Fail2Ban VS DietPi

now some things you need to think about: - cloud init - this will need to be secure so lock it down hard anything not needed an alternative OS to look at if you have the ability's is https://www.alpinelinux.org/ also as these devices are not that powerfull every extra agent / abstaction layer you add impacts performance need to look at low over head security https://www.crowdsec.net/ and https://github.com/fail2ban/fail2ban (if you call fail2ban security) - using certificates to authenticate ssh login

See https://github.com/fail2ban/fail2ban for beginner's guide, basically you set it up to monitor logfiles and it would act accordingly (plenty of built-in config to handle various daemons so you don't have to write yourself).

- Nginx & crowdsec/fail2ban if you are exposing your parts (services) to the public ( https://hub.docker.com/r/baudneo/nginx-proxy-manager, https://www.crowdsec.net, https://www.fail2ban.org )

— In /etc/fail2ban/action.d/cloudflare.conf I copied the file from https://github.com/fail2ban/fail2ban/blob/master/config/action.d/cloudflare.confand added my ‘cftoken’ and ‘cfuser’ on the bottom

https://github.com/fail2ban/fail2ban is a mature, easy to set up way to have some dynamic firewall rules that respond to attacks. There are more sophisticated options, but they are probably not worth the return on time investment for you.

You can create your own regexes for custom services: https://github.com/fail2ban/fail2ban/wiki/Developing-Regex-in-Fail2ban

Others seem to be (or were) experiencing this too: https://github.com/fail2ban/fail2ban/issues/3100

DietPi is a lightweight Debian based Linux distribution for SBCs and server systems, with the option to install desktop environments, too. It ships as minimal image but allows to install complete and ready-to-use software stacks with a set of console based shell dialogs and scripts.

The source code is hosted on GitHub: https://github.com/MichaIng/DietPi

That's a good point, but the array of devices supported by the DietPi team is extensive: https://dietpi.com/

Before someone starts the usual yadda yadda about the RPi biger community, the OS not having long time support etc. I would repeat one more time: do not rely on board vendor supplied images; this is valid for pretty much all boards. Just go to Armbian or DietPi pages and you'll almost certainly find one or more images that work on your board and forums to discuss about them with very knowledgeable people.

https://www.armbian.com/download/

https://dietpi.com/#download

Those projects are well worth a contribution, as they don't have a giant like Broadcom behind them.

> bananapi do a lot of boards but their software story has been a bit poor

This is quite common with other board manufacturers too. I'd rather suggest to ignore completely their cobbled together distros, often also tainted by proprietary modifications, that become unmaintained in a few years, and see if they're among the many supported by Armbian or DietPi.

https://www.armbian.com/download/

https://dietpi.com/#download

The full release notes can be found at: https://dietpi.com/docs/releases/v8_25/

RPi OS = diet pi https://dietpi.com/ - initial config via text file - SDcard burning out partially mitigated as writes log files to ram then flushes to SDcard reducing write cycles

You could also try very minimalistic distros like TwisterUI or DietPi which are most known for their use in the RasprebbyPi / SBC computers but which also have editions for desktop / laptop.