Great that you included your threat model, but you should have specified the type of services that you host/provide.
One thing i would look into is disabling any port that is not necessary (like 80 and 443) and disable ssh on the wider network.
Host a wireguard endpoint in the internal network that acts like a bastion and allows you to ssh-jump to any other host and VM on the network.
Wireguard is more secure than ssh, assuming sound crypto and hygiene for both, because you can’t probe a host from the outside and know if wireguard is running or not
First of all ignore the trends. Fuck docker, fuck nixos, fuck terraform or whatever tech stack gets shilled constantly.
Find a tech stack that is easy FOR YOU and settle on that. I haven’t changed technologies for 4 years now and feel like everything can fit in my head.
Second of all, look at the other people using commercial services and see how stressed they are. Google banned my account, youtube has ads all the time, the app for service X changed and it’s unusable and so on.
Nothing comes for free in terms of time and mental baggage
In the past I used airsonic. It has the best support for different music files and good support for albums ripped as single track, like most classical releases.
The problem with airsonic and its protocol is the lack of good android clients.
If you need to listen through the phone for most of the time, go with jellyfin + finamp. Otherwise try airsonic + its web ui.
For music acquisition:
Are those your own blurays? Then share them before compressing.
Transcoding is hard. There is no way that your transcoding settings are going to be a one size fits all. I am currently encoding the famous iKaos Dragonball release and I did 48 samples before deciding what configuration to use.
You are better off downloading stuff from torrent, especially for newer media. You’ll find a community that put 100x your time collectively on transcoding. That will also save from your tremendous electricity costs.
Also look into vmaf for quality metrics. Consider that switching to uncompressed 1080 might bring you close to your goal with very very low effort.
Btw, can you share the title list?
It is unrealiatic, that in a stable software release there is suddenly, after you tested your backup a hard bug which prevents recovery.
How is unrealistic? Think of this:
Going unmaintained is a non issue, since you can still restore from your backup. It is not like a subscription or proprietary software which is no longer usable when you stop to pay for it or the company owning goes down.
Until they hit a hard bug or don’t support newer transport formats or scenarios. Also the community dries up eventually
how does this look safer for rsync? For me it looks like the risk for that is similar, but I might not know background of development for these.
Rsync is available out of the box in most linux distro and is used widely not only for backups, but a lot of other things, such as repository updates and transfers from file hosts. This means a lot more people are interested in it. Also the implementation, looking at the source code, is cleaner and easier to understand.
how do you deal with it when just a file changes?
I think you should consider that not all files are equal. Rsync for me is great because I end up with a bunch of disks that contain an exact copy of the files I have on my own server. Those files don’t change frequently, they are movies, pictures, songs and so on.
Other files such as code, configuration, files on my smartphone, etc… are backup up differently. I use git for most stuff that fits its model, syncthing for my temporary folders and my mobile phone.
Not every file can suit the same backup model. I trust that files that get corrupted or lost are in my weekly rsync backup. A configuration file I messed up two minutes ago is on git.
I am simple man s I use rsync.
Setup a mergerfs drive pool of about 60 TiB and rsync weekly.
Rsync seems daunting at first but then you realize how powerful and most importantly reliable it is.
It’s important that you try to restore your backups from time to time.
One of the main reasons why I avoid softwares such as Kopia or Borg or Restic or whatever is in fashion:
Your question is so generic that it is difficult to reply. I’ll tell you about my use case then so that you can try to figure out yours.
My goal is to be a respectful citizen. I divide my torrents in three categories:
I bought tons of space (recently converted to three drives, 20tb each) and use a virtual machine locked behind a vpn. Even if I forget to paid, the virtual machine is bind to the tunnel so that traffic doesn’t go out except for LAN, so no leaks.
The VM has two torrent client:
I tend to leave everything in transmission seeded forever, the stuff in qbittorrent seeded until 2.5 ratio or 4.0 depending on my mood.
At the moment I have 90.2 ration on transmission and many many many TB of uploaded stuff. That should be enough to feel like you are giving back
Very interesting project, thanks for sharing and working on this. I am actually one of your target user, where I have enough knowledge to implement my own router, at the moment running on gentoo.
I would like to use this but it lacks port forwarding and a firewall, that is a must. I’ll try it out nevertheless. I’m quite impressed by the stylish HTML graphics, and I appreciate your departure from the typical “modern” gray corporate Bootstrap UI design. It’s really, really cool.
One question. how do you envision exposing this service to the internet? I quite despise rust but I wonder if the use of a memory safe language would help with the inevitable bugs, especially if you put even more features into gatekeeper.
I don’t since I live in a third world country. Can seed at 1Gbps with no warnings whatsoever, 20€ monthly
I read
I don’t since I don’t live in a third world country.
Give your country more credit if you have a 1Gbps connection and it doesn’t enforce draconian idiotic laws. Just out of curiosity, can you name the country?
Back to the point of money and piracy, like I said, one “pays” for media in one way or another.
While I agree with you on everything this point is not 100% true. I am paying thousand of $CURRENCY on disks and other hardware every few years but I feel that for every side of the coin, there is a minimum situation (let’s call it a floor situation) on which less privileged people may find themselves.
For example if you are a bachelor already struggling to pay to be in college or a child that has only access to their parent’s computer, piracy is literally free and you can reach to it without paying anything on top of what you have already. On the other hand, netflix is always $CURRENT_PRICE regardless of your situation.
Btw, thank you for making articulate posts. This is why I am on lemmy.
this is a very bad article. It talks about “zero trust” but then suggests you to use corporate software, the cloud, sketchy russian apps to monitor your traffic at home. Also, I am not spending 2 hours a day going through my logs, nor I want a VM/container with 8GB of ram wasting 40% of my GPU on grafana.