/
Contact
/

Live · rodzinal.pl

Selfsource — infrastructure that works

A self-hosted environment built on Incus. Mail, cloud, webmail and VPN — everything on your own hardware, accessible online and on the local network. No Google, no Microsoft. The infrastructure is live — I'm building the admin panel that lets you set it all up without touching a terminal.

Deployed for rodzinal.pl — home environment running Dodocode business services
rodzinal.plWebsite
mail.rodzinal.plStalwart Mail
m.rodzinal.plRoundcube
cloud.rodzinal.plNextcloud

Stalwart Mail — mail server

Modern mail server supporting SMTP, IMAP and JMAP. High deliverability with SPF, DKIM and DMARC. OAuth2 login support.

  • SMTP / IMAP / JMAP
  • SPF, DKIM, DMARC
  • OAuth2 SSO
  • Antispam and filters

Nextcloud — private cloud

Nextcloud as a replacement for Google Drive and Google Workspace. Files, calendars, contacts — on your own hardware.

  • Files, calendars, contacts
  • OAuth2 login via Stalwart
  • Mobile and desktop apps
  • Server-side encryption

Collabora — document editing

Collabora Online (LibreOffice in the browser) integrated with Nextcloud. Edit .docx, .xlsx, .odt without installing an office suite. Runs internally only — no public endpoint.

  • Edit Office documents in the browser
  • Full Nextcloud integration
  • Isolated container with no external access

Roundcube — webmail

Roundcube as a browser-based mail client. Accessible from any device without installation.

  • Full mail client in the browser
  • Multiple account support
  • Filters and folders

WireGuard VPN

WireGuard creates an encrypted tunnel between the VPS and the company server. This means the company server doesn't need a public IP address — all traffic enters through the VPS.

  • No public IP needed on the company side
  • Encrypted tunnel VPS ↔ server
  • Remote employee access via VPN

SIM card failover

When the main cable connection fails, the system automatically switches to the SIM card connection. Services remain accessible from outside with zero downtime.

  • Automatic failover cable → SIM
  • Zero downtime on connection failure
  • Built-in SIM card as failover

Security

Each service in a separate Incus container. LUKS disk encryption, network isolation, mTLS between components, TLS from container to browser.

  • Incus — container isolation
  • LUKS — disk encryption
  • mTLS — communication encryption
  • HAProxy + Nginx as reverse proxy

Architecture

VPSHAProxy · Panel
⟷ WireGuard VPN ⟷
Company serverIncus containers
Stalwart Mail
Nextcloud
Roundcube
WWW
Read the detailed rodzinal.pl architecture write-up →

Want this environment in your company? I'll deploy it on your hardware.

Contact me