paperemail

That’s why I use NixOS; I never even meet people unless they’re in my /nix/store…

Interesting indeed

Shoutout to kolpeshtheyardsick’s video about this

You should do application level backups and put those in backblaze b2:

• for postgres look here.
• look at all the software you’re running and what they say about making backups.
• for files that don’t change often, making a an archive (with tar) is probably good enough. But if it changes during making the archive, the backup will be inconsistent.
• think about your RPO: how much data are you willing to loose in case of a crash? 1 day? 2 hours? 15min? Schedule your backups to be at least as frequent.
• Don’t forget to test your backups! Otherwise you’ll only find out that the backup is unusable when you need it most…

Sheik Yerbouti my beloved!

I’ll see if there are any issues I can pick up

No

No

I don’t know how to properly add alt text to the image :(

🧙🏼‍♀️

Those are very good things to think about; I agree with all of that.

None of the suggestions I made cover what actual information you (or your users) share ont the platforms (lemmy, mastodon etc).

As long as you federate with other servers (I.e. allow content to be shared with other servers, like how my account on my own server can comment on a post from the server you’re using), all the information posted on the platform should be considered 100% public.

If you want a place for just your friends, without talking with other instances, you should keep federation off.

I want to spin up my own services so that I own my data and have greater control over my connections, and possibly have a hub that friends and family can use.

That’s a noble goal; but you’ll have to think about what kind of adversaries you want to protect yourself (and your users) from.

E.g. if you don’t want to link your lemmy account to your government name you of course won’t use your real name, but you’ll also need to anonymize the WHOIS data of the domain, since that’s public information.
Not all domain registrars allow this.

And depending on how far you want to take this, you might also want to buy the server anonymously.

All of that doesn’t even touch the security of the actual server, lol. Some pointers for that:

SSH

• use keys for to login, not passwords
• use a different port than 22 (it’s not more secure, but will reduce noise in the logs)
• install fail2ban (temporary blocks ips after a few failed attempts)
• make SSH only reachable from your home IP with a firewall

HTTP/S:

• use a caddy or nginx proxy in front of anything that talks http.
• use letsencrypt certificates (and check renewal is working)
• use proper SSL settings: https://ssl-config.mozilla.org/

VPS hosting:

• setup 2FA for your login

Monitoring: You can get very detailed, but try to cover at least the following:

• uptime (request your lemmy homepage)
• disk usage over 80%
• SSL certificate expiration