As the title says, I want to know the most paranoid security measures you’ve implemented in your homelab. I can think of SDN solutions with firewalls covering every interface, ACLs, locked-down/hardened OSes etc but not much beyond that. I’m wondering how deep this paranoia can go (and maybe even go down my own route too!).
Thanks!
I’m a Nixos user, I wouldn’t be much help unless you do Nixos. But it’s a whole new rabbit hole which would take you months/years to learn and setup 😅
What I can say, you can do “access from home network”, “access from VPN network”, “1fa/2fa from the internet” OR “access for / and /api, but 1fa/2fa for stuff like /admin, /admin-settings, or just /login or /logged-in”
Fail2ban is fun, also maybe have a look at crowdsec