Web presence architecture ideas wanted

I want a grand (big picture) architecture that I can begin working toward, and I am hoping for some pointers/structure I can hang new ideas/learnings onto.

The goal:
I want to build a web presence that contains pictures and mathematics like one by Arvind Rao. Notably, Arvind’s blog can be scaled up or down in a browser (ctrl scroll-wheel), and everything changes proportionally (no chucky bits). Arvind uses Jekyll and MathJax as posted on Quorum. I want this primarily for my own reference, but I’d be happy if others find it useful. I am pretty sure the site won’t ever see much traffic.

I want to divorce personal email from Google by using something like Tutanoa.

I also want the capability to add downloadable content (data tables, shell scripts, …) if needed.

Finally, I want to work with stable providers and be independent of any particular provider. I want to structure it all so it is a) moveable and b) easily understood by a reasonably skilled Linux professional. Item b ensures I have a hope of doing routine maintenance myself and get professional help as needed.

KISS (keep it simple stupid) vs. high speed, slick or flashy. I need interfaces that don’t change and services that don’t break, and I want as few dependencies between parts so things are easily patched (because of new web attacks, …).

Idea so far:
Use a virtual private server to host the presence.

Administer the virtual server from my home linux system using a secure outbound only connection.

Make a static web page (Jekyll+MathJax).

I have no idea how fit Tutanoa into the scheme.

I’ve never dealt with any of these, so comments and suggestions are appreciated. In particular, anything resembling an ordered list of things to do. Please feel free to constructively criticise. My background has many holes in it, so please err on the side of using full names so I can search using them.

For my site, I use Pelican, which I see is a competitor to Jekyll, and a quick search found some people using MathJax with it. So, you’re on the right track with Jekyll there.

I personally run my own mail server, but I also have email at protonmail, and a quick read shows that you’re on the right track with Tutanoa. You would just configure your mail client to use their mail servers, or you would use their mail client, and either way you would have people use your address there instead of your gmail address.

I run my public VMs at DigitalOcean, and I automate the install with infrastructure-as-code concepts, so moving to a new hosting provider would be pretty simple. I use WireGuard in my network, and I connect to my DigitalOcean VMs over WireGuard (inbound SSH to them is blocked at the DO firewall). I have a more complicated setup than you would want, but a simple setup using a single WireGuard tunnel from your home-based Linux system to your DOVM would be fine, or a single ZeroTier network would be fine.

I love all those names you dropped (Pelican, proton, infrastructure-as-code, …). They help a lot. Things I need to learn about.

You’re referring to the mail client on the VM here?

I’m thinking the place to start is contracting the VM service (like Diginal Ocean), doing an OS install, and setting up something like Wireguard to drive from the linux box in my lab (in that order). That seems like a reasonably complete-in-itself chunk of work to test and learn on.

I was referring to the mail app on your computer/laptop/phone. Instead of connecting your mail app to a Gmail server or a Yahoo server or an iCloud server, you’d connect to a Tutanoa server – that is, assuming they support IMAP. But, I see that Tutanoa (like Protonmail) does not offer IMAP service – so, in that case you would use their mail app.

I have written a lot about my setup on my website – unixdude.net – feel free to ask questions there or here and I’m happy to write about it. Many of my blog posts come from questions about how I have things set up.

Regarding Wireguard, you would connect from your Linux system at home to the one at DigitalOcean: your system at home is almost certainly NATted behind a firewall and on a DHCP address. Your DigitalOcean VM will have a static address that is not NATted, so you can reach it directly.