Overview
I built a fully self-hosted server on Debian to manage networking, mail, and privacy for my personal systems. The setup includes a WireGuard VPN for secure remote access, AdGuard Home for DNS-level ad blocking, and a Postfix/Dovecot mail stack with SPF, DKIM, and DMARC authentication. This project taught me how to deploy, secure, and maintain production-grade infrastructure from the ground up.
Stack & Technologies
| Operating System | Debian 12 |
|---|---|
| Networking | WireGuard VPN, iptables / ufw |
| DNS Filtering | AdGuard Home |
| Mail Stack | Postfix, Dovecot, OpenDKIM |
| Security & Auth | SPF, DKIM, DMARC, TLS (Certbot) |
| Containerization | Docker, Docker Compose |
| Monitoring | Prometheus, Grafana |
| Automation | Bash Scripting, Cron Jobs |
Architecture
[ Client Devices ]
│
▼
[ WireGuard VPN Tunnel ]
│
▼
[ Debian Host Server ]
├── AdGuard Home → DNS Filtering
├── Postfix + Dovecot → Mail Services
├── OpenDKIM / SPF / DMARC → Authentication
├── Docker Containers → Monitoring & Logging
└── Certbot + Cron → Auto SSL Renewal
Key Features
- WireGuard VPN for secure remote access.
- AdGuard Home for DNS-level ad blocking and tracking protection.
- Postfix + Dovecot mail server with SPF, DKIM, and DMARC authentication.
- Dockerized monitoring via Prometheus and Grafana.
- Automatic SSL renewal, firewall hardening, and uptime optimization.
What I Learned
- Advanced Linux administration and server hardening.
- VPN tunnel setup, DNS routing, and email authentication protocols.
- Deploying modular services with Docker and automation via Bash/Cron.
- Troubleshooting, optimization, and resource monitoring for 24/7 uptime.
Outcomes
- ✅ 99% server uptime over several months.
- ✅ Fully authenticated outgoing mail (SPF/DKIM/DMARC passing).
- ✅ Secure VPN and ad-free DNS across all connected devices.
- ✅ Self-contained, privacy-focused infrastructure with zero cloud dependency.
