I still don’t get it, like, why tf would you use AI for this kind of thing? It can barely make a basic python script, let alone actually handle a proper codebase or detect a vulnerability, even if it is the most obvious vulnerability ever
I have switched production to Caddy before V2 and haven’t looked back ever since. During my Apache era, always had to keep a eye on stuff and deal when things decided to break With caddy? I just throw the config and it just works without complaining at all
Disable password authentication on SSH
Enable firewall and block all ports you’re not using(most firewalls do this by default)
Switch to a LTS kernel(not security related, but it keeps things going smooth… Technically it is safer since it gets updated less often so it is a bit more battle tested? Never investigated whenever a LTS kernel is safer than a standard one)
Use Caddy to proxy to services instead of directly exposing them out
HTTPS for web stuff(Caddy does it automatically)
I personally actually use Forgejo with Forgejo Runner It gives me a fully self-hosted experience that feels just like Github, and Forgejo Actions is nearly 1:1 with Github Actions
About CI Rental thought, never touched there, but maybe not that hard? Probably Jenkins or Drone CI has support for it
And LFS, AFAIK both Gitea and Forgejo have support for it(just need to enable on the app.ini)