SirMaple_
One of the main reasons I run my own instances (Mastodon and Lemmy). Keep the garbage blocked and out of sight.
Devices at home are named after Autobots and remote devices are named after Deceptions.
- crowdsec
- SSH - change port, disable root login, disable password login, setup SSH keys using SK(YubiKey in my case)
- nftables - I use https://github.com/etkaar/nftm to keep things quick and simple. I like the fact if will convert DNS entries to IPs. I then just use dynamic DNS update clients on all my endpoints
- WireGuard for access to services other than SSH(in some cases port 443 will be open if its a web server or proxy)
- rsyslog to forward auth logs to my central syslog server
“HU-MAN”
Hard pass. Which ever vendor keeps making dumb appliances gets my money. I can live with basic “smart” appliances as well. The ones that connect to WiFi simply to tell when say the wash cycle is done by sending a message to your mobile. But I don’t need no flipping AI crap in my house thank you.
940/940 unlimited for ~$90/month in Western Canada
IF it’s possible you might be able to take the ISP SFP and put it in a SFP to RJ45 media converter and then you can use any 1gig capable router. I did this with my Telus SFP.
OPNsense or OpenWRT. I run multiple OPNsense firewalls for family members all connected together with a WireGuard Mesh.
Cisco is command line for the most part until get into the APIC NSX stuff. There’s others but I’m only exposed to those 2 where I work.
I selfhost both Lemmy and Mastodon. Lemmy is set and forget follow the communities you etc. Mastodon does need a little bit of tweeking after being setup. I have a script the removes remote content from my server after 7 days which keeps the used space down considerably. More details about the commands used can be found here -> https://docs.joinmastodon.org/admin/tootctl/#media-remove