Let’s Encrypt is just as secure as paid certs. They’re held to the same security standard.

Ceph is a huge amount of overhead, both engineering and compute resources, for this usecase.

Fair enough. Personally I’d start with their documentation then: https://docs.openstack.org/install-guide/

For OS it looks like they support RHEL/CentOS, Ubuntu, Debian, and SUSE so I’d stick with one of those.

Openstack is like self-hosting your own cloud provider. My 2 cents is that it’s probably way overkill for personal use. You’d probably be interested in it if you had a lot of physical servers you wanted to present as a single pooled resource for utilization.

How does one install it?

From what I heard from a former coworker - with great difficulty.

What is the difference between a hypervisor/openstack/a container service (podman,docker)?

A hypervisor runs virtual machines. A container service runs containers which are like virtual machines that share the host’s kernel (more to it than that but that’s the simplest explanation). Openstack is a large ecosystem of pieces of software that runs the aforementioned components and coordinates it between a horizontally scaling number of physical servers. Here’s a chart showing all the potential components: https://upload.wikimedia.org/wikipedia/commons/a/a5/Openstack-map-v20221001.jpg

If you’re asking what the difference between a container service and a hypervisor are then I’d really recommend against pursuing this until you get more experience.

How is this different from Fail2Ban?

You can only do 100M runs max anyways, just replace the whole thing? 100M of CAT6 is pretty cheap if you already have a box for it.

Or is this an academic question?

10mb is pretty much nothing. May as well just use Fail2Ban.

It’s fun to learn a bit more about how wifi and encryption works by cracking it using something like aircrack-ng. There’s not really any other practical use unless you have bad intent or are planning on entering the security field.