I love Debian, used it since Potato, both desktop and server, and I'm not planning to change.
I have been using it to host personal servers, especially emails, since about 20 years.
A few years ago, I created a set of Ansible scripts to code what I was already doing manually, so I could rebuild my server from scratch.
The solution is on GitHub, and while there was already a plethora of existing solutions, none of them implemented everything I wanted and needed. Security first, and low maintenance. It was apparently challenging:
1. A DNS server included, with DNSSEC implemented, and SSHFP.
2. Everything from Debian packages, so upgrade can be automatic.
3. No git clone and no zip download for any service.
4. The usual LetsEncrypt, but also the extra like CAA, DANE, etc...
5. All services should be running under AppArmor.
6. No PHP, no RoundCube, NextCloud, OwnCloud, etc please.
7. Jabber server, with c2s and s2s.
8. CardDAV and CalDAV server.
9. WebDAV server.
10. LDAP for authentication, not a MySQL database.
11. IPv6 support
The points #2 and #3 are particularly interesting. I really cannot understand why or how people could trust a server exposed on internet, without automatic updates from a serious community like Debian. Are they suppose to receive alerts from GitHub releases to manually download them as they happen ? How can this be done while they are on vacation ?
I am using unattended upgrades, and automatic reboot, and never had any issue, thanks to Debian packages quality. I just sometimes receive a nice email saying the server rebooted.
This wouldn't have been possible with the Debian community, so, again, kudos to them.
We have been happy with this solution, for myself, and a few friends and family members, for years...
Docs: https://www.homebox.space/index-en.html
Source code: https://github.com/progmaticltd/homebox
