I do the same with adguard home, it works fine and like you say valid https for all services.

Syncthing ?

I’m due a backup and other than that I hope nothing breaks

13 containers currently. I have thought about adding some more stuff such as bazarr and more but I need to be in the humor for it.

R.I.P

Connect it to your PC or laptop and do a netinstall. Configure SSHD and a static ip. Plugin the disk to your server and then connect via ssh to admin it.

You could also set your laptop or PC to boot from the attached disk in the bios to test the services you want to start are starting

Happy to help 😉

Syncthing can do direct sync if you give the ip address to each node and you can disable relay servers .

Yeah this is a much better approach

You could just poll it every few minutes via a cronjob and only send a notification if the numbers have increased.

Personally I use miniflux too in docker but I dont have a need for notifications.

Could you just poll the miniflux db directly ?

On laptops yes, on my server no. Most of the data is photo backups and linux ISOs form over the years.

Btop and logwatch with logrotate. I use healthchecks to check if the server is unreachable and it notifies me.

My block list is very small actually due to the non standard ssh port. Everything else goes through wireguard.

If it was open to the public then yes I’d have to reconsider the ban length.

You could not connect the TV and printer to the network but instead attach them to raspberry Pi or similar devices. This allows you full control and stops them calling home and spying.

Hackerman

Please see my reply below with links.

Onion repositories are package repositories hosted on tor hidden services. The connection goes through six hops and is end to end encrypted. In addition to further legitimizing the tor network with normal everyday usage it has the benefit of hiding what packages have been installed on a system.

Here are some notes about them if you want to read more.

https://blog.torproject.org/debian-and-tor-services-available-onion-services/

https://www.whonix.org/wiki/Onionizing_Repositories

Well I dont trust closed source software and do what I can to avoid it when I can. At least foss can be audited. Also all the linux devices on the main network are devices I admin.

Only remote access by wireguard and ssh on non standard port with key based access.

Fail2ban bans after 1 attempt for a year. Tweaked the logs to ban on more strict patterns

Logs are encrypted and mailed off site daily

System updates over tor connecting to onion repos.

Nginx only has one exposed port 443 that is accessible by wireguard or lan. Certs are signed by letsencrypt. Paths are ip white listed to various lan or wireguard ips.

Only allow one program with sudo access requiring a password. Every other privelaged action requires switching to root user.

I dont allow devices I dont admin on the network so they go on their own subnet. This is guests phones and their windows laptops.

Linux only on the main network.

I also make sure to backup often.