Nīkau Courses

FORTRESS

Inside the walls there thrives a village

Replace the Big Tech stack with privacy preserving, self-hosted and sovereign server infrastructure. Learn tips and tricks coveted by senior system administrators at the highest level of their craft, putting them to use on your own server. Deploy high performance services atop a powerful hypervisor, each carefully isolated to mitigate for a diversity of attack vectors. Monitor and secure the perimeter using active and passive intrusion detection and prevention techniques. Secure your administration work and implement automated backups through your Tunnel VPN. Extend, scale and customise your platform surface to meet the needs of your growing communities.

Design, build, secure, defend, maintain

Fortress is a fully-supported server deployment and sysadmin training intensive for graduates of the Tunnel training.

Fortress significantly extends participant capability, understanding, and tool experience in the deployment, securing, monitoring and scaling of powerful server infrastructure.

Spanning 4 sessions of 6hrs, we deploy a server from the ground up on ‘bare metal’, starting with partition layout and selecting a disk redundancy strategy. Atop this base we install and tightly secure a popular GNU/Linux server operating system. We then make use of a hypervisor and bridge network to run and network powerful virtual machines, each of which hosts a free and open-source service for our community to use.  These alternatives to ‘Big Tech’ platforms will include a high-reputation webmail solution, a cloud service and collaborative document editing. 

With ‘security thinking’ and best practices ever in mind, each service deployed is carefully isolated to mitigate for a variety of advanced attack vectors, all sitting behind a powerful dual-tier firewall that we configure and tune by hand. Seizure resistant, this server holds all its data on a strongly encrypted partition – a brick in the hands of an adversary.

Using the VPN deployed in Tunnel, the sysadmin will securely and privately connect to this server to administer it, and use that same VPN to automate backups to local storage.

Following the live training, 2 full weeks of tuition hours are allocated for participants where they are supported in the deployment of optional additional services, including but not limited to: a forum, websites, blogs, a Mastodon instance, password vault, and code repository.

Drawing from over 2 decades of battle-tested experience spanning countless deployments, Tunnel and Fortress is the penultimate training for those looking to get self-hosting right from the start, providing server infrastructure for groups large and small, while meeting diverse needs and threat mitigations.

These two trainings are worth every second or cent. I’m doing a lot of the covered topics for years now but this moved some of the parts to a complete new level and opened up some new perspectives on things. A clear recommendation. My work and the projects at Collective Zero  will benefit from this.

Thomas Hutmacher (Collective Zero)

We learned to do some genuinely cool stuff with Julian as our guide through the many important but subtle details. If, like me, you ever stared at a mountain of self-hosting guides on the internet and didn’t know where to start or what advice was worth trusting, this course is for you.

Josh Daymude

I recently went through the Tunnel and Fortress training and it’s been a game changer for my sysadmin skills.

I had a bit of experience setting up servers and messing around long enough until they “worked”. Once there though I feared touching anything for fear of breaking it, and did break many things. The Fortress architecture is not only best in class for security it is also modular so I now have room to experiment and even fail in ways that I understand or at least contain.

I am now considering offering digital services to other people which was out of the question before. Would really recommend this training if you want to do sysadmin right. Julian is a great teacher, super generous with his time and knowledge ⭐⭐⭐⭐⭐

David Benque (Project Leader, Cryptpad)

After completing the course I realize how much the course helped me in understanding sysadmin work. You saved me a lot of head banging on the desk and many many months of frustration, because of the high quality of the classes and support.

Rafael

Prior to the course I felt I had a good grasp of things, and I’m pleased to realize that I’ve come quite far in my journey. Yet, the course helped round some of the knowledge that I felt that I was missing, particularly around deploying services out of VMs, as well as techniques to protect our host server from wide array of threats. Most importantly, learning this by the hand of someone as knowledgeable and experienced as you are is of tremendous value to me.

Gabriel Garrido

Q&A

When is the next course?

Fortress is available to graduates of the Tunnel training; the dates for Fortress will be negotiated with participants post graduation.

What skills will I learn?
  • Partitioning server storage
  • Storage redundancy and failure tolerance
  • Advanced UNIX command line
  • Bridged networking
  • Advanced routing
  • Intrusion prevention and detection
  • Data integrity and verification
  • Advanced DNS
  • Server resource monitoring and management
  • Server process management
  • Advanced permissions and privilege separation
  • Deploying and working with databases
  • Securing the transport layer
  • High-reputation mail transport
  • High-performance virtualisation atop a hypervisor
  • Dual stack reverse proxies (IPv4/IPv6)
  • Advanced firewalling
  • Service isolation
  • Server hardening
  • Log management
  • Advanced text file manipulation
  • Webserver tuning and hardening
  • Traffic shaping
  • Operations security core concepts and best practices
  • Password and key hygiene, storage and management
  • Automated off-site encrypted backups
  • Common mistakes and oversights
  • Sysadmin self-care and time-management
  • Server rescue and salvage
  • Selecting and training your backup sysadmin
Will the server I deploy be mine?

Yes, the server you deploy will wholly be yours, private and under your control. This is not a ‘managed server’, maintained by someone else.

Will there be a monthly cost for the server?

Yes, depending on what resources you wish your server to have, you will be looking at between EUR40-EUR60/month.

What prior skills do I need to take this course?

You need to have completed the Tunnel training, or evidence you have experience deploying and securing VPN infrastructure, and have a secured Wireguard VPN of your own for use in the training.

Will the computer I have be OK for this course?

Any laptop or workstation is suitable for the course. GNU/Linux and OS X users have nothing to prepare. Windows users are encouraged to setup WSL on their Windows machines before taking the course. If that is not possible, the Putty client software is fine.

How much does this course cost?

A one-time fee of EUR1200

What payment methods do you accept?

Credit card, bank transfer and AfterPay

Where will my server be?

Your server will be hosted with Hetzner, in either Germany or Finland (the choice is yours)

Will the classes be recorded?

Yes each session will be recorded.

Can I use my own domain with my Fortress server?

Yes your Fortress server will be under a domain that you choose, with each subdomain created representing a service hosted on that same infrastructure.

Will this training be useful for servers hosted at home or work?

The skills learned are as applicable to an on-premises server, as they are a rack server in a datacenter.

Why are you using WordPress for this site?

This site runs WordPress because of certain e-commerce extensions that only exist for WordPress. It is self-hosted and served from a jailed VM.

Your instructor

Julian Oliver is a Critical Engineer, educator, infrastructure activist and electronic artist with over 2 decades of experience in server administration. Thousands of activists rising in defense of people and planet worldwide use secure server infrastructure Julian has deployed, some of which are active in very hostile operating conditions. He has given numerous workshops and master classes in data forensics, creative hacking, system administration, computer networking, counter-surveillance, software art, object-oriented programming, radio, disaster-resilient communications, UNIX/Linux and more.

Julian is co-director of Nīkau, a global platform, information and operations security consultancy in service to NGOs, impact-driven organisations and grassroots movements. His work and ideas have been presented at numerous universities, events and festivals worldwide, including Ars Electronica, the Vienna Biennale, the Frankfurter Kunstverein, the Japan Media Arts Festival, The Chaos Communication Congress, Tate Modern, Princeton University, and the ZKM in Karlsruhe.

Julian has also received several awards, most notably the distinguished Golden Nica at Prix Ars Electronica 2011. He is the co-author of the Critical Engineering Manifesto and member of the Critical Engineering Working Group.