Btop and logwatch with logrotate. I use healthchecks to check if the server is unreachable and it notifies me.

I doubt any console is lasting 20 years nowadays.

I would recommend yuzu and roms if you want to future proof it, including the source code just in case.

If anyone has this stuff it would be good to add them to i2p too.

Fuck these companies. Seriously, they dont give a shit, they are not competitive and want you to keep paying for shit you bought years ago.

🏴‍☠️Just remember to seed

deleted by creator

My block list is very small actually due to the non standard ssh port. Everything else goes through wireguard.

If it was open to the public then yes I’d have to reconsider the ban length.

You could not connect the TV and printer to the network but instead attach them to raspberry Pi or similar devices. This allows you full control and stops them calling home and spying.

Hackerman

Please see my reply below with links.

Onion repositories are package repositories hosted on tor hidden services. The connection goes through six hops and is end to end encrypted. In addition to further legitimizing the tor network with normal everyday usage it has the benefit of hiding what packages have been installed on a system.

Here are some notes about them if you want to read more.

https://blog.torproject.org/debian-and-tor-services-available-onion-services/

https://www.whonix.org/wiki/Onionizing_Repositories

Well I dont trust closed source software and do what I can to avoid it when I can. At least foss can be audited. Also all the linux devices on the main network are devices I admin.

Only remote access by wireguard and ssh on non standard port with key based access.

Fail2ban bans after 1 attempt for a year. Tweaked the logs to ban on more strict patterns

Logs are encrypted and mailed off site daily

System updates over tor connecting to onion repos.

Nginx only has one exposed port 443 that is accessible by wireguard or lan. Certs are signed by letsencrypt. Paths are ip white listed to various lan or wireguard ips.

Only allow one program with sudo access requiring a password. Every other privelaged action requires switching to root user.

I dont allow devices I dont admin on the network so they go on their own subnet. This is guests phones and their windows laptops.

Linux only on the main network.

I also make sure to backup often.

Firstly you should not be using riseup for this. They are a non profit collective and the feds have seized their servers before.

Use i2p if you want privacy. Otherwise go in with a few friends for a vpn and split the cost.

Debian

It beats using the three shells

I use wireguard and nginx but I set my WG DNS as the server ip. I have adguardhome running on the server and have added the external domains to map to their LAN address so theyre resolved locally when using the vpn or the LAN. A similar setup should work for you.

I wasn’t aware of that. Thanks for sharing

Missed opportunity for his parents to call him Danny. Then he could say “I’m getting too old for this shit”.

Thank you for your service 🎖️

No