As the TechCrunch article I shared says, that warning was added only after the multiple vulnerabilities listed were found and publicised, and the original article in this post didn’t mention the vulnerabilities or it being experimental either.
Reminder that this is the same app that a few weeks ago was found to be advertised as secure when it was still experimental and without being audited, and for which multiple serious vulnerabilities were found before they added the disclaimer saying it was experimental:
Finally subscribed to Nebula a few days ago. Between a third and half the creators I follow are there. I’m planning to move away from YouTube entirely, even if I can pay for premium or block ads I want to make the statement I don’t support their service anymore.
If they really didn’t provide you any more information than what you mentioned in the post and comments and you won’t even be permitted access to maintain the server, I wouldn’t complicate too much. Even if you could do more, you’d be guessing, and probably make life harder for the researchers who might not have the expertise having to actually maintain something too complex.
Do the bare minimum to make it functional and overall secure, make sure the operating system works, get SSH access configured for as few people as you can get away with, and make sure updates are installed automatically. They should be responsible for everything else and you should make that clear to them (backups, software, etc)
Provide notes on what you did to the future owners of the server and maintenance instructions as well.
If you are part of an IT team in the university, and if you have some leverage on it, make sure you have the authority to handle things on an emergency (like having the right to pull the plug if the server becomes rogue or misbehaves somehow). Also look to see if you can push them to a more standardized alternative, if your IT team provides standard services look to see if their use case can be fulfilled somehow by them, even partially. I know a lot of universities provide code forges and job submission clusters students and teachers can use, maybe their use case fits these.