In that case I can really highly recommend it. Nixos on the server is fantastic anyways, and the only hurdle to recommending simple-nixos-mailserver is that most people are not familiar with nix… 😄

It’s a bit unconventional maybe, but I vote simple-nixos-mailserver - IF you are curious / willing to learn nix. It’s essentially just sanely configured dovecot, postfix, rspamd.

My config for those three combined is about 15 lines, and I have never had an issue with them. Slap on another 5-10 lines for Roundcube as a webmail client.

Since it’s Nix, everything is declarative, so should SOMETHING happen to the server, you can be up and running again super quickly, with the exact same setup.

Is this some peasant meme I am too NixOS to understand?

(Joking, joking. A good system settings center is important for graphically managed distros.)

Meh. Each service in its isolated VM and subnet. Plus just generally a good firewall setup. Currently hosting ~10 services plubicly, never had any issue.

Did all that, minus the no ssh root login (only key, obviously) plus one failed attempt, fail2ban permaban.

Have not had any issues, ever

All of them if you configure it?

Fail2ban allows you set different actions for different infringements, as well as multiple ones. So in addition to being put in a “local” jail, the offending IP also gets added to the cloudflare rules (? Is that what its called?) via their API. It’s a premade action called “cloudflare-token-multi”

We expose about a dozen services to the open web. Haven’t bothered with something like Authentik yet, just strong passwords.

We use a solid OPNSense Firewall config with rather fine-grained permissions to allow/forbid traffic to the respective VMs, between the VMs, between VMs and the NAS, and so on.

We also have a wireguard tunnel to home for all the services that don’t need to be available on the internet publicly. That one also allows access to the management interface of the firewall.

In OPNSense, you get quite good logging capabilities, should you suspect someone is trying to gain access, you’ll be able to read it from there.

I am also considering setting up Prometheus and Grafana for all our services, which could point out some anomalies, though that would not be the main usecase.

Lastly, I also have a server at a hoster for some stuff that is not practical to host at home. The hoster provided a very rudimentary firewall, so I’m using that to only open necessary ports, and then Fail2Ban to insta-ban IPs for a week on the first offense. Have also set it up so they get banned on Cloudflare’s side, so before another malicious request ever reaches me.

Have not had any issues, ever.

Sorry, I though my comment was sufficiently self-humerous 😅

Of course custom configs are not suitable for anyone but the config-urator. Hence, custom configs :D

All DEs are jank. The only good DE is the tiling wm I put 10k lines of config into.

Don’t get me wrong, that’s also janky, but it’s my fault jank.

Ahh those fuckers.

+1 from me.

The Shield is a couple years old, but it handles everything you throw at it perfectly.

• get SmartTubeNext to watch YouTube without ads, and it comes with SponsorBlock
• use Flauncher for a home screen / launcher without any ads
• Jellyfin, obviously
• Steamlink also works perfectly
• plus, the remote is amazing (though I would recommend to either disable or rebind the Netflix button)

I know it’s been three weeks, but thanks for telling me about this! I might actually do this, for the projects here and there which aren’t packaged into nixpkgs (yet).

Thanks for the suggestion, I must say though, I am very happily de-googled :D

Thanks for the recommendation! Looks like a great option. Actually, the p2p aspect prompted me to have another look at the Jitsi docs, and lo and behold, there’s an option for that, as long as no more than 2 people participate in a chat… (The reason I’d prefer Jitsi is actually just that NixOS comes with options for jitsi out of the box, for Miro I would have to introduce containers into my setup :D)

Yeah, I think it’s overkill, plus needing an account will likely lead to issues (login difficulties, forgotten password,…) compared to “just click this link”. But thanks for the recommendation anyways, I did not know NC comes with video chat!

Thanks for the experience report! Would you say that you’re happy with the video and audio quality and latency?

Yeah, I am havong mixed feelings about this. But at least during Covid, it was apparently the norm, so it must work, somehow…

I could find a teacher closer to me, but for one thing, I only have a boke available, and biking ~10km with the cello on my back is not something I look forward to doing on a regular basis. The other thing is that I consider this teacher a friend, she’s given me lessonsfor more than a decade in the past, and I know we vibe well together.

Yeah, those are all fair points. We’ve been using Jitsi for work with pretty much no problems, albeit in group calls where video and audio quality don’t matter too much. Someone below gave some good recommendations for hardware as well.

The helpdesk issue… IDK. If Jitsi works, it is incredibly easy to use, right? Basically just, click this link and you’re in. (If does some heavy lifting there, I know :D)

THank you for the suggestion! It looks like a great option for playing together. I must say though, what would probably kill it for me/my teacher is the complexity of the setup. Separate video, and from the docs, it seems like a bit of an involved setup to get good results?

Besides, we will probably not be playing together at all 😅