0
"with an nice client?"
You gave the answer to yourself. There aren't any user friendly multi-platform clients with synchronization / conflict resolution / versioning.
Proxmox Backup
I'm using Proxmox Backup Server for my local daily backups.
But for external cloud backup, it's 5 GB for docker config + persistent data vs. 60GB for the complete LXC containers. So it's more convenient to just backup the data to the cloud that you really need for an emergency-restore.
Uptime Kuma
I try to minimize the number of applications that have access to the docker.socket, as this can be a high potential security risk (e.g. a malicious container update because of a hacked github account) .
If I can achieve the same goal with just a simple bash script and without additional software, it's the better solution for me :)
You have a WiFi 6E Mesh, that's awesome, would be really stupid to replace it.
However, you could look how to combine the Asus WiFi Mesh with a self-hosted firewall.
E.g. using a OPNsense-VM as Gateway / DHCP / DNS server für all clients in the network ..
But that's more for playing around.
Versioning is helping, I can go one year back in history.
My backup strategy:
Data:
- Sycnthing with 1x Copy with my Clients and 1x Copy on my Server accessible via Nextcloud
- Daily Push-Backup with of my Nextcloud-Data-Folder via Kopia to Backblaze
- Daily Pull-Backup of my Nextcloud-Data-Folder via QNAP-NAS in the basement
VM:
- Daily Backup of my VM's to a Proxmox Backup Server running on QNAP-NAS
- Daily Backup of my VM's to BackBlaze (but encrypted before)
Still, I'm not fan of having just one Cloud-Backup. So I think I will also get Hetzner Cloud Storage for Borg Backup additional to Kopia.
Goal:
- Different Hardware (Server, QNAP, etc.)
- Different Backup software (Syncthing, Kopia, Borg)
- Different Backup technique (Push, Pull, Snapshots)
- Different Locations
"On the other hand, if I run Watchtower first, I'm backing up the latest version."
This makes no sense. I hope you are backing up the persistent data, not the Docker-Images.So before and after Watchtower is identically in the best case scenario.
(In the worst case scenario, after the docker update your persistent data are corrupted because of an bad version update. So the backup should always be before)
Do you have an example?
"Open Source + hosted" always involves trust, as you can only look into the Github repository, not if the running hosted application is running identically.
Only exception: It's an E2EE encrypted solution, and everything else happens client-side (example: Bitwarden)
E-Mail.
And maybe unpopular opinion:
-
Any service that you use with port-forwarding, besides WireGuard.
I would never access any self-hosted application without VPN. -
Password manager. I want to minimize complexity with my most important data (that's why I'm using KeePass instead of Self-Hosted Bitwarden).
My journey:
Joplin -> Trilium Notes -> Logseq -> Obsidian
I find Obsidian the most powerfull, because of the PlugIn system and full compatiblity with Android and iPad.
And I realized, it's a stupid idea to have a "knowledge base" in a Docker setup, if you need this knowledge base also for debugging or reinstall your Homelab. So the local installation of Obsidian togeter with Synchting gives you always access to your knowledge, even if the server are down.
However, none of the above have collaborate features. But don't need it.
I would repair my capslock next :)
Create 2 virtual machines.
One Virtual Machine with OpnSense Firewall, where you setup the ProtonVPN WireGuard connection.
One Virtual Machine with your Docker-VM.
Connect both machines via a virtual network, and setup the OpnSense-Firewall so that only internet-traffic through the WireGuard-Gateway is allowed.
That's the most bullet proofed solution, as any connection of your Docker-VM is secured, independent of the VM's configuration.
view more: next ›
Simplixt
0 post score0 comment score
joined 2 years ago
Because we can. Just because we can.