Prediction: you’ll never get actually read most of what ends up on this to-read list.

ITT: lots of generic VPN advice by people who have no experience with the specific problem.

This is the only answer you need to read. It’s a non-problem if you just do this, and there’s no reason not to do it.

Possibly it’s about personality types. I was only going on my own experience. Of always being told by a chorus of experts “Oh no you don’t want to do that!” and ending up being terrified to touch anything. When I now know that I usually had nothing to be afraid of, because dangerous things tend to be locked down by design, exactly as they should be.

it depends how secure you want your network to be. Personally I think UFW is easy so you may as well set it up

IMO this attitude is problematic. It encourages people (especially newbies) to think they can’t trust anything, that software is by nature unreliable. I was one of those people once.

Personally, now I understand better how these things work, there’s no way I’m wasting my time putting up multiple firewalls. The router already has a firewall. Next.

PS: Sure, people don’t like this take - you can never have enough security, right? But take account of who you’re talking to - OP didn’t understand that their server is not even on the public internet. That fact makes all the difference here.

Immutable distros like NixOS don’t stop you from tweaking stuff, they just record every tweak centrally, so that you can undo them and do rollbacks.

Others can confirm that I’ve got that right. Haven’t tried it but the idea sounds great.

I would like to have a system when I know what I did, what is opened/installed/activated and what is not

Story of my life after 20 years on Linux. Maybe we could call it “modification anxiety”.

I believe this is the case for an immutable OS.

Isn’t this like saying “What phone numbers do you have in your address book?”

Well that puts the loss of my little VPS into perspective.

And terrible, archaic, chaotic practices such as activating your 2FA without permission and then locking you out of your account for weeks pending multiple signed paper letters. Oh, and sometimes their datacenters burn down and take your server with them. I’m sad to have to throw them under the bus like this. I want OVH to succeed but personally my patience with them definitively ran out.

Absolutely fair.

Interested in the answer too! Of course, you could get the same result from a 5-buck VPS with zero maintenance and rock-solid reliability (my solution). But sure, 5 bucks is 5 bucks. And also, encryption is optional if it’s your own device.

You could even try next going to back cloud.

OK. Given that self-hosters are maintaining two PCs already, I suppose that’s fair.

As an RSS user since the early days, there’s something I never get: why is this something that people are hosting? Are you really all consuming so much news, so much of the time, that you need to do it simultaneously on two devices? That sounds like news overload to me but what do I know.

Personally, I catch up once a day for an hour (or two). Seem more than enough and means I only ever need an RSS client. Right now: the Feedbro add-on in Firefox desktop.

As for tips and tools, RSSBox is a useful one. IMO if RSS were more popular this is the sort of thing that would be built into the client.

Your point is a bit off-topic but I for one agree with you.

Useful. I hate shorts and portrait-format video in general.

NB for those who don’t know: a server is not needed to make Youtube RSS feeds, they exist natively: https://www.youtube.com/feeds/videos.xml?channel_id=UCxxxxxxxxxx. You just have to find the channel_id buried in the page source, which admittedly is a bit of a PITA. But no native way to exclude shorts, though.

Can recommend Hetzner (German IP). Good value and so far solid.

Before that I used OVH (French IP) for years but it ended badly. First they locked me out of my account for violating 2FA which I had not asked for or been told about, and would not provide any recourse except sending them a literal signed paper letter, which I had to do twice because the first one they ignored. A nightmare which went on for weeks. And then, cherry on the cake, my VPS literally went up in smoke when their Strasbourg data center burned down! Oops! Looks like your VPS is gone, sorry about that, here’s a voucher for six months free hosting! Months later they discovered a backup but the damage was done. Never again.

Not bothered about the potential for keyloggers or even OS-level snooping on what is presumably your privacy-free Android device? Personally I would never type the master password into anything other than a computer running a FOSS stack that I control, but perhaps that is excessive caution.

If Fail2Ban is so important, why the h*** does it not come installed and enabled as standard?!

Security is the number-1 priority for any OS, and yet stock SSHD apparently does not have Fail2Ban-level security built in. My conclusion is that Fail2Ban cannot therefore be that vital.