Thank you for the tipp!
Though I gotta ask: would ZFS still bring an advantage, considering that the RAID is going to be managed inside the external RAID enclosure, so ZFS would never see the actual disks? Or did I misunderstand how these enclosures work?
Are the documents you edit with the online editor files which are visible in the online drive? Does nextcloud use the open document specifications for saving documents (e.g. .odt, .ods)? Can you view these files without opening them in the editor (like the preview in google drive)?
If so, that is acceptable. The document thing is more for completion, I don’t handle documents all too often. And if the online editor is bad or not working but the files are visible and offline-syncable in the drive to some desktop client and they are using the open document format, I can edit them with libreoffice.
Thanks for the heads-up!
Oh, it’s nice to hear somebody already did that, thank you!
Did you have any hiccups or general problems with nextcloud or calendar/contacts/photos sync? Did you do any specific thing to harden security, other than using ufw, fail2ban and changing sshd config?
Thank you for your input!
I also thought about the 3-2-1 backup rule, but am unsure if that is overkill.
My VM-backups and file-level-backups are proxmox backup server (pbs) backups. Meaning, to have them offsite, I’d need to rent a dedicated root server on which I am able to install pbs to act as an offsite sync-target. With TB of backups, this is gonna get very costly very fast.
I thought about regularly exporting encrypted calendar and contacts onto some free online storage, hoping I can automate this process.
With what I have layed out in my post, to lose contacts and calendar events, both my intel NUC and the zotac mini-PC have to be corrupted at the same time. Or both RAIDs simultaniously failing both drives. Am I not paranoid enough or is that an acceptable level of failure-safety?
Thanks for the info! Glad I never bought one of those :)
You’re welcome!
What’s so bad about the QVO drives?
but maybe not when you wrap up the HMB drive in a SATA shell.
That makes sense, with HMB being an NVME feature. I tried searching for HMB and SATA, but did not find any information about if it will or won’t work, so it’s probably best to assume that it won’t.
I always use Samsung for my SSD drives. I bought my first Samsung 250 GB SSD back in 2017, only purchased Samsung SSDs since then. Not one has died yet.
You can get a Samsung EVO 870 (1TB SATA SSD) for ~90$ on amazon.
Debian will literally take any storage you throw at it anyway.
I do not know anything about HMB, does it really bring performance improvements, considering that SSD disks are pretty fast anyway?
Maybe I am misunderstanding you, but why not update via stamdeck UI? You can change the “stable” branch in your steamos update settings page to “beta” or “preview”.
Yes it is. Though after using arch for a few years, I miss the abundance of packages.
If a package wasn’t in the official arch repos, it was probably in the AUR. If you use arch, you don’t need other package managers like homebrew on linux.
The first one I saw was Debian 3.1 (Sarge). I was in school and our objective this time was installing debian + getting a working Xorg session. Never heard of Linux before, didn’t get a working Xorg session, but wow man, there’s something other than Windows and MacOS. I couldn’t have imagined.
The first one I actually used on a desktop (laptop for school, in that case) was Ubuntu 6.06 (Dapper Drake).
I’ve tried oh so many different linux distributions over the years, I probably forgot most of them. Maybe some don’t even exist anymore. My goal was always Arch Linux, having seen it on a schoolmates laptop. I really fell for the “here’s a pretty minimum base, do whatever” thing.
In the end, I exclusively used Arch from 2020 until this year. Actually using Arch and reading the ArchWiki were probably what taught me most of what I know about linux in general and how things work.
I’ve been searching for a less DIY-solution which is still up-to-date (especially with kernels and mesa) and I landed on Fedora Workstation, which is what I’m currently using on my work latpop and desktop at home. I do miss some things from Arch, but Fedora has been pretty good to me and I, for the meantime, intend to stay here.
Yeah, I do daily VM-backups which include all of the data on syncthing. No matter what you have, you always gotta have a good backup-strategy.
I use syncthing for some of my “can-never-lose-these” files. syncthing synchronizes files between different devices. This is not an online-file-hosting thing like Google Drive or OneDrive. These files are physically present on all synchronized devices.
My server is the “main” (you can make everyone equal) syncthing every other syncthing connects to. With an established connection, files will be synchronized on participating devices. AFAIK, syncthing is compatible with Windows, Android and Linux.
This way, my important files are on my server, my smartphone, my PC and my laptop and every single one of these devices must simultaniously explode for me to lose my data. Also, it’s on docker hub
pi-hole is another great one. Local adblocker for the whole network, just set it as your DNS server or let the DHCP server propagate this DNS server to your clients. This too is on docker hub
I don’t know what stingray is, but if it needs a connection to somewhere and the protocol to connect verifies os-trusted certificates, it should be safe.
Set OPNSense default policy
As far as I remember, OPNSense has a default policy rule of “deny all incoming, allow all outgoing”. If not, this should be one of the first steps to take.
Get your own VPN
If you can, you could use your own VPN service. I run a VPS for 6 € / month. If you can get your hands on something like this and install an openvpn server, you could always use that VPN for every connection.
So even if an attacker highjacks your connection somehow, he would only be able to see encrypted content and all content will be encrypted by a server you own and can verify / trust. You could also integrate this VPN into your OPNSense, so you’ll be connected as soon as OPNSense starts up and has internet.
Regarding MITM attacks
Please someone correct me if I am wrong, but MITM attacks should generally be impossible when connecting to SSL backed connections, right?
These certificates (or rather the certificate authority the HTTPS certificates have been issued by) are generally trusted by your own operating system. Therefore, if someone wanted to highjack your connection without you getting some kind of certificate error, he would have needed to get his hands on a certificate issued by a worldwide trusted certificate authority and the address name matching the certificate.
Thank you for sharing your experience of the process!
I’m a little confused after looking at the website. What exactly does DAVx5 do? The regular re-sync of contacts, calendar and files itself? Shouldn’t that be done by the contacts app / calendar app on regular intervalls?
I just downloaded fossify calendar on my android a few days ago to test it and got to see the other fossify apps :)
Oh man, I already use syncthing for ~5 GB of files and I use it on my android too. Seems I’ll be trying syncthing-android-fdroid in the future then.
There really are a lot! NotallyX looks nice and simple, but memos also looks very interesting. And thank you for the link, I’ll go dive into that tomorrow.
I do not need RCS-compatible messengers. What I send via SMS is nothing more than pure text, also no group chats. I use signal and element for my “fancy” messaging needs :)
I’ll look into it some more over the next days, but on a quick glance, this seems like it is an online service where you need an account? If that’s the case, I’d prefer using my already running OpenVPN server to do the job.