27
submitted 3 days ago* (last edited 2 days ago) by 712@discuss.tchncs.de to c/selfhosted@lemmy.world

Hello everyone.

I have been interested in starting to self-host, and I have just been able to set up the first useful thing for myself (apart from a PiHole that I have running).

Since I am very afraid of making security mistakes, I would like to get feedback from you if my setup is secure or not.

The simple use case: I want to be able to back up files from my main computer to a hard disk, without having the hard disk attached to my main computer.

The setup:

  • A Raspberry Pi 4 running Raspberry Pi OS Lite (64-bit).
  • The Raspberry Pi can only be accessed via ed25519 key.
  • I configured a firewall on the Raspberry Pi with ufw to allow only traffic from the local subnet.
  • I then use sshfs to mount the hard disk connected with the Raspberry Pi to my main computer.
  • I plan to use rsync to back up my files.

Now I need your help: how secure is this setup? Did I make any major mistake? Is there something I could do better?

I'd be happy to get some feedback... ๐Ÿ™‚

you are viewing a single comment's thread
view the rest of the comments
[-] IanTwenty@piefed.social 3 points 3 days ago

You've made a great start. How much further you go depends on your needs and threat model.

Rsync is ok as a start but there are dedicated backup tools that will give you access to your files at any point in time. This is important if you delete a file and later need it back after an rsync has already run and deleted it remotely too.

Rsync will not encrypt your backups. If a burglar takes your Pi will they have easy access to all your files too?

With rsync+ssh you are also vulnerable to either yourself (more likely) or a rogue process on your own machine deleting the files over ssh (e.g. ransomware attack).

The answer to that is append-only backups. A backup tool like restic has a backend you can host that does exactly this:

The --append-only mode allows creation of new backups but prevents deletion and modification of existing backups. This can be useful when backing up systems that have a potential of being hacked.

https://github.com/restic/rest-server

Take a look at restic to see what else you gain from switching to a dedicated tool versus rsync:

https://github.com/restic/restic#design-principles

There are others too such as borg.

this post was submitted on 02 Jul 2026
27 points (96.6% liked)

Selfhosted

60451 readers
1031 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Detailed Rules Post

  1. Be civil.

  2. No spam.

  3. Posts are to be related to self-hosting.

  4. Don't duplicate the full text of your blog or readme if you're providing a link.

  5. Submission headline should match the article title.

  6. No trolling.

  7. Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS