Welcome here! Lemmy has lots of different communities, you will surely find some content you like.

Old content is not (fully) synced - you will get new posts, comments and votes.

Are you looking to build your own server?

If you’re thinking about building one, the Jonsbo N4 is a compact case (~20L) that fits up to six 3.5" drives and two 2.5" drives/SSDs. It’s a nice choice if you want something small but expandable. Just note that you’ll need to pick out your own components, and there are some limits when it comes to power supplies and CPU coolers.

Just as a side node, make sure to backup your immich / nextcloud services too.

I might be wrong, but it sounds like hosted nextcloud, not a completely new platform.

Thats from the current nextcloud docs:

We strive to bring Artificial Intelligence features to Nextcloud. This section highlights these features, how they work and where to find them. All of these features are completely optional. If you want to have them on your server, you need install them via separate Nextcloud Apps.

You’re right, that’s an option. I could set this up at my router, this way it would be almost indistinguishable from IPv6 via my ISP.

Its really not that hard. Sadly, my ISP doesn’t offer IPv6 yet, but for my vServer, enabling IPv6 was just a checkbox during creation. Then, you need to make sure that the service (e.g. webserver) also listens on the IPv6 address and maybe tweak the configuration of the webserver to actually serve websites via IPv6. Also, check your firewall settings. Lastly, you need to set the DNS AAAA records and you’re done.

I mostly try to read the docs, but sadly good documentation is pretty rare.

I’m currently following this guide to setup caddy reverse proxy with coraza web app firewall.

But be warned, this whole rabbit hole of WAF isn’t trivial, some protections don’t work well with some apps (e.g. portainer triggers some rules about system command execution) and it needs some tuning. I personally set it up to learn more about WAFs because I believe it will help me in my career, but I would not blindly recommend it to everyone.

Approaches like crowdsec and fail2ban seem much more suitable for selfhosters – and keep your server software updated.

I doubt using secret managers is popular among self hosters. These products are targeted at larger deployments, not homelabs.

I’ve installed coraza web app firewall with OWASP ruleset this weekend. I must admit that it wasn’t as easy as I expected it, but it now (mostly) works. I had to give up with nextcloud though.

RClone to a cloud storage (hetzner in my case). Rclone is easy to configure and offers full encryption, even for the file names.

As the data is only uploaded once, a daily backup uploads only the added or changed files.

Just as a side note: make sure you can retrieve your data even in case your main system fails. Make sure you have all the passwords/crypto keys available.

I’ve got it running for a few weeks now. Seems very nice

Nice list of suggestions, but implementing all of them feels a little over-the-top.

I don’t really get the love for fail2ban. Sure, it helps keep your logs clean, but with a solid SSH setup (root disabled, SSH keys enforced), I’m not bothered by the login attempts.

I’m currently comparing Authentik and Authelia. For me, Authentik was extremely easy to get into. Authelia with its text-based configuration is clearly not as easy for beginners.

You‘re supposed to host this yourself.