My home in the fediverse: Mastodon on a Raspberry Pi
This is not a complete write-up (far from it), but since a few people have asked, here are some barebones details of my Mastodon server.
(Note: I am utterly unconvinced that self-hosting is the right answer for most people, or is the answer to online privacy or other problems.)
Hardware
Raspberry Pi 4, 4GB, with the PoE+ HAT.
Network
It is on its own VLAN.
My Raspberry Pis are in cheap-ish racks.
They are powered via PoE, fed from a couple of UniFi switches.
In case anyone cares, here’s what my network traffic graph has looked like for the last day, for a single-user instance of Mastodon, with one not terribly popular user (me!).
It shows an average network throughput of roughly 1Mbit from midnight until 19:00, after which it rises to about 10Mbit. There is a peak of 100Mbit at 01:00, which is probably a backup rather than mastodon traffic.
It looked a lot less than this a couple of weeks ago!
Operating system
My “usual” build of Raspberry Pi OS.
It is the standard Raspberry Pi OS (so, Debian), which I have tweaked so:
-
it has LUKS full disk encryption, with
dropbear-ssh
for remote unlocking of the disk pre-boot (howto). -
it has some standard security mechanisms applied. Locked-down SSH, ufw for firewalling, vulnerability scanning (via greenbone), on-device scanning, and so on.
Here’s a snapshot of CPU and RAM usage:
%Cpu(s): 21.9 us, 6.7 sy, 0.0 ni, 0.0 id, 70.2 wa, 0.0 hi, 1.2 si, 0.0 st
MiB Mem : 3795.0 total, 168.7 free, 2493.4 used, 1132.9 buff/cache
And usage is predominantly Mastodon-related:
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
529531 mastodon 20 0 3393116 959352 9804 S 77.8 24.7 3622:22 bundle
965302 redis 20 0 131140 54160 1540 R 31.5 1.4 2512:16 redis-server
Software
I use the source-based installation of Mastodon.
In front of it is nginx
, as a reverse-proxy. nginx handles TLS, proxying traffic to the mastodon instance.
cronjobs
I’ve a couple of cronjobs.
One backs the system up automatically to a remote system.
The other runs the tootctl media remove
command, to wipe all but the last seven days of media.
These each run daily.
Sign-ups
I am the only user of the server. I have an account for me (mastodon.neilzone.co.uk/@neil, and an account for my business, decoded.legal, but I don’t use that.
I have zero interest in opening the server up to others, as that brings hassles and complexity that I just don’t want!
I use the option for MFA via hardware security keys.
Clients
On my Android phone, I use Twidere. It also lets me cross-post with Twitter.
On my computer(s), I just use the Mastodon web interface, in Advanced mode. If the superb Twitter client cawbird one day supports the fediverse, then I might use that instead.
I occasionally use an iPad (my hunt for a Linux tablet is one for another day), and on that I use Tootle.
You may also like:
- Migrating mastodon to Debian 11 Bullseye: fixing the segfault
- Raspberry Pi 4 with the PoE+ HAT: LUKS and a working fan
- Installing vanilla Debian 11 on a Raspberry Pi 4
- Fixing 'ERROR: could not insert v4l2loopback: Key was rejected by service' when using linux-surface on Debian 11
- Running the greenbone OpenVAS vulnerability scanner on a Raspberry Pi 4
- SurfaceBook 2 13: keyboard layout for English
- 'Self-host it' is not the answer
- A year with password manager bitwarden
- PinePhone (Pro) keyboard case v. Planet Gemini v GPD Pocket 2: a photo comparison
- Cloning a Raspberry Pi installation: slow, but working
- Changing a (known) LUKS passphrase
- Migrating mastodon to a Raspberry Pi 4
- There is no i in Teams. And rarely a Neil
- Moving from macOS to Debian 11 Bullseye Linux: applications
- Aztine 15.6 Portable Monitor with Debian 11 on a Surface Pro 6