I just spun up a private instance of lemmy on the cheapest Linode. So far so good.
I used the ansible method of installing the instance on the default Debian 11 image from Linode (link below).
I feel a bit worried that there are no firewall instructions in the install documents. And no notes on securing your instance.
Any thoughts on how to set up ufw for a lemmy instance? Or thoughts on other security tips?
So a good exercise for threat modeling is to think through what would happen if your instance is compromised. Are there shared passwords on the machine? Other services? Private user data? Etc. Most likely your answer is there is nothing particularly sensitive on your Lemmy machine. If the instance is compromised they just have access to your compute resources at which point they might try to mine crypto with it or something.
So with that in mind, I might check on your billing model to make sure there isnt any sort of scaling cost they might be able to run up if that happened. Perhaps put some resource usage alarms in place. Im honestly not familiar with Linode, but have a lot of experience with AWS and GCP from my job.
I also recently found a nice general guide to securing a Linux server on GitHub you might find useful or interesting.