The Small Business Server Stack

Small and medium businesses are in a difficult position concerning technology and computers.
Most of you are in survival mode to be able to operate.

  • You cannot afford expensive hardware equipment.
  • You cannot subscribe to enterprise cloud solutions.
  • You cannot hire the top talent for 24/7.

Probably an acquaintance or relative helps you – or a small company suggested by them.

  • Some of them push you to go to the cloud. Save on the hardware costs.
  • Many of them advise you to purchase your own servers and install expensive software.

They may be right, but you can mitigate the pressure on your finances.

IT infrastructure for small and medium businesses should not be expensive or overly complex.
The system should be architecturally sound and stable for future expansion.

Linux – The Server Environment

Linux is the kernel at the heart of many operating systems.
Linux has been free and open source since its first public release.
Battle-tested. Stable.

Linux powers some supercomputers and even the ISS.
Linux is used by top-tier banks, research labs and even in military organizations.

If Linux can reliably power environments of that scale, it is also an excellent choice for many small and medium businesses.
You can choose between “flavors” of Linux: distributions.
Different companies and communities package the system and its tools in different ways.

Debian is an old and stable Linux distribution.
For server workload it is among the best choices.

If you need more information about Linux servers, contact us for a professional consultancy.

Btrfs – Maintain Flexibility

Traditional storage stacks based on LVM with ext4 or XFS are mature and reliable, but they can be less flexible when storage requirements change.

As a small or medium business you need flexibility.

Btrfs is a modern filesystem designed for flexible storage management.

You can enjoy its functions like:

  • compression
  • snapshots
  • quotas
  • subvolumes
  • efficient incremental backups

LXC – Lightweight OS Containers

When you talk about containers – most people think of application container technology.
You can use OS containers with LXC/LXD.

These are lightweight, isolated systems.
They are not virtual machines, but they behave like them.

With LXC you can separate your services, isolate the processes and mitigate the blast radius of a possible breach.

LXC gives you:

  • Independent Linux containers.
  • Snapshot and restore functions (on Btrfs).
  • Fast container cloning.

If you want to learn more about LXC – contact us for a consultancy.

Text Communications

IRC – an old text-based chat platform. Suitable for ChatOps and alerting for small teams.
Multiple channels, permissions and channel modes make it highly configurable.
A “services” platform can keep the nicknames and channels registered and maintained.
Small programs called “bots” can send alerts, maintain channels and roles.
IRC has a very small footprint; it can run on a Raspberry Pi.

XMPP – an open messaging platform. With additions it supports 1-to-1 calls, video calls.
Multi-user chat rooms can be configured with basic role-based access control.
End-to-end encrypted chat is possible with OMEMO.

You don’t need a cloud-based communications platform subscription.
You can have all your data and chats locally.

Keep it self-hosted. Keep it safe.

Source Control Management

Gitea is an excellent Git GUI and project management tool.
It’s lightweight enough for a modest server.
Your source code, configuration and sometimes even documentation will be fine.

GitLab has a community version as well.
It’s more resource-intensive, but it can give you more features.
If you plan to implement CI/CD, then this SCM is the right self-hosted choice.

Automation

Ansible is a standard today to automate the configuration management of Linux servers.
It can deploy, configure and maintain operating systems, services, containers and virtual machines.
For any small or medium business proper automation is a must from the start.

Monitoring

Nagios is an old and trusted monitoring framework.
It keeps an eye on your system when no one is there.
It can alert operators before small problems become major outages.

With well-planned monitoring the system can keep an eye on its own health.

Backup

Without a reliable backup solution a small system issue can cause a huge disaster.
There are many mature open source backup solutions.
Borg Backup is one of the most established choices.

  • deduplication
  • compression
  • retention policies
  • encryption

It’s not enough to take backups.
Test/validate them regularly.

A wrong backup is the same as no backup.

More Tools

The mentioned tools are just the foundation.
Small and medium businesses should take advantage of the free and open source ecosystem.

You don’t necessarily need an enterprise-sized IT budget.
You need careful architectural planning.
A stack that can scale.
A system that grows with your business.

What you build today will be with you for years.

Final Thoughts

For a modern small or medium business IT and computer systems are crucial.
The architecture and its documentation must be the solid ground for growth.

If you:

  1. run a small or medium business,
  2. want to improve your IT foundation,
  3. need help planning your system architecture, or
  4. would like an independent review,

reach out to us for a one-to-one consultancy.

Use ZFS The Architect Way

A major system upgrade.
A risky configuration change.
Testing a new application.

On traditional filesystems, recovery usually means restoring from backups.
Sometimes it requires reinstalling the system entirely.

OpenZFS provides tools for managing risk.
Snapshotsdataset propertiescompression, and encryption can be managed directly by the filesystem.

OpenZFS is more than a filesystem.
It is a filesystem and volume manager designed to simplify storage administration.

Continue reading “Use ZFS The Architect Way”

FreeBSD Jails

The classic system administration changed a lot in a decade.
Virtualization and container technology went through a remarkable improvement.

