Where should I host at?
Recently I became a huge fan of just renting a small dedicated server with a seedbox provider. Because they are specialized in providing hosting for pirates, they are usually located in jurisdictions that don’t give a fuck about the American DMCA. Check out seedhost.eu, they aren’t as expensive, or Appbox.
Will I need a VPN on the server too? If I’m torrenting, do I need to be careful which hosts I choose so I don’t get copyright pinged?
Not if you use a seedbox or a dedicated server hosted by a seedbox provider.
Is there a good guide for securing and hardening my server?
Just follow some basic Linux server hardening advice, e.g. disable SSH root login, disable password login and use SSH keys, don’t open unnecessary ports in your firewall, etc. If you’re feeling fancy, you can set up an SSH tarpit on default port 22 and use a different port for actually logging in. This massively wastes the time of script kiddies who run automated SSH scanners.
I’d like my partner and i to have easy access from home or on our mobiles
For that I recommend Tailscale or Netbird.
Any other guides you’d recommend?
@[email protected] posted an amazing guide some time ago: https://lemmy.dbzer0.com/post/5911320
Any must have software or sites to know about?
I like bitmagnet, it lets you run your own torrent indexer. It’s basically your own, self-hosted alternative to SolidTorrents, BitSearch or BTDigg.
Also check out Flood if you want a nicer web frontend for rTorrent, qBittorrent, Transmission or Deluge.
Transdroid is pretty nice if you want to control the torrent client on your server from your Android phone.
There’s also qBitController if you use qBittorrent, or qBitControl if you’re on iOS, but you have to sideload it using AltStore.
Also make sure to join [email protected], [email protected], [email protected] and [email protected].
If you don’t want to spend too much time with moderation, you will have to manually approve registrations, simply to avoid spam. Sure, that increases the workload slightly, as you’re gonna have to go through applications let’s say once a week, but you don’t have to monitor the instance 24/7. I would still recommend checking reports once in a while, just to be on the safe side. But definitely make sure to deploy @[email protected]’s fedi-safety to prevent CSAM from being uploaded on your instance.