Process of making an air-gapped SBC
Depending on the security level you need, that is what I would do. Put it in an isolated network with no internet access except to the upgrade servers of your distribution while you are installing, maybe through an http proxy with a whitelist.
I would pay for the news (I tried with 2 different newspapers that I trust), if in the privacy terms they would say that once logged in they wouldn't collect your data. On the contrary, they say they collect this information, make a profile and can share it for pub or whatever. If you subscribe they even have your name and everything. Without an account I read the news in hidden/incognito mode.
I also self host my mail domain since a few years ago. My server is at home in a dynamic address, and this has resulted in some providers not accepting mail from it, even when everything, including SPF and DMARC where correctly configured. I now use a relay in a hosting environment just to send the mails.
I am quite happy with xmpp and conversations as clientnon android. The problem that xmpp has, is that the base protocols is quite limited and it has lots of extensions (XEPs). Not all clients or servers support all of them. But I am a happy user since a few years. And now conversations even supports voice and video calls!!!
Nice, and if you are doing it for the fun of it or for learnig,... it is fantastic. But if you just did it because you needed something to backup your switches configurations, I'd suggest to have a look at rancid or oxidized. Both do the same and support different brands of hardware, do bacckups on a schedule, integrate with git or svn so you can track or detect changes,... I have used oxidized and I am quite happy with it, even when I am not a big fan of ruby. Both are open source.
You might note that, what you call a binary-style kilobyte (1024 bytes) is also officially called "kibibyte", and not kilobyte anymore. On the same line there are also gibibytes, tebibytes and pebibytes. (And the same thing with bits.)
Castel does something like that. Has a full range of products and they communicate over sip. I don't know the price, probably high. I' m not terribly impressed by the load of shellscripts I see. They run on Linux and asterisk.
Let's encrypt has also a method of validating your control over a domain by means of dns, asking you to put a text record. Lots of well known providers are compatible. You wouldn't need a web server on each machine.
I also generate all certificates in one central location, but then install them to the different servers and applications using ansible instead of a self backed script.
Zoneminder, shinobi and ispy come to my mind. I've not worked with any of them, but i have seen shinobi and zoneminder. I rjink Rtsp is supported in all of them.
@johanv If you are alredy using json in a file, you could use some kind of nosql database and use mostly the same json format. There are many, but I've only used mongodb and elasticsearch. PostgreSQL has also a json backend.
Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.