Architecture and creation of the Project Segfault Pubnix

p.psf.lt

What is a Pubnix?

  • A concept from the 90s - basically a shared UNIX Computer
  • Allows users to run software, host their websites and a lot more cool shit

The Tildeverse!

  • Association of Pubnix/Pubinx-Adjacent communities
  • Most of them host extra services like IRC Bouncers
  • PSF is not a Tilde, but its loosely based on the features of various other tildes

Project Segfault

  • We host a shitton of services for people to use for free, and the pubnix!
  • We also make a few of our own privacy frontends, like Mozhi for GTranslate
  • Completely donation-funded, and supported by FOSS United Grants

How we differ from other pubnixes

  • Users can host dynamic websites using our user-specific reverse proxy, alongside access to infinite sub-domains
  • Access to podman & podman-compose for hosting services
  • We also give access to nix, to allow users to download their own software, and a lot more storage than most other pubnixes
  • Pubnix profile, which is a small page with a little bit of info about every user
  • Plus its hosted right here in Mumbai, so its fast as shit for us :D

Nix and le Podman!

  • We run nix on top of our debian install, which basically lets users install whatever they want locally

  • This also allows users to make their configurations reproducible via home-manager

  • <INSERT DEMO OF PODMAN & NIX HERE>

3 layers of Caddyism

  • Every user has a Caddy server running using Unix Domain Socket
  • This is all connected to a root Caddy server on the pubnix
  • The root caddy does all the magic, by applying regexp to the Host header (domain name)

The security factor

  • Pubnix as a concept has pretty shitty security
  • Every user has memory and CPU limits based on /etc/security/limits.conf, to prevent abuse
  • We also have aquota, to make sure users don't go over storage limit
  • Firewalls.. Firewalls and more Firewalls!

Plans for the future

  • Better scalability
  • Real-time abuse prevention
  • Remove need for every user to have a caddy server

Thank You!

Contact me: https://aryak.me
Join PSF: https://psf.lt

Maybe mention authentik soju and geminiproxy

to figure out the username whose user site you try to access

Mention removal of access to local LAN