While this would not answer your question, but according to podman maintainers, rootful podman with userns=auto enjoys nearly as much security benefits as rootless. (As always, there are nuances to this)

Check out https://github.com/containers/podman/discussions/13728

Maybe you could consider running rootful podman, especially if the OS is immutable.

Sometimes I wish I were like OP, being creatively greedy to snitch lots of money. Then I realize, that requires money and influence to work out… Life.

I see, guess I was overly paranoid. Bitwarden sounds good, then!

To be fair, it is slow on VPS with single core CPU and 2GB RAM. But that’s not normal…

deleted by creator

Thanks, I am trying both paperless and calkbre and see which works better for which tasks.

Thanks a lot! I will go with the blockinfile, sounds promising.

How do I keep some of the existing firewall rules (which is dependent on host) in the remote file, and change the other parts?

Thank you! Templating rules.v4 is a pretty attractive option. Though my VPS has some portions of the file which should be unmodified, so I would have to avoid this method.

Thanks, but I looked up and learned to prefer the idempotence to be handled by ansible. Ansible support iptables by default, while nftables need a plugin, so iptables it is for me.

Being concerned about security while using free VPN sounds like an oxymoron.

Wait. I got the format warning in caddy, so does this mean it could contain substantial error? I gotta check

Thanks! I gotta get my hands on Ansible, was reluctant as I’ve heard it can be complicated. Should see myself!

Codeberg sounds like a good way! I was concerned about server config being stored on self-hosted forgejo (which is configured by the very server config), turns out that need not be the case.

Fortunately my VPS (oracle) has set SSH authentication to be default. Disallowing root login sounds good, gotta try that as well.

Thanks, I will try fail2ban. I am using ED25519 for ssh keys, it seems like it’s the best defense on the ssh side. Do you happen to know why this kind of attack is so prevalent?

Thanks a lot! Geoblocking makes a lot of sense, will try!

Thanks, though Shorewall looks intimidating. Do you have any good resources to go over how to set it up?

It seems permanently unavailable, how did you get an instance?

Thanks, I am running rootful containers so I don’t think this applies.