Thinking about running a tilde/pubnix

I’m thinking about running my own pubnix/tilde. It would be invite-only and have a bunch of cool things:

I think it would be a very cool opportunity to learn a bit about Linux and the internet. However, I literally have no clue how to set this up. I found this comment on Reddit:

It happens that you’re trying to build a tilde/pubnix? From my experience, tilde admins often give direct access to the system, but with proper permission elevation. Create a user group with limited permission (i.e. no sudo, disable specific softwares) and add their usernames to, give them a space in /home. Secondly, disable SSH password, ask them to send you their public keys and only authenticate via public key. Finally, write a good/strict policy but also send welcoming message. Also, you can look for further security practices, like changing default port, etc. but the key thing is proper user permission.

That’s what I want. I was thinking about allowing password logins tho. I already have a VPS, which I want to reinstall to turn into this thing.

I basically want to configure the services in a way, that they all depend on Unix accounts. That way I can create a Unix account with suitable permissions for every member, and shit should Just Work(tm).

So, I was thinking:

Any pointers on how to setup something like this? How would I handle backups? (I know I can just backup all files in every member’s home directory, but how would I handle something more complicated, like the matrix accounts?). How would I make something like this secure?

Edit: I found this blogpost that helps a bit, but it doesn’t tell me how to do permissions, limiting home directory size and bandwidth. I guess I won’t really need those (because this is gonna be really small scale), but I like the idea that someone can’t just accidentally use up all bandwidth with a wrong command.