Philosophy

The Issue

Open Source Software exists! Great! But, one issue persists: distribution and hosting. Many services distribute open source software without disclosing their full stack publicly. Part of that issue is proprietary distribution backends. But enabeling self-hosting by open-sourcing the server software is not sufficient. The missing part? The server software might be open source, but how exactly it is installed on a server is not. That means we can not take a a look at what servers do internally and we can not open pull requests to improve a servers software stack. Closed software stacks on servers has many implications. Not only do users have to blindly trust a server owner: A server that can not be reproduced in case it looses funding is essentially lost to the ages. Security audits are significantly harder if the exact software stack being used is not disclosed and can not be reproduced in a testing environment. Maintenance is also harder, as one can never be quite certain your test platform is sufficiently comparable to the production environment.

Existing Tools

There is two requirements to fix all these issues: First, all the code the server is running needs to be open source, including their specific configuration. Second, replicating the specific setup needs to be as easy as possible. Publicly disclosing source code is a solved problem: git exists since 2005 and is open source. Even better, most software one installs on a linux-based server is already open source. This enables the use of an existing mainstream operating system without needing to actually compile everything from source (or, even worse, writing our own operating system!). The remaining issue is reproducing the exact running software stack should you choose to, ideally in a way where as little as possible manual interaction is required to achieve a setup that is in all relevant aspects comparable. A solution for this exists too: The Nix package manager (more specifically, NixOS) allows defining pretty much everything needed to host a server from a set of configuration files that can be versioned with git. Nix specifically aims to be reproducible. It allows customizing installed software with patch sets as well as being remarkably stable over updates (in terms of packages; the config might need tweaking every so often).

This Website

This server runs NixOS. It also hosts the config determining the complete setup on its own Gitea instance. This means, in theory: Anyone can host a server with the same services with little effort. It also means any user of this server can go and look what software stack they are trusting. Anyone interested in examining security of this server can make a clone and test on that.

Limitations

User data is sensitive data. NixOS allows openly displaying the software stack the server is running. This server does not publicly expose any userdata or is at least not intended to do that. If userdata is accidentially being leaked, please report that sensibly.
Apart from userdata, there is other sensitive data on a server. Namely, secrets of any type: logins to ssh, databases, admin panels, email accounts and similar. NixOS, more specifically the agenix module, allows securely saving those secrets encrypted. These secrets are still openly visible, but only in their encrypted form. Be aware: The secrets that are openly visible (but encrypted) are secrets relevant for administrative tasks and system operations only. No user logins are displayed publicly, not even in their encrypted form. That would be a security disaster, as attacking weak user passwords with a rainbow table would be jokingly easy. Still: get yourself strong passwords, it is not hard, is literally free, and keeps you secure!
IF YOU DO NOT TRUST THIS SERVER, DO NOT USE IT! I understand this approach is on the radical side. In my opinion, it is simply the logical continuation of rejecting the concept security by obscurity.