For example, something that is too complex for your comfort level, a security concern, or maybe your hardware can’t keep up with the service’s needs?
Tor exit node, public Lemmy instance.
Lemmy instance for me as well. I have a specific community I miss from reddit that I want to replicate, I even have a domain sitting around that’d be good…I just don’t want to store data coming from complete strangers. I also have zero interest in any sort of admin/moderating. So I’ll just go without it and get over it lol
Hosting an email server is pretty sure a magnet for half the Chinese IP range… So I would refrain from hosting that myself.
I figured email would be a common theme. I’m just starting to dip my toes into all of this, so an email server is not on my to-do list (and may never be).
Google and other large scale providers have intentionally made it very difficult to self host your own email. It’s generally not considered a wise move these days and is very difficult to maintain.
Why do you say so? I’m not an expert in the fields, but isn’t a mail server pretty much the same as 20 years ago plus DKIM and SPF?
I did host my email, but the problem wasn’t the spam but the bigger email providers. Best case was my mail was marked as spam. Worst case was that I was blocked until I jumped through hoops. Email hosting is unfortunately broken.
Gladly, fail2ban exists. :) Note that it’s not just smtp anyway. Anything on port 22 (ssh) or 80/443 (http/https) get constantly tested as well. I’ve actually set up fail2ban rules to ban anyone who is querying / on my webserver, it catches of lot of those pests.
This method supposedly works great too.
CrowdSec has completely replaced fail2ban for me. It’s a bit harder to setup but it’s way more flexible with bans/statistics/etc. Also uses less ram.
It’s also fun to watch the ban counter go up for things that I would never think about configuring on fail2ban, such as nginx CVEs.
Edit: fixed url. Oops!
Thanks for mentioning it, I didn’t know about it. Protecting against CVEs sounds indeed awesome. I took a more brutal approach to fix the constant pentesting : I ban everyone who triggers a 404. :D Of course, this only work because it’s a private server, only meant to be accessed by me and people with deep links. I’ve whitelisted IPs commonly used by my relatives, and I’ve made a log parser that warns me when those IPs trigger a 404, which let me know if there are legit ones, and is also a great way to find problems in my applications. But of course, this wouldn’t fly on a public server. :)
Note for others reading this, the correct link is CrowdSec
Me too, I’ll never self host my email server. Too much time that I don’t have to set it up correctly, manage the antispam and other thing that I don’t even know . And if it goes down and I don’t have time to look into it (which would be the case 95% of the time 🙈), I’ll be without email for I don’t know how long.
I’ve been self-hosting a personal email server for about half a year now, and it was definitely challenging! But it also tought me quite a bit about how the system works, so I think it was worth it. There are solutions for everything, but you definitely need some time and patience.
Anything that the family uses. Because when I cease to exist, my wife isn’t gonna take over self-hosting! So e-mail, chat, documents etc.
I told my wife when I die, she’s just going to have to throw it all away and start over.
We have separate email accounts and she knows how to get into my Keepass, so she should be able to get into whatever she needs to. I now have a daughter who is becoming interested in how these things work, so I’m hoping to slowly start training/handing off to her.
I have a router, switch and older access point preconfigured and ready to just plug in.
I have some basic documentation and a short list of folks to call, along with admin creds should anything need untangling.
But mostly it’s a rip and replace network. Ditch plex and get cable.
Google workspace is basically just gmail. You can pay someone to migrate it or abandon.
Dealing with the digital afterlife of a hacker - The Daily Dot
The main challenge was Michael’s tech footprint: His Gmail, Twitter, personal domains, rented servers, hosting business, home servers, and a huge collection of Apple tech.
“It was tough for Beth because she got home and she had a brand new phone and couldn’t even get on the Wi-Fi,” Kalat said. “Michael had done everything. Beth is very smart—she’s a scientist—but Michael had handled everything. A friend had to come over to reset the Wi-Fi password.”
Password manager like Bitwarden. I’d rather they take care of it for me. The consequences would be too great if I messed it up.
Smart move, unless you really know what you’re doing and have redundancy. When I first made the switch from Lastpass to Bitwarden I had tried to host the vault myself instead of using the cloud version, which worked fine right up until the moment I had a server outage and lost access to all my passwords.
I think that’s what’s kept me at KeePass rather than moving to something like Bitwarden. Since it’s file-level encryption, anything that can serve files can also serve my KeePass database. When I upgrade servers or change to different services, restoring my database is as simple as throwing the file into that new service and going on with my life.
Eh, the clients all cache your vault. It shouldn’t be a huge issue for it to be down even for a few days.
But I do upload encrypted backups of the server every 6 hours to cloud storage
Oh man, that’s actually really good advice! I recently switched to Vaultwarden, but you’re right: If my server goes down, I can’t even restart it, because the password for my account is in there! Damn! Close call!
Well with bitwarden/vaultwarden you can have a copy of your entire vault on your phone or computer or both… so even if your server was totally dead, you’d have access to your passwords. Solid backups is a must, I follow the 3-2-1 rule on super critical systems (like vaultwarden) and test that you can actually recover. Something as simple as spinning up a VPS, testing a restore, testing access, see if that could work in a pinch until you get your server back online, then tear it down. Linode is very cheap for this kind of testing, it’d only cost you a few pennies to run a “dr” test of your critical systems. Of course you still want to secure it, I’d recommend wireguard or tailscale instead of opening access to your DR node to the internet, but as a temporary test it’s probably fine if your running patched up to date versions of docker, vaultwarden, and I’d always recommend putting a reverse proxy in front like nginx.
I still don’t get why people want to have cloud-based password managers. Keepass works in all major platforms, it’s just one file, which it is super easy to sync and/or merge. It can integrate with your browser/Os if you want, but otherwise the surface attack is basically zero.
I’ve managed to do it for my personal email and find it very rewarding. Sadly, I could never use it for my business. It’s just too risky and there may always be a few delivery problems here and there.
VPS hosting, BTW, not home.
That, and the fact that Spam abatement is a terrible chore. Whackamole at its worst.