They have a stable place in the systems:

  • Virtual machines run almost isolated from the host system.
  • Containers sit on the top of the same kernel bringing a lightweight separation.

FreeBSD Jails don’t compete with containers.
They don’t substitute virtual machines.
Jails just fill a gap.

Continue reading “FreeBSD Jails”

Matrix Homeserver As Hidden Service Over Tor (Synapse)

Matrix as a hidden service over Tor can increase privacy.
You already learned during our “hidden service” series:

that Tor is not an invisible cape. It’s not full-anonymity.
Using Tor you can maintain better privacy and OPSEC.
It’s a better protection against metadata leaks if you use it carefully.

Continue reading “Matrix Homeserver As Hidden Service Over Tor (Synapse)”

Protect Your Privacy With An XMPP Tor Hidden Service (Prosody)

The world is changing fast.
Yesterday’s mistake becomes today’s data leak – and tomorrow’s compromise.

Privacy is not a default setting.
It’s constant configuration and calibration.

You know how to install an IRC server as a Tor hidden service.
You’ve seen the modern features and modularity of the XMPP protocol.

A Tor hidden service protects both the server and the user.
This setup is designed to reduce exposure of IP addresses and limit metadata leakage.
It does not protect against compromised endpoints or user mistakes.

Continue reading “Protect Your Privacy With An XMPP Tor Hidden Service (Prosody)”

Run IRC As A Tor Hidden Service (Inspircd + Anope)

IRC with InspIRCd and Anope works well as an internet-facing service.
Your domain name, the TLS certificates and SASL authentication make it secure.
Cloaking hides your address from other users.

But what about IRC Operators and Network Admins?
They can see the addresses/hosts the clients connect from.

As an IRC Operator you can increase the trust in your services.

You will learn now how to run InspIRCd as a Tor-only hidden service.

Continue reading “Run IRC As A Tor Hidden Service (Inspircd + Anope)”

XMPP – The Middle Ground Of Instant Messaging (Prosody)

XMPP or Extensible Messaging and Presence Protocol is an open communication protocol.
It has been actively developed since it was introduced in 1999.
Over time, a large part of its user base migrated to centralized cloud platforms.

IRC is a simple, reliable, text-based protocol.
Matrix is a robust but more complex protocol with higher resource requirements.
XMPP sits between them, closer to IRC in simplicity while offering more modern features.

In this article you will learn to install a private, non-federated XMPP server.

Continue reading “XMPP – The Middle Ground Of Instant Messaging (Prosody)”

Build A Modular IRC Server In 2026 (Inspircd + Anope)

You saw the simplicity of Ergo Chat.
Now you think about how to build a modern, modular IRC server – like in the old days.

  • Inspircd is a modern IRC server.
  • Anope is a services bot.

Together they form the base of a stable and reliable communications service.

In 2026 IRC may not be the primary comms channel, but it’s perfect for secondary/backup.

Continue reading “Build A Modular IRC Server In 2026 (Inspircd + Anope)”

Run Your Own IRC Server (Ergo Chat)

Want a private comms channel without relying on Discord or Slack?
IRC is alive, and you can run your own today.

A small, well-configured IRC server gives you privacy, control, and minimal attack surface – all in a few commands.

Some people think that IRC is dead.
Some of them don’t even know what is it.
They’re young, grew up on modern comms.

IRC is the protocol that laid the foundation of modern chats.

Networks used large footprint ircd daemons for the base.
They registered services daemons for channel and nick retention.
TLS settings were rare and uncomfortable.
SASL authentication was hardly set.

Then new developments appeared.
The old technology got a modern revision.

Continue reading “Run Your Own IRC Server (Ergo Chat)”

The Operator’s KVM Bible

When the enterprise behind one of the widespread hypervisors was acquired:
many sysadmins decided to move on.

  • Most of them chose a Linux-based open-source alternative.
  • Many of them migrated to the Microsoft ecosystem.
  • They chased the same workflow, the same features they had before.

Only a very few operators dared to rework their processes and architecture.

KVM (Kernel-based Virtual Machines) is part of the Linux kernel.
It is a stable and fast hypervisor.

  • A carefully configured host OS for KVM can reduce the attack surface compared to feature-heavy hypervisors.
  • The libvirt API enables secure automation and configuration management.
  • KVM can host Linux, Windows and BSD virtual machines as well.
  • It ships an ecosystem of mature tools for the operators in charge.

KVM is not a downgrade. It’s a sideways step.

Continue reading “The Operator’s KVM Bible”

Gitea – Ansible Installer Role

Automation and configuration management are not just about comfort.
They provide security, auditability and operational freedom.

For this reason Tom’s IT Cafe provides an Ansible role that:

  1. Downloads and installs the Gitea Linux binary
  2. Sets up a system service (as a non-root user)
  3. Sets up PostgreSQL (or SQLite for lightweight setups)
  4. Optionally sets up a reverse proxy with Certbot or self-signed keys
  5. Highly configurable through variables

The role focuses on a small, auditable code base with strong security.

Continue reading “Gitea – Ansible Installer Role”