Install Ubuntu and be done. I’m able to print to my brother network printer with no special drivers. I installed a gnome tweaks package to do some minor tweaks in gnome, and I did rip out the Firefox snap thing to install Firefox from a package so I could use my kpxc plugin, but that’s the only major change I made. Hell, Dell (laptop) even provides firmware updates via the package manager so your bios gets updated properly. Best Linux desktop experience I’ve ever had over the past 5 years and I’ve been daily driving Ubuntu since 2004.
There could probably be some additional refactoring here, but it works for my setup. I’m using default nginx paths, so they probably look different than other installs that use custom stuff like /var/www, etc.
Use it by putting it in a shell script, make it executable, then call it:
sudo scriptName.sh 28.0.1
Replace the version with whatever version you’re upgrading to. I would highly recommend never upgrading to a .0, always wait for at least a .1 patch. I left some sleeps in the when I was debugging a while back, those are safe to remove assuming it works in your setup. I also noticed some variables weren’t quoted, I’m not a bash programmer so there’s probably some consistency issues that could be addressed if someone is OCD.
As a person who used to be “the backup guy” at a company, truer words are rarely spoken. Always test the backups otherwise it’s an exercise in futility.
One of my next steps was hardening my OPNSense router as it handles all the edge network reverse proxy duties, so IDS was in the list. I’m digging into Crowdsec now, it looks like there’s an implementation for OPNsense. Thanks for the tip!
Good call. I do some backups now but I should formalize that process. Any recommendations on selfhost packages that can handle the append only functionality?
I wonder what performance impact there would be if you were to move pgsql onto bare metal with enough ram dedicated to caching all of the db data (think: i5 or i7 nuc). That’s going to be my next step with my homelab; I want to migrate everything to a single db host with a lot of RAM and M2 storage and avoid the db process replication I have going on. I have no performance complaints with NC currently, I’m running PHP cache and redis as well as image preview and imaginary.
You absolutely need to move from patch to patch and cannot just do a multiple version jump safely. You also need to validate the configs between versions, especially major release updates or you risk breaking. New features and optimizations happen and you also may need to change our update your reverse proxy configuration on update, or modify db table configuration (just puking this from memory as I’ve had to do it before). I don’t know that there’s automation for each one of those steps.
Because of that, I run nextcloud in a VM and install it from the binary package. I wrote a shell script that handles downloading, moving the files, updating permissions and copying the old config forward, symlinking and doing the upgrade. Then all I have to do is log in as administrator, check out the admin dashboard and make sure there aren’t new things I have to address in the status page. It’s a pain, but my nextcloud uses external db and redis and PHP caching so it’s not an easy out of the box setup. But it’s been solid for a long time once I adopted using this script.
Just checked my own sshd configs and I don’t use CBC in them. I’ve based the kex/cipher/Mac configs off of cipherlist.eu and the mozilla docs current standards. Guess it pays to never use default configs for sshd if it’s ever exposed to the Internet.
Edit: I read it wrong. It’s chacha20 OR CBC. I rely heavily on the former with none of the latter.