Hard to put my lips finger on the reason, though

Do you then also proceed to install the client 20 times? Or do you constantly log in and out? Sounds like a hassle that federation would solve!

Named mine after “objects” from Iain M. Banks’ Culture Novels.

Currently I have:

• gsv
• hub
• excession
• drone

Nice and short, and map roughly to the “power level” of the hardware, so to speak.

And my Yubikeys are named after Special Circumstances agents 😄

If you are at all familiar with / interested in NixOS, there’s Jovian-NixOS which essentially duplicates the SteamOS experience 1:1 (much more closely than, say, Bazzite imo), but allows you to easily switch to a different desktop environment like Gnome with just a single config option.

You can also selfhost sync!

You can also just selfhost Firefox sync!

skill issue

Is it? If it wasn’t printed on the bottom, would you really be able to guess Ctrl+X, Y, Enter any easier than colon, q, Enter?

No

Nano is easier to get into, but far more limited.

But it just downloads to disk, you cannot click “play” in the app, finishing an episode doesn’t make it as watched, you do not retain the ability to “continue” playing,…

Why not? Have had it accessible via the Internet for 4+ years without incidents

In that case I can really highly recommend it. Nixos on the server is fantastic anyways, and the only hurdle to recommending simple-nixos-mailserver is that most people are not familiar with nix… 😄

It’s a bit unconventional maybe, but I vote simple-nixos-mailserver - IF you are curious / willing to learn nix. It’s essentially just sanely configured dovecot, postfix, rspamd.

My config for those three combined is about 15 lines, and I have never had an issue with them. Slap on another 5-10 lines for Roundcube as a webmail client.

Since it’s Nix, everything is declarative, so should SOMETHING happen to the server, you can be up and running again super quickly, with the exact same setup.

Yep, that’s right. In theory you could share the encrypted DB with the public and not degrade security. (Still don’t do that though…)

Is this some peasant meme I am too NixOS to understand?

(Joking, joking. A good system settings center is important for graphically managed distros.)

Meh. Each service in its isolated VM and subnet. Plus just generally a good firewall setup. Currently hosting ~10 services plubicly, never had any issue.

Did all that, minus the no ssh root login (only key, obviously) plus one failed attempt, fail2ban permaban.

Have not had any issues, ever

All of them if you configure it?

Fail2ban allows you set different actions for different infringements, as well as multiple ones. So in addition to being put in a “local” jail, the offending IP also gets added to the cloudflare rules (? Is that what its called?) via their API. It’s a premade action called “cloudflare-token-multi”

We expose about a dozen services to the open web. Haven’t bothered with something like Authentik yet, just strong passwords.

We use a solid OPNSense Firewall config with rather fine-grained permissions to allow/forbid traffic to the respective VMs, between the VMs, between VMs and the NAS, and so on.

We also have a wireguard tunnel to home for all the services that don’t need to be available on the internet publicly. That one also allows access to the management interface of the firewall.

In OPNSense, you get quite good logging capabilities, should you suspect someone is trying to gain access, you’ll be able to read it from there.

I am also considering setting up Prometheus and Grafana for all our services, which could point out some anomalies, though that would not be the main usecase.

Lastly, I also have a server at a hoster for some stuff that is not practical to host at home. The hoster provided a very rudimentary firewall, so I’m using that to only open necessary ports, and then Fail2Ban to insta-ban IPs for a week on the first offense. Have also set it up so they get banned on Cloudflare’s side, so before another malicious request ever reaches me.

Have not had any issues, ever.