe I’ll get another minis forum just for backups. Hmm. I’m problem solving as I post.