Personal Digital Sovereignty

Brand Arch

Sindri Research LLC as parent - The Forge -> public research output (website)

Cyberdeck and Hub

• Mjolnir -> daily-driver cyberdeck
• Draupnir -> modular expansion deck or central hub (Draupnir drips eight new rings every nine nights, the metaphor for a hub that spawns child services and edge nodes.
• Gullinbursti -> e-paper / long-battery field deck
• Skioblaonir -> a foldable/portable deck. Mythological ship folds into a pocket and always has fair wind

For sub-systems on the hub: - Yggdrasil -> ZFS pool / storage tree (the world-tree connecting all data realms) - Mimisbrunnr -> document archive - Huginn & Muninn -> monitoring/telemetry ravens ( though and memory) reporting back from edge nodes - Heimdall -> IDS/monitoring stack (watchman who sees and hears everything)

Why

Early 2000s feel different in retrospect not because tech was better but because the locus of control was the user’s machine. You ripped your own CDs, photos lived on My Pictures, you owned MP3 files, software was a binary you installed, not a tab in the browser. This is an attempt to reconstitute that posture using contemporary hardware, while harvesting the genuine advances in tech (cheap ARM SoCs, low-power radios, e-paper, mature filesystems, ubiquitous SSDs)

Three intellectual currents: - Permacomputing: by Ville-Matias “Viznut” Heikkila and amplified by collectives like Hundred Rabbits, applies permaculture’s ethics, Earth Care, People Care, Fair Share, to computers: max hardware lifespan, minimize energy use, prefer the already-available over the new. - Local-first software: Ink & Switch’s 2019 essay by Kleppmann, Wiggins, van Hardenberg and McGranaghan, inverts cloud orthodoxy:; the device holds the primary copy; network is for collaboration and backup. - Suckless / Unix philosophy: insists that simplicity is a feature, not a deficiency.

Operating Substrate

For a CyberVault server (always-on Raspberry Pi hub), Alpine linux or something like it. Reasons for Alpine: - musl: binary size, startup time, attack surface, static linking ergonomics. Excellent for Go/Rust/Zig/C services where you control the build. - glibc: pre-compiled binary compatibility, Python wheels from PyPI (musl forces source builds, which on a Pi 4 hurts), DNS resolution quirks (musl queries /etc/resolv.conf entries in parallel, which can break with picky DNS servers), proprietary software

Alpine on servers where we run small Go/Rust/C daemons and Docker/Podman containers Raspberry Pi OS Lite or Debian on the cyberdeck

Prefer statically-compiled single-file binaries like restic, caddy, rclone, syncthing, mosquitto, prosody, navidrome, gotosocial, miniflux, tinyssh. Implements the suckless ethos applied to deployment: no node modeuls, no python venvs, no docker daemon required

Service layer

Media (movies, tv, music)

• Jellyfin? (open source, no telemetry, hardware-accelerated transcoding via VAAPI/QSV)

• Or ReadyMedia or Gerbera -> old-school C-based UPnp/DLNA servers that simply expose folders on LAN; VLC or Kodi on the client does the playback.

• Maybe Jellyfin for when guests visit, and ReadyMedia for daily local use

• Music: MPD + ncmpcpp (canonical suckless answer). MPD is C daemon that plays music and exposes a socket; ncmpcpp is a TUI. ympd / myMPD tiny web UI if needed. Smartphone friendly Subsonic-compatible server with a polished UI, Navidrome.

• Photos: PhotoPrism or just a file share on the Pi

Sync and files

• Syncthing (Go)
• rclone + rsync over SSH: one-way archival sync to/from a backup Pi or external drive
• WebDAV via nginx or Caddy: for read-only browser/iOS access
• Backup: restic (Go) for nightly snapshots to two destinations (attached USB drive, remote VPS or a friend’s Pi via SFTP)
• SnapRAID + mergerfs media collection grows past one disk and want parity

Reverse proxy / TLS

• Caddy: least resistance
• nginx: maximum efficiency, mature config, and don’t mind running certbot if you do use
• OpenBSD httpd: absolute simplest TLS server that fits with suckless
• Traefik: high volume with lots of services (Kubernetes) only use if high availability and demanding service

Containers vs bare metal

• bare metal: systemd unit wherever a static binary exists
• podman: few apps that need isoliation (Jellyfin, PhotoPrism, anything with Postgres deps)
• systemd-nspawn and LXC: middle grounds, full OS isolation and align well with permacomputing instinct

Communication

• Matrix/Synapse are big (need to look into these more)
• Prosody: (Lua) XMPP, federates with rest of XMPP world, paired with Snikket distribution
• Dendrite (Go) must speak Matrix for interop reasons
• Local IRC (ngircd, ~1MB RAM), pair with The Lounge as web client, WeeChat in tmux on cyberdeck.
• Meshtastic / MeshCore
• Self-hosted email or RSS: mailcow or mail-in-a-box, or Miniflux (Go) for RSS instead
• Tor hidden service: remote access with exposing ports

Hardware

• Hackberry Pi CM5
• Decktility
• Penkesu
• Clockwork uConsole / DevTerm
• Pelican-case “field decks”