I think it depends a lot on the federated service.
For mastodon, you follow individual users, so if there’s a million users or ten million or a hundred million, their instances will only be contacting other intances they’re federating with so it’s quite scalable.
For Lemmy, you follow communities, so every server pulls all the posts and comments the common community. This means that for an instance like lemmy.world hosting lots of different big communities, every new server hammers the one central instance.
A strategy for improving the situation I think would be to spread the load. Instead of everyone piling into megacommunities, if people spread out into smaller more tight knit communities over many different instances. Of course, this isn’t really compatible with the purpose of having communities like that.
It does seem to suggest that ActivityPub isn’t necessarily the most appropriate protocol for this purpose, even though it’s what was used because it’s the de facto standard on the fediverse.
You don’t need a local DNS server to set up https, but you do need a domain name. If it’s something that you wanted to pick up, you can buy them at a number of different places and you’d have to set up a mechanism to make sure the IP address referenced is the correct one. You can either do that by having a static IP address or by setting up some form of dynamic DNS. Then you can use letsencrypt to set up https.
Okay so here’s I think the core of your question though: the only way that someone outside of your network can access your nextcloud is if you have set up the server to be accessible from the outside world. You would have to go into your router and forward Port 80 to the local IP address of your nextcloud server. If you don’t do that, then it will only be accessible to the people inside of your network. Rotors do something called Network address translation which lets many devices on your local network connect to the internet despite only having one external IP address. If you’re accessing the server using a 192.168 address or a 10.x.x.x address you are already using the internal IP address and not your external Internet IP address so you’re likely safe.
One neat trick because remembering IP addresses is a pain in the butt is the hosts file. On windows it’s in c:\windows\system32\drivers\etc\hosts and you can set a hostname to immediately resolve to a certain IP address. It’s particularly nice because it’s free, it’s fast, and once you set it you can forget it.
My websites are on the public internet, but I use the host to file to point them at the internal IP address because that way I can directly connect to my servers even when the internet is down.
Besides lacking spaces and some rooms not letting you join, (and the lack of admin tools) the only big issue I find is that you plan to run something other than Element as the interface, you’ll have to test it because many matrix clients expect synapse or dendrite and won’t start with anything else. I’ve run fluffychat, I think kchat(whatever the kde matrix client is), and nheko, they all worked well with conduit.
My experience has been that dendrite and synapse totally maxxed out the server I ran it on (100% cpu utilization for days on end), so I run conduit.
The one downside of conduit is it’s a bit behind, so it doesn’t support all the latest rooms, and it doesn’t support spaces yet, and it has minimal admin tools so you’ll want to create all the accounts you need then close logins because bad actors will try to create logins and get you banned from half of Matrix. That said, I can tell you that even on my piddly little server (an Intel Atom D2550), it runs Conduit, ejabberd, nostr, and lotide, and the server basically sits idle. I can’t speak of bridges, unfortunately, because I don’t really use them.
This is the guide I used, it worked well to set things up:
So there’s 2 things, I think.
Does your bios allow you to boot from SD card? If so, then you can boot from the SD card and so you can install software onto the SD card directly.
If you can’t boot off of the SD card, then perhaps you can install all the software on the SD card and then install a boot manager on the main drive. In this way, you boot off the main drive, then let the boot manager deal with loading the software.
You might be disappointed by the performance of software running off an SD card, mind you.
I’ve been using invidious. There’s an automatic install script that’s perfect, except I’m using mint instead of straight ubuntu so I have to tweak the script a bit to use the ubuntu path.
Running on a total of 5 fanless commercial grade sign PCs. That’s why the motto of my websites is “this site runs of parts scavenged from a roadside sign”
1x core 2 duo running Lemmy
2x atom d2550s running xmpp, matrix, lotide, searx, nostr, and invidious
2x core i5 4000 series running everything else
I try to run bare metal so I can stick my fingers into things.
I don’t think its too bad, but it probably depends a lot on a lot of factors.
Since I first started my hardware got a lot stronger, and nextcloud, php, and mariadb have all improved and so my experience has gotten pretty decent.
Remember though, there’s a ton of biases here, so I could be wrong…