I use Synapse as the Matrix server and Element as client on desktop and mobile. It does support video calls, but so far I only tested it for a minute.
I spent a lot of time googling and on youtube, to get a basic understanding for what I was trying to achieve, 2 weeks of after-work time at least. If I should guess 40-50 hours in total. Getting a single piece to work, by following a tutorial can be easy but to get all the things working together was a struggle. Once I had a better grasp on what a reverse proxy is and how docker containers work together in networks, pieces started to fall into place.
I have fail2ban running as well, didn‘t mention it in the op. Also closed all ports beside 80 and 443, which are routed through my NPM proxy. SSH is allowed, but login only with ssh key, no pw authentication.
So far it‘s running well, but I expect things to break when I‘ll need to update parts of it. I have a snapshot from which i can reinstall, but recurring backups need yet to be set up.
I run Nginx with Nginx Proxy Manager web-ui, which makes setting up proxy hosts and handling letsencrypt certificates really easy. I also use Portainer to manage my docker containers. This works well for the stuff I mentioned above (Nextcloud, Matrix, Lemmy mostly)
If I can get Mastodon into the same setup, it’d be neat. I just found a lot of discussion with problems, so I thought I’ll ask about it before I spend a few hours in vain :)
I use Synapse as Matrix server and Element as client. It doesn’t need port 25 (8008 and 8448 are needed in my setup). On Lemmy and Mastodon I configured outgoing mail using smtp via my existing mail hoster, so I don’t send mail from my own server. Also, all googling I did said to stay away from selfhosting email, as it is a hassle not to be immediately blocked as a spam mail server …