About
ArchWorks is a small self-hosted corner of the internet, run by a handful of friends and ArchLinux folks who would rather provide their own services than rent themselves to data-harvesting corporations.
Everything below archworks.co runs on hardware we own and software we control. The point is not ideology, it is leverage: when the platform is yours, the rules are yours.
This blog is the workshop notebook side of it. Personal but anonymous, mostly about 3D printers, reverse engineering, infrastructure, and whatever else lands on the bench.
What we replaced#
| Their tool | Our tool | Where |
|---|---|---|
| Google Search | SearXNG | search.archworks.co |
| Google Suite | Nextcloud + OnlyOffice | nextcloud.archworks.co, onlyoffice.archworks.co |
| Gmail | Self-hosted mail | cube.archworks.co |
| Discord / WhatsApp | Element (Matrix) | element.archworks.co |
| Zoom / Teams | Self-hosted calls | call.archworks.co |
| Apple Push / FCM | ntfy | ntfy.archworks.co |
| Netflix / Spotify | Jellyfin | jellyfin.archworks.co |
| Comixology | Kavita | manga.archworks.co |
| Kindle | Calibre Web | read.archworks.co |
| Wikipedia (online) | Kiwix (offline) | kiwi.archworks.co |
| Twitter / X | Mastodon | social.archworks.co |
| GitHub | Gitea | git.archworks.co |
| Evernote | Joplin | joplin.archworks.co |
| Notion / Confluence | DokuWiki | wiki.archworks.co |
| Feedly | Self-hosted RSS | rss.archworks.co |
| ChatGPT | Local LLMs via Open WebUI | chat.archworks.co |
| Google Auth / Okta | Keycloak SSO | auth.archworks.co |
| Various recipe apps | Self-hosted cookbook | cook.archworks.co |
| Smart-home cloud | Home Assistant | home.archworks.co |
How it stays public without being exposed#
The public side of archworks.co runs on a tiny VPS that does not host anything itself. Real services live at home on hardware behind a residential internet line, talking back out to the VPS over a WireGuard tunnel. The VPS is a thin reverse proxy: TLS termination, SNI mux, then the request crosses the tunnel and lands on the internal proxy at home.
The home IP is never published. The VPS IP is publishable because everything sensitive sits behind the tunnel. If the relay ever burns, a new VPS gets the same role in twenty minutes.
Long version of that pattern in the reverse-tunnel post.
Contact#
- Matrix:
@sandwich:archworks.co - Email:
contact@archworks.co