lol

Are you using a VPN? A lot of the VPN vendors disallow IPV6.

You bet. I am a huge music fan. I create it, I listen to it, from Opera to Death Metal and anything in between. My heart belongs to Blues, Jazz, Soul, R&B, and Funk tho.

Interesting. My method for finding new or similar music to what I have in my library is to use TasteDive. Crowd-Sourced, so you get a ‘real world’ recommendation. It can be a little bit of work, but I find it quite effective. TasteDive also works for movies and a lot of other things. It does have an API tho I’ve never explored that side. I’m not sure what software would interface with their API.

OP, I forgot I had made a post about my setup. So, for what it’s worth, this is what and how I run my network:

https://lemmy.world/post/43533409

It’s been quite a while since I’ve messed with Yunohost, so memory is a bit sketchy.

SimplePush and Kuma

• SimplePush is propitiatory whereas Kuma is opensource
• SimplePush scales as a service whereas Kuma scales as infra
• SimplePush has limited customization whereas Kuma has a swath of customization possibilities
• SimplePush is a subscription whereas Kuma is free

change the default SSH port

I run most everything on a nonstandard port if I can get away with it. However, a bot scan of your server will reveal everything about the ports on your server.

There are literally tons of ways to skin the security cat and you’ll probably hear a ton of them mentioned. Personally, I use the evil Cloudflare Tunnels/Zero Trust with Tailscale as an overlay on the server and on the standalone pFsense firewall. Cloudflare Tunnels/Zero Trust there is no need to fiddle with NAT, closing/opening ports, etc. Install it on the server, and it takes care of the rest. You will need a FQDN which you can change the nameservers to the ones Cloudflare will assign. The free tier is more than generous and covers a lot of ground as far as security.

Disable root ssh access completely

You can, and this ties in with nonstandard ssh port, use key pairs.

Scan your machine and ensure no extra ports are open

Lynis is a great way to get a handle on what needs to be done to your server as far as hardening it. Run a scan, in a few minutes it will spit out a list of things that need attention. Not all of the recommendations will be applicable to your server.

You can always use host allow/host deny to really tighten things up. The only users that will have critical access are the ones you assign in the config.

Fail2ban is effective, along with Crowdsec, Wazuh, etc

• SimplePush (Home Assistant)
• nfty.sh
• Uptime Kuma
• Gotify

There are plenty of others. Those just come to mind

I’ve been using LinkWarden for a long time now. I also use Readeck for ‘read it later’ kind of data but it could be used to bookmark. I use Karakeep for archiving. I have not tried Betula, Linkwallet, Nextcloud Bookmarks, Postmarks, or xBrowserSync.

+1 for OliveTin

I’ve been using Cloudflare’s Tunnel/Zero Trust for a while now and I find it does the job just jammy. I’m not sure I need Mesh, but I will at least familiarize myself with it.

+1 for Nessus - pretty comprehensive scans

In as much as I rail against regulation, or more so…over regulation, AI needs some heavy regulation. We stand at the crossroads of a very useful tool that is unfortunately hung up in the novelty stage of pretty pictures and AI rice cookers. It could be so much more. I use AI in a few things. For one, I use AI to master the music I create. I am clinically deaf, so there are frequencies that I just can’t hear well enough to make a call. So, I lean on AI to do that, and it does it quite well actually. I use AI to solve small programming issues I’m working on, but I wouldn’t dare release anything I’ve done, AI or not, because I can always see some poor chap who used my ‘code’, and now smoke is billowing out of his computer. It’s also pretty damn good at compose files. I’ve read about medical uses that sound very efficient in ingesting tons of patient records and reports and pinpointing where services could do better in aiding the patient so that people don’t fall through the cracks and get the medical treatment they need. So, it has some great potential if we could just get some regulation and move past this novelty stage.

https://lemmy.world/post/45508262/23179666

ETA: I know what opnsense is, I have never used it so I am unaware of all of the packages it can run.

DNSBL and filter lists. You can use PfBlockerNG to import abuse lists, botnets, known open relays which reduce spam. You can also apply GeoIP blocklists to upstream SMTP hosts.

Are you serving from a homelab or VPS? If a homelab, then you could use pFsense to filter spam. I don’t run my own email server but I do use pFsense to filter 95% of the junk from my inbox. I’m not sure how you’d accomplish that on a VPS other than employing some type of spam filtering software.

I’ve installed MX before, but I’m not sure why you would want to make a server out of it. I guess it’s possible, but it seems to me with all the hoops you’re going to have to jump through, why (not) use an OS built to be a server and be done with it?

LubeLogger

Otherwise known as the Diddy. Gotta keep the Astroglide in stock.

I keep it simple, although reading down through the thread, there are some really nice and ingenious ways people accomplish about the same thing, which is totally awesome. I use a WatchTower fork and run it with --run-once --cleanup. I do this when I feel comfortable that all the early adopters have done all the beta testing for me. Thanks early adopters. So, about 1 a month or so, I update 70 Docker containers. As far as OS updates, I usually hit those when they deploy. I’m running Ubuntu Jammy, so not a lot of breaking changes in updates. I don’t have public facing services, and I am the only user on my network, so I don’t really have to worry too much about that aspect.