K3CAN

I use podman almost exclusively at this point. I like having the rootless containers and secrets management. If you’re on Debian, though, I strongly suggest pulling podman from Trixie. The version in Bookworm is very out of date and there’s been a lot of fixes since then.

For what it’s worth, though, you can proxy other services, like Gemini or gopher, through the same proxy for simplicity’s sake.

I self host.

I use nginx as a reverse proxy with crowdsec. The backends are nginx and mariadb. Everything is running on Debian VMs or LXCs with apparmor profiles and it’s all isolated to an “untrusted” VLAN.

It’s obviously still “safer” to have someone else host your stuff, like a VPS or Github Pages, etc, but I enjoy selfhosting and I feel like I’ve mitigated most of the risk.

I’d imagine that if your job is making YouTube videos, portainer and other graphical abstraction layers probably make more visually interesting videos than just watching someone type out a bunch of commands.

If you’re going to be playing with custom locations and such, it might be worth using nginx directly instead of through the limitations of NPM.

I know I’m a bit late to the conversation, so I don’t know if this is still helpful… But I have a camera with “AI Detection” built into it and it appears to send alerts via its ONVIF connection. I’ve disabled motion and other detectors on my NVR (AgentNVR) and instead configured it to just wait for an alert from the camera itself to start recording. It’s been working quite well.

My initial plan was to use a coral TPU and frigate, but the Coral/Gasket drivers appear to be pretty old and I couldn’t get them to work properly, myself.

I’ve also been running nginx in an unprivileged LXC container. I haven’t used fail2ban, specifically, but crowdsec has been working without issue.

You can mostly just treat an LXC like a normal VM.