Cloud security geek, cigar smoker, amateur electric bass player, hoping to be an ally where I can. he/him

  • 3 Posts
  • 4 Comments
Joined 1 year ago
cake
Cake day: June 12th, 2023

help-circle



  • Since you mention you have Nextcloud, it’s worth knowing that Nextcloud embeds Spreed which gives you chat, audio, video, screensharing and a ton of other features. The trick with stuff like that is getting people to sign up, but limiting it to only people you want to chat with. The one thing that’s valuable about internet-facing stuff like Discord is that anyone can sign up and it’s not your problem. With Nextcloud, you can often federate and let people sign in with Google or Github or Facebook or whatever, but—as an individual—you probably don’t want to have truly open signups on a personal chat server. So you’ll have to sorta invite/accept people signing up. Matrix (already mentioned) is the other good contender.



  • 321 strategy: 3 copies of everything important, 2 on-site, 1 in cloud. I have a TrueNAS Scale NAS running RAID5 on ZFS. All the laptops, desktops, etc. backup to the NAS. (Mostly Macs, so we use time machine over the network). So the original laptop/desktop is 1 copy. The NAS is a second copy on-site, and then TrueNAS has lots of cloud options. I use Amazon S3 myself, but there are lots of choices.

    Prior to this I had a Synology NAS. It was “small” (6TB), so it has a RAID mirror of 6TB drives and a single 6TB external USB that had a backup of the mirrored pair (second copy on-site). Then I also used Synology’s software to backup to S3.

    For my Internet-facing VMs, they all run in xcp-ng and I use Xen Orchestra to manage them. I run regular snapshots nightly, and then use NFS to copy them to a cloud server. That’s sloppy, and sometimes doesn’t work. So the in-the-house stuff is backed up well. The VMs are mostly relying on Xen snapshots and RAID 5.


  • I’m with you. Same vintage IT guy, self hosting similarly. I dunno. I throw a lot of stuff up on my xcp-ng box. Some is important. Some isn’t. I’m doing all manner of old-school firewall and perimeter security and not worrying a ton about logging in my containers. I guess I’m just fatalistic. If I get hacked to the point that I’m digging through logs to figure out what happened, I’m kinda fucked. So I focus more on backup and restore. Can I restore to a known good state? But I hear you. Kids these days with their containers and their pipelines and their devops. Back in my day…