So why would this need docker at all?

Thanks so much for mentioning this, trying it out now

Not at all

One thing that hasn’t been said in this thread is the following: Do you trust your router? Do you have an isp that can probe your router remotely and access it? In those cases, you absolutely need a firewall

Same, always eorked great for me

Not a single app, not minimal dependencies. It’s a file that gets processed and creates many gigabites of leftovers, with an enormous runtime and piles of abstractions

Unless you are a business with millions of users, I would be really skeptical of redis improving performance. At the end of the day, any simple KV store can replace it. It’s not like postgres where having sqlite in it’s place means not only a different performance profile, but also different semantics, sql dialect, rpc protocol, etc

I don’t know but usually uk websites are the worsts of the bunch

No such thing in their website from europe

Bought only the nas hardware, no software or enclosures with OS from the and had no problems

What is it? Why do you find it useful?

Dbeaver

I ditched nix and install software only through portage. If needed, i make my own ebuilds.

This has two advantages:

• it removes all the messy software: i am not going to install something if I can’t make the ebuild becayse the development was a mess , like everything TS/node
• i can install, rollback, reinstall, upgrad and provision (configuration) everything using portage
• i am getting to know gentoo and portage in great details, making the use of my desktop and laptop much much easier

It’s sad how self contained now means “only” one docker image

It syncs my extensions, except for mobile the ones that aren’t available (obviously)

This is very cool.

I an slowly building my own syslog server with visualization, but it’s cool to see new stuff on the block.

I have always been wary of big commercial services like kibana, grafana, etc…

Or don’t, because they are going to kill it eventually.

There are less convenient possibilities, like pass and keepass, even a markdown file pgp encrypted and git. Yes, less convenient, but guaranteed to work in 5,10,20+ years

Do it. Buy an hdd, start to understand how to store the data safely, how to torrent and how to contribute to the community.

You’ll learn a lot, and I am guessing that you are very young, all this knowledge will be very useful in the future. Every cent spent now, will multiply in the future

this is a very bad article. It talks about “zero trust” but then suggests you to use corporate software, the cloud, sketchy russian apps to monitor your traffic at home. Also, I am not spending 2 hours a day going through my logs, nor I want a VM/container with 8GB of ram wasting 40% of my GPU on grafana.

Great that you included your threat model, but you should have specified the type of services that you host/provide.

One thing i would look into is disabling any port that is not necessary (like 80 and 443) and disable ssh on the wider network.

Host a wireguard endpoint in the internal network that acts like a bastion and allows you to ssh-jump to any other host and VM on the network.

Wireguard is more secure than ssh, assuming sound crypto and hygiene for both, because you can’t probe a host from the outside and know if wireguard is running or not