My NAS is just a very old Acer desktop from like 2011. I bought a Fractal Meshify 2 case which can hold I think 14 hard drives and moved the internals into that. Works great.
Eventually I had to get a pcie card for more data ports, and replace the power supply with one that’s more than 300w.
I don’t use unraid by my advice for everyone is that you can’t have too many backups of data that you really care about, use the 3-2-1 rule at a minimum.
Also, welcome to your new hobby you will love and hate at the same time sometimes :D
I’m using Autorestic, a wrapper for Restic that lets you specify everything in a config file. It can fire hooks before/after backups so I’ve added it to my healthchecks instance to know if backups were completed successfully.
One caveat with Restic: it relies on hostnames to work optimally (for incremental backups) so if you’re using Autorestic in a container, set the host: option in the config file. My backups took a few hours each night until I fixed this - now they’re less than 30 minutes.
Was using borg, was a bit complicated and limited, now i use kopia.
Its supposed to support multiple machines into a single repository, so you can deduplicated e.g. synced data too, but i havent tested that yet.
Index of repositories is held locally, so if you use the same repository with multiple machines, they have to rebuild their index every time they switch.
I also have family PCs i wanted to backup too, but borg doesnt support windows, so only hacky WSL would have worked.
But the worst might be the speed of borg.. idk what it is, but it was incredibly slow when backing up.
if you use the same repository with multiple machines, they have to rebuild their index every time they switch
I’m a beginner with Borg so sorry in advance if I say something incorrect l. I backup the same files to multiple distinct external HDDs and my solution was to use distinct repos for each one. They have different IDs so the caches are different too. The include/exclude list is redundant but I can live with that.
Does it though? I had a similar setup in the past, but I did not feel good with it. If your first backup corrupts that corruption is then synced to your remote location. Since then I have two separate backup runs for local and remote. But restic as well with resticprofile. Remote is a SFTP server. For restic I am using the rclone backend for SFTP since I had some connection issues with the internal SFTP backend (on connection resets it would just abort and not try to reconnect, but I think it got improved since then)
I only do automated copy to B2 from the local archive, no automated sync, which as far as I understand should be non-destructive with versioning enabled.
If I need to prune, etc. I run will manually sync and then immediately restic check --read-data from a fast VPS to verify B2 version afterwards.
I setup a script to backup my lvm volumes with kopia. About to purchase some cloud storage to send it off site. Been running for a while de duplication working great. Encryption working as far as I can tell. The sync to other repo option was the main seller for me.
Daily backup to backblaze b2 and also to local storage with kopia. Its been running for a year I think, no issues at all. I didnt need a real backup yet, just did some restore tests so far
Check out the “Open Source Security Podcast” with Kurt Siegfried and Josh Bressers. It’s not about specifics so much as how to build a mindset around security for IOT and hosting, generally dealing with opensource offerings.
Preferably Home ISP that has provides public IP addresses - no CGNAT BS;
Ideally a static IP at home, but you can do just fine with a dynamic DNS service such as freedns.afraid.org.
Quick setup guide and checklist:
Create your subdomain for the dynamic DNS service freedns.afraid.org and install the daemon on the server - will update your domain with your dynamic IP when it changes;
List what ports you need remote access to;
Isolate the server from your main network as much as possible. If possible have then on a different public IP either using a VLAN or better yet with an entire physical network just for that - avoids VLAN hopping attacks and DDoS attacks to the server that will also take your internet down;
If you’re using VLANs then configure your switch properly. Decent switches allows you to restrict the WebUI to a certain VLAN / physical port - this will make sure if your server is hacked they won’t be able to access the Switch’s UI and reconfigure their own port to access the entire network. Note that cheap TP-Link switches usually don’t have a way to specify this;
Configure your ISP router to assign a static local IP to the server and port forward what’s supposed to be exposed to the internet to the server;
Only expose required services (nginx, game server, program x) to the Internet us. Everything else such as SSH, configuration interfaces and whatnot can be moved to another private network and/or a WireGuard VPN you can connect to when you want to manage the server;
Use custom ports with 5 digits for everything - something like 23901 (up to 65535) to make your service(s) harder to find;
Disable IPv6? Might be easier than dealing with a dual stack firewall and/or other complexities;
Use nftables / iptables / another firewall and set it to drop everything but those ports you need for services and management VPN access to work - 10 minute guide;
Configure nftables to only allow traffic coming from public IP addresses (IPs outside your home network IP / VPN range) to the Wireguard or required services port - this will protect your server if by some mistake the router starts forwarding more traffic from the internet to the server than it should;
Configure nftables to restrict what countries are allowed to access your server. Most likely you only need to allow incoming connections from your country and more details here.
Realistically speaking if you’re doing this just for a few friends why not require them to access the server through WireGuard VPN? This will reduce the risk a LOT and won’t probably impact the performance. Here a decent setup guide and you might use this GUI to add/remove clients easily.
Don’t be afraid to expose the Wireguard port because if someone tried to connect and they don’t authenticate with the right key the server will silently drop the packets.
Now if your ISP doesn’t provide you with a public IP / port forwarding abilities you may want to read this in order to find why you should avoid Cloudflare tunnels and how to setup and alternative / more private solution.
There’s some really fun chemistry in the rare-earth magnets - I used to buy them in bulk to enlarge my own IT-workshop collection, which was mostly broken down for Nd salts. Also, the magnets from iMac screens were also plentiful when HDD magnets got small (and then went extinct).
selfhosted
Top
This magazine is from a federated server and may be incomplete. Browse more on the original instance.