Yep, hence my comment…

You should see the fear on people’s faces when I suggest they restore a backup - esp. on Production.

My advice (to combat their fear) is to take an offline backup that has some kind of checksum and then immediately restore it.

That gets them past the initial fear and then we progress onto other backup strategies… if needed.

Backups… fine

When’s the World “test you can restore” day?

Ok, didn’t think about “unlimited” actually being slower - thanks for the insight.

I’m running a pfSense f/w at the edge, so split horizon DNS and haproxy are already sorted… I’ll check out wireguard - should be straight forward

Thanks

I’m considering going this route - just to hide my (static) home IP.

What’s the rough sizing I’d need for a VPS? I’m guessing the smallest possible, but with the best / unlimited data usage?

Yep, it’s something that more people need to consider to keep their free (as in the source code is not a prisoner) software going

It looks like jellyfin costs ~$500/MONTH just for their hosting fees: https://opencollective.com/jellyfin

If everyone using jellyfin contributed $1/month, I bet that would be covered

(No, I’m not affiliated with them)

What’s the general thoughts on running a TOR node?

I think an exit node would probably get my (domestic) ISP asking some questions and / or my static IP getting blocklisted quickly

Yep, BOINC has regularly warmed my home office over many a winter… until I shutdown that machine.

Maybe I should try again…

Presuming you can put OpenWRT on it, it’ll be fine as a single box

IMHO, I just prefer having it all as separates and then fix / change / upgrade parts as I go - but I soon run out of places to hide them

Is the ISP supplied box also your wifi?

If not, IMHO I’d use the ISP equipment as a pass-through modem (if possible on that model?) and have a separate OpenWRT / pfSense firewall do all the heavy lifting for DHCP, DNS, ad blocking, etc

Depends if you’d then need another WAP, of course

Feel free to ask over at !homeassistant@lemmy.world too.

But to echo some other comments here, whatever you do, keep it simple and ensure a botched HA update doesn’t freeze / cook you by using standard components as a backup / failsafe

Ok, thanks. Yeah, I don’t use PostgreSQL much, so I have to get my head into it.

That said, it’s only for Immich, so I could just wipe it and start again which might be quicker… it only took 3 days to scan the photos, it might take me longer to update the database 😉

Updated my NAS recently and Immich’s database stopped working due to some PostgreSQL update that needs something changed manually, so I need to get my head around that.

Also trying to get a tablet to run as a 2nd satellite for HomeAssistant voice commands and no matter what I do, only the 1st one responds to wakeword… but I tend to give up after everyone’s gone to bed as I’m literally in a room on my own talking to myself…

Using PfBlockerNG?

It’s a great piece of software, but I had a hell of a time blocking some countries for torrents.

A single IP in China was repeatedly downloading an Ubunto ISO, I think due to the various methods of peers finding each other, so in the end I had to create an additional alias to block outgoing traffic even though only I was only allowing specific other countries in.

Go baremetal

You want it to be as simple as possible, to be as secure as possible.

Adding proxmox - or any abstraction layer - is now adding more layers that have potential security issues.

And everyone is scanning your IP for vulnerabilities 24/7.

Plus, in my case, I want a completely separate network for Guest Wifi, IoT, etc and only some stuff hitting the LAN / homelab.

I agree, the acronym NAS does indeed mean that.

But would you call a Hypervisor a NAS?

When I say NAS, I mean NAS. Bulk storage remotely accessible on the network.

When someone starts talking about all their VMs/Containers, I understand that to mean something else… I’d prefer to use a generic term like “server” instead.

Look, there’s 2 things here:

• NAS - meaning storage

and

• NAS - meaning a virtualisation / container server that’s doing lots of fairly random disk access

Which are you wanting?

For the first, just consider capacity (you’ll fill it) and noise (spinning away all night)

For the 2nd, really really consider SSDs as they’re silent and fast.

RAID1 is just a convenience factor, so whatever you do, don’t get too caught up in the drive mechanics as you’ll have a full backup (right?) and can restore your data at a moment’s notice.

Honestly, honestly, just go for something large & quiet and you’ll be fine.

And yes, SSD for the OS

+10 for keeping notes.

Yep, even that temporary thing, write it down. Usernames & passwords go in KeePass - with descriptive notes in there too

You should check out Ansible

I run multiple Arch systems at home; laptops, NAS, media, etc. but I’d recommend a Debian based OS for a new starter… unless they’re really, really keen to learn how everything works.

For inspiration, take a look at the Nextcloud Devices - just for the hardware ideas.

I’m still running a Nextcloud Box (with the original Western Digital drive) and it’s fine for my needs.