I run a very cheap home serv­er. How cheap? Very, very cheap. Sub Rasp­ber­ry Pi 4 cheap.

It runs a ton of ser­vices, and it al­so works as my "Func­tion­s" serv­er.

What is a func­tions server?

It's a cheap man's AWS Lamb­da which al­lows me to cre­ate small "ser­vices" like this, and de­ploy them au­to­mat­i­cal­ly. It's re­al­ly a game chang­er for sim­ple code avail­abil­i­ty, and it's my favourite way to share func­tion­al­i­ty with oth­er­s.

But some­times a ser­vice re­lies on a 3rd par­ty API, and it needs things like a to­ken to be avail­able. Faasd sup­ports this us­ing their se­cret API. You cre­ate a se­cret like this:

faas-cli secret create whatever

And when you declare in your functions.yml that your function needs a secret:

myfunc:
  lang: python3-fastapi
  handler: ./myfunc
  secrets:
  - whatever

Your code reads a file in /var/openfaas/secrets/whatever and that's all, there is a secret on the server, your app can see it, it's not in the app's code, all good.

Ex­cept ... what hap­pens if you need to re­de­ploy faas­d? You will need to cre­ate the se­cret again! So you need to keep the se­cret some­where.

So­lu­tion: pass

I already use pass to keep many passwords, it's easy to also put secrets there. It manages everything using a git repo, so it's a known factor. You can even do things like add them all inside a faasd/ folder and then recreate them using scripts, like this:

pass faasd/whatever | faas-cli secret create whatever

pass will ask for your mas­ter passphrase, se­cret cre­at­ed. You can even pub­lish your pass re­po since ev­ery­thing in it is en­crypt­ed with gpg, so no­body can re­al­ly read it (don't do that).

So, this so­lu­tion us­es:

• pass
• gpg
• git
• faasd
• shell
• what­ev­er lan­guage and frame­work you use in your code

And ev­ery­thing is seam­less!

I think this is a nice ex­am­ple of how ran­dom tools can con­nect with each oth­er be­cause they all fol­low the unix con­ven­tion about mov­ing things around as tex­t.

This is a longer-term up­date on the state of my home serv­er. You can read more about it in these 1 2 3 4 5 6 post­s.

Hardware

• Got some SS­Ds for cheap, so mi­grat­ed it from HDDs to SDDs. Thanks to btrf­s, I could even do that with­out turn­ing the thing of­f.
• Did some ex­per­i­ments to mea­sure pow­er us­age. It's around 8W when it goes full throt­tle with heavy disk us­age.
• Work­ing on im­ple­ment­ing a UPS for the whole sys­tem.

Software

Since the last up­date I have added a few new ser­vices:

Filebrowser

I added a we­b-based file­brows­er. It's ... File­brows­er

Why? Be­cause some­times I need to man­age some files. No big deal, al­most nev­er use it.

Ebook Server

It's Kavi­ta and it's pret­ty good, if a lit­tle too ba­sic. I use it to man­age an epub col­lec­tion, and it work­s. Writ­ing scripts to au­to­mat­i­cal­ly tag and add meta­da­ta to ran­dom crap­py ebooks was fun.

Snips

A snip­pet/­paste­bin thing called snip­s.sh and it's re­al­ly nice. I added a small shell script so I can just pipe things to it. I am mak­ing the HTTPS pub­lic at snip­s.ralsi­na.me and keep­ing the SSH pri­vate in my VPN thank you very much.

Had some trou­ble mak­ing it work on ARM be­cause of a ten­sor­flow de­pen­den­cy, but it's run­ning fine.

WatchTower

Watch­tow­er is a tool that mon­i­tors your run­ning con­tain­ers and will dai­ly check if there are new ver­sion­s. If there are, it will up­grade them. Nice to have things up­date unat­tend­ed.

Conclusion

Serv­er is sta­ble