Are you going fangless?

I would definitely go fangless. I have been bitten enough times. A bite might also transfer viruses. Nowadays I defang all my computers.

But then why bother to package the game for the distro in the first place?

Sorry, but you are mistaken. Joplin definitely encrypts data at rest if you enable end-to-end encryption: https://joplinapp.org/e2ee/

Discord is not very privacy-oriented. We‘re in a privacy-oriented community here, so Discord should raise an eyebrow, not Signal, which is famously privacy-oriented.

There‘s no reason not to use both. For some things a GUI file manager is more convenient.

If in fact being listed in credits is that important, why wasn’t it in their contract?

Maybe because of the usual power imbalance between employer and employee? If there are enough other applicants, employers can dictate the terms. It‘s a bit like saying to a coal miner: “Oh, if not dying from black lung disease is sooo important to you, why wasn‘t that in your contract?”

“I see a lot of white knighting”

I hate this term. If you call people who care about injustices “white knights”, what do you call the people who go out of their way to defend injustices and take the side of the more powerful parties?

32 GB should be plenty of RAM for this scenario.

deleted by creator

tl;dr Duplicity does full or incremental backups, BorgBackup only does full backups but with deduplication.

After the first backup with Duplicity, you can choose to do an incremental backup which will only store the data that has changed since the last backup. This saves time and disk space but you have to do slow full backups regularly. See question 3 of the FAQ.

BorgBackup alway does a full backup. But it divides all data into chunks or blocks (don’t know what they call it exactly at the moment). It then hashes those chunks and stores them in a content-addressed storage layer. So it basically works like Git under the hood (plus encryption). If a chunk doesn’t change between backups it‘s already there and does not have to be stored again. A backup is always a full index of the data.

With today‘s fast processors and hashing algorithms, a backup with Borg should be just as fast as an incremental backup with Duplicity. If you ask me deduplicated backups are just plain superior.

Another tool that works like BorgBackup is Restic, which I prefer. Both are good choices that I would trust with my data.

I see. That‘s a valid use case. Although, in the spirit of self-hosting, I personally would either get another ISP or run a reverse proxy on a cheap VPS and connect the homeserver to that via Wireguard.

• Update frequently.
• Use HTTPS. Redirect all HTTP traffic to HTTPS. If you use Caddy as a reverse proxy, this is pretty easy to set up. You‘ll want to get a domain name though.
• If you use systemd, then systemd-analyze security (with man systemd.directives) is your friend. Be as restrictive as possible without breaking functionality.
• Consider putting services like Jellyfin or Nextcloud in their own containers/VMs.

You don‘t need Cloudflare. I don‘t know why half the commenters in this thread recommend it. Cargo cult? You don‘t need DDOS protection. Nobody does DDOS attacks on random home servers. You don‘t need to hide your IP address either. Just make sure that you only expose port 80 and 443 to the internet and nothing else, and don‘t expose the admin interface of your router to the internet.

Alternatively as others have suggested, if you‘re not sure about your ability to secure everything, only expose your services over a Wireguard VPN. You don‘t really need Tailscale if you only want to manage a handful of devices, and you also don‘t need Tailscale‘s mesh networking for your use case.

Why would anyone DDOS a random home server? I don‘t think OP has to worry about that.

Could you please be more specific what exactly Crowdsec brings to the table? In which way does it “secure the network”?

When I looked around for CalDAV solutions the last time Nextcloud was the only one that allowed me to share calendars with my SO. Nextcloud isn‘t very taxing on my system because it doesn‘t do anything most of the time.

Do you know about problems reaching the big player mailservers?

Honestly, I don‘t know. I have never had a confirmed case of an email being rejected or classified as spam. There were some cases of not getting an answer to an email. But that could also be explained by shitty customer service.

It is tricky to setup everything correctly if you are trying to do it all on your own but SNM holds your hand for setting up DKIM, SPF and DMARC. That‘s where some people may have problems. Also, forget about setting up a mail server at home with any IP address you get from your internet provider.

• Plex and Jellyfin for movies and TV shows. I want to switch from Plex to Jellyfin but it is not quite there yet. It‘s very little effort to keep Jellyfin running in parallel though. I am keeping it around to regularly compare the two and re-evaluate.
• Tube Archivist for archiving and watching YouTube videos.
• Miniflux for reading feeds.
• Nextcloud, mainly for calendars and contacts; occasionally for sharing files with others.
• Syncthing for syncing files.
• Financier for budgeting.
• Paperless-ngx for managing documents.
• Qbittorrent for downloading and sharing Linux ISOs.
• Prowlarr for searching Linux ISOs.
• Copyparty for sharing Linux ISOs with friends.
• Shaarli for saving bookmarks.
• Jekyll for statically generating my personal blog.
• Caddy as HTTP server / reverse proxy for all of the above. Automatically provisions certificates from Let‘s Encrypt.
• PostgreSQL as database for Nextcloud and Miniflux.
• Simple Nixos Mailserver for emails with Postfix, Dovecot and rspamd.
• Dehydrated for getting certificates from Let‘s Encrypt for the mail server.
• Btrbk and Restic for backups.

Most of this stuff runs on my server at home (ASRock J4105-ITX, 8 GB RAM , 250 GB SSD, 18 TB HDD). The mail server and the blog run on a cheap VPS (1 vCPU, 2 GB RAM, 20 GB SSD). Both servers run NixOS.