Own VPS Stacks

Nextcloud, Anytype, OpenClaw. Self-hosted, hardened, maintained myself. SSH key only, UFW, fail2ban, unattended-upgrades. Standard hygiene, pulled through consistently.

Self-Hosting Linux SSH UFW fail2ban Nextcloud Anytype
VPS stacks preview

What’s running on it

Spread across VPS at different providers, because single-provider lock-in is the thing I’m actively avoiding right now:

  • Nextcloud as personal cloud for files, calendar and contacts
  • Anytype as self-hosted sync for my notes
  • OpenClaw as an additional service in the stack

How it’s hardened

Standard hygiene, pulled through consistently:

  • SSH key only. Password login disabled, root login disabled. If you get in, you have the key.
  • UFW as firewall, default deny, only explicitly allowed ports open.
  • fail2ban against brute-force attempts, with aggressive bans for obvious bot patterns.
  • unattended-upgrades for automatic security patches.
  • Reverse proxy with TLS in front, nothing hanging on the open port directly.

Nothing revolutionary. Just what you can’t skip when you’ve got a public IP.

Why own VPS

Same logic as the homelab: what’s my data doesn’t belong inside a third party’s workflow that may eventually double prices or pivot. VPS at decent providers cost a few euros a month. Set up, harden, run yourself. When something breaks, I know why.

Why not put everything in the homelab

Tasks that genuinely need external reachability, a fixed IP or higher bandwidth live better on a VPS than behind a Cloudflare Tunnel. Both have their place.