How much hardening/security is enough? Hey, I am building a small homelab on a mini-pc with proxmox and since I am behind CGNAT I expose the apps through pangolin/gerbil/traefik on a small VPS. I already performed the basic hardening steps like ssh port change, disable root, disable password auth. For firewall I setup ufw, ufw-docker, fail2ban and crowdsec on host and app level. Also have 2FA for Pangolin dashboard, secure headers and rate limit middleware for Traefik. I used some websites/tools for header and ssl audit and got an A for my public facing domains. Also checked for unwanted open ports etc. While researching deeper into the topic I found an ocean of additional hardening steps e.g. \- sysctl kernel hardening \- sysctl service hardning \- docker hardening (secrets, privileges, socket proxy) \- app-armor \- ssh-fido2 EDIT: additional setup unattended-upgrades, geo ip block and uptime kuma on homelab to monitor if vps services go down This feels somewhat excessive for a simple hobby project.…