Are you going fangless?

I would definitely go fangless. I have been bitten enough times. A bite might also transfer viruses. Nowadays I defang all my computers.

But then why bother to package the game for the distro in the first place?

Sorry, but you are mistaken. Joplin definitely encrypts data at rest if you enable end-to-end encryption: https://joplinapp.org/e2ee/

Discord is not very privacy-oriented. We‘re in a privacy-oriented community here, so Discord should raise an eyebrow, not Signal, which is famously privacy-oriented.

There‘s no reason not to use both. For some things a GUI file manager is more convenient.

If in fact being listed in credits is that important, why wasn’t it in their contract?

Maybe because of the usual power imbalance between employer and employee? If there are enough other applicants, employers can dictate the terms. It‘s a bit like saying to a coal miner: “Oh, if not dying from black lung disease is sooo important to you, why wasn‘t that in your contract?”

“I see a lot of white knighting”

I hate this term. If you call people who care about injustices “white knights”, what do you call the people who go out of their way to defend injustices and take the side of the more powerful parties?

32 GB should be plenty of RAM for this scenario.

deleted by creator

Do you know what takes up the space? Something like gdu or ncdu will help you analyze the problem.

I see. That‘s a valid use case. Although, in the spirit of self-hosting, I personally would either get another ISP or run a reverse proxy on a cheap VPS and connect the homeserver to that via Wireguard.

• Update frequently.
• Use HTTPS. Redirect all HTTP traffic to HTTPS. If you use Caddy as a reverse proxy, this is pretty easy to set up. You‘ll want to get a domain name though.
• If you use systemd, then systemd-analyze security (with man systemd.directives) is your friend. Be as restrictive as possible without breaking functionality.
• Consider putting services like Jellyfin or Nextcloud in their own containers/VMs.

You don‘t need Cloudflare. I don‘t know why half the commenters in this thread recommend it. Cargo cult? You don‘t need DDOS protection. Nobody does DDOS attacks on random home servers. You don‘t need to hide your IP address either. Just make sure that you only expose port 80 and 443 to the internet and nothing else, and don‘t expose the admin interface of your router to the internet.

Alternatively as others have suggested, if you‘re not sure about your ability to secure everything, only expose your services over a Wireguard VPN. You don‘t really need Tailscale if you only want to manage a handful of devices, and you also don‘t need Tailscale‘s mesh networking for your use case.

Why would anyone DDOS a random home server? I don‘t think OP has to worry about that.

Could you please be more specific what exactly Crowdsec brings to the table? In which way does it “secure the network”?

Where was that? At least the part where they force you to buy the book from their website or the college store would be illegal in the EU. (I am not a lawyer.)

I don‘t know what specifically you would like to know and what your background is, so I will just elaborate a bit more.

The basic idea is that the VPS, which is not behind a NAT and has a static IP, listens on a port for WireGuard connections. You connect from the NAS to the VPS. On the NAS you configure the WireGuard connection with “PersistentKeepalive = 25”. That makes the NAS send keepalive packets every 25 seconds which should be enough to keep the connection alive, meaning that it keeps a port open in the firewall and keeps the NAT mapping alive. You now have a reliable tunnel between your VPS and your NAS even if your IP address changes at home.

If you can get a second (public) IP address from your provider you could even give your NAS that IP address on its WireGuard interface. Then, your VPS can just route IP packets to the NAS over WireGuard. No reverse proxy needed. You should get IPv6 addresses for free. In fact, your VPS should already have at least a /64 IPv6 network for itself. For an IPv4 address you will have to pay extra. You need the reverse proxy only if you can‘t give a public IP address to your NAS.

Edit: If you have any specific questions, feel free to ask.

I think Space Göring would be even more fitting. The Luftwaffe was like Göring‘s pet toy. Also he took a lot of drugs.

You could get a VPS only for getting around the double NAT.

Run a reverse proxy on the VPS and forward requests over WireGuard to your NAS. That way you wouldn‘t actually host any data on the VPS.

How many outgoing emails are we talking about? Because there are a lot of free or cheap options for personal use and small businesses.

You could try Consent-O-Matic. That’s what I use. It also doesn’t simply agree to everything like the other one but chooses the most privacy-friendly option instead.

Hadn‘t heard of Rumble. At first glance, it looks like its run by Elon Musk. Andrew Tate on the frontpage, far-right political channels and crypto bros. I think I‘ll pass.