u/Additional-Chef-6190

Title. I don't need something with a crazy amount of features and automation; I just want it to have a fairly intuitive + simple interface.

I have a relatively unique hardware/OS combo: ARM architecture and Arch Linux. There's only a Nightly version that's compatible with my laptop.

Instead, I got the Tor daemon running in my system, and I used a bash script to ensure that only the Tor Firefox profile uses it. I've confirmed multiple times that it's the only thing using it. A .onion site successfully opened.

Now for the modifications I made:

* Used Mullvad's DNS, chose DNS over HTTPS.

* Added uBlock Origin, Privacy Badger, and NoScript.

* Turned off history, AI features, Firefox suggests... pretty much every feature.

* Switched only available search engines to be DDG and a SearXNG instance.

* Tor theme for the window.

* Removed some Mozilla telemetry.

Will this suffice?

I’m really new to self-hosting and tech stuff in general. On a Pi, I’ve got Caddy running like seven of my services (including Jellyfin, SearXNG, Seafile). The only ports open on the family router are 443, 80 (turning it off gave me some issues), and WireGuard’s (51820). When I talked about this with my dad, he was concerned about our router being open.

While he said that he isn't an expert on this stuff, he said that a malicious actor could flood our router with requests, bringing it down.

In your experiences, what genuine security problems do you have with self-hosting and port forwarding? What solutions and software do you use?

Edit: I know that wireguard and Tail/Headscale are a solution. However, I've got one specific service I need accessible to a friend who cannot get said VPN.