Then I give praise to you, for you are more prepared than any other individual I personally know of and even some smaller companies I had worked with.
hamsda
joined 4 months ago
Okay so not critical, just mildly inconvenient if lost.
I wouldn't put it at "mildly inconvenient", as the photos I could lose can never be restored. Most of the other things can. I'd be really sad if I lost all the photos, but it wouldn't threaten my existence in any way.
I'm sorry, I should have specified in more detail what I meant by "critical".
It's not life-threatening, it's just critical to me. It's kinda like "my priciest possession" could mean a yacht or a half-dead car, depending on the context.
[EDIT]
a disk failure is probably the most likely failure scenario. Corruption is the second most likely
Yes, these are things that are 100% going to happen at some point. I cannot guarantee theft, floods, earthquakes or anything like that, but hardware degrades with time and use, so at some point things are going to fail.
Not make or break by any means
That's great to hear. I can always buy better hardware later and first test if things run with what I already have. I don't like to have my IT wasting in some drawer.
Thank you for your advice!
tailscale with headscale over openvpn
Is a vpn inside a vpn really improving security at all? Or is there a different reason to use tailscale inside a vpn?
I assume you basically want protection against disasters, but not high uptime. (E.g. you likely can live with a week of unavailability if after a week you can recover the data.)
Exactly. These are not business-data, but my personal data. No money or absolutely necessary thing is lost if I lose all of that.
The key is about proper backups.
Thanks to other commenters I realized, I can just export contacts, calendar events and photos every night to some on-disk location and back them up somewhere offsite. This would probably be a few GB only. The other ~1.5 TB of data is stuff like movies, music, old games that I'd probably never get anywhere else etc. My data is not life-threatening. It's just "critical" to me.
Via google I found that you can export your calendars via a URL, so I my current backup plan is this:
- daily backup from onsite-hypervisor to onsite-backup server (all VMs and all data)
- daily export of calendar and contacts
- backup calendar, contacts and photos to offsite-location
This way, I'd still be compliant to the 3-2-1 rule (just not for all my data), while saving quite some money on the offsite data storage.
As you are already using nextcloud, could you verify if exporting calendars and contacts work with these 2 URLs?
# calendar export
https://${NEXTCLOUD_URL}/remote.php/dav/calendars/${NEXTCLOUD_USER}/${CALENDAR_NAME}/?export
# contacts
https://${NEXTCLOUD_URL}/remote.php/dav/addressbooks/users/${NEXTCLOUD_USER}/contacts/?export
This is the command used in this tutorial. The website is in german, scroll down for bash, python, nodeJS and windows powershell examples.
curl -L -J -O -u "$username:$password" "$downloadLink" --create-dirs -o "./$(basename "$url")"
my Nextcloud server is running in a datacenter. Every week I run a backup to a USB drive that I keep in a third location.
If you don't mind me asking, how much are you paying for your datacenter server and the third location?
you can’t seem to restrict people commenting on a file you shared
That's okay. My circle of friends I'd share files with is not all too big. So everything stays between a few people anyway.
Nextcloud often updates and sometimes breaks small things
Does breaking stuff happen often? I plan to use the docker image nextcloud:stable-fpm in the hopes of bypassing some bugged releases.
I’ve done nothing special regarding security and have it exposed to the public internet. I intend on having fail2ban look at its logs but I’ve not yet set that up
That sounds kinda dangerous. I remember years ago, when I rented my first vcloud-server, within the first 10 minutes I had bots trying to get in via SSH. I'd be way too paranoid.
I would recommend having it entirely behind a VPN
Yes, that's my plan. I intend to create a new OpenVPN server on my pfSense with access only to the nextcloud VM. This would also allow me to share the vpn config files with my friends without a password, as the authentication is done by inline-cert vpn config.
Memos is pretty usefull for me. App on fdroid momemos is superb. Syncthig takes care of google drive ish needs. Immich for photos. Mealie keeps food interesting.
I'm going to have to test a lot of new android apps, I guess. Thanks for the mentions!
Regarding syncthing, according to gedaliyah's answer here, syncthing will be dropping the android app :(
Thank you for answering!
Good to know that most things I would need seem to be already working nicely in nextcloud :)
It should respect permissions though, so if you share a file with read access only, they won’t be able to edit it in the editor.
I'll definitely have to try that before trying to send out links.
Thanks for the tipp!
I'll definitely try the native file editor and collabora, just to see how they compare for me. I even found a tutorial by nextcloud on how to integrate collabora (see this post)
Except for maps. Man, there just is no substitute especially when mobile.
I thought there was an android app for open street maps, but I couldn't find any on play.google.com either.
I do not recommend an external enclosure [...] you’ll come to hate it for lack of ability
I feel kinda the same, but on the other hand, having a full-blown ATX system running in my living room isn't going to be my first choice. If I can't manage with the zotac mini PC, I can still take the drives out of the enclosure and put them in a full ATX case. That's more of a "last resort" though.
A docker AIO version of nextcloud running on as close to bare metal as you can is probably the best option for performance.
I'm not worried about performance all too much. The only thing constantly connected will be my phone, for syncing contacts, calendars and, every now and then, a new photo or two. Sometimes I open the calendar in my browser on my desktop or laptop to add / change an event. I really don't use it too extensively.
And to aid in CPU and performance of the VM, I can always have a VM with the "host" CPU type, which should forward CPU capabilities and features to the VM.
I see 3600 stars and I guess that's kinda trustworthy :) I also do like some of the enhancements listed on the github page. I'll try it, thank you very much!