Just a misunderstanding, then. I did not intend to talk down on a hosting provider I don’t even know. Instead, I prioritize hetzner because I’m familiar with them and they’re based in europe.

I didn’t intend to be elitist about anything and I actually fail to see the elitism by saying “that hoster is not about providing cheap storage”? Maybe there’s something in the english language I do not pickup on?

Yeah, hetzner’s more about having your own servers than providing cheap storage.

Proton also seems to be interesting. Privacy by default and being swiss based definitely are plus points.

Thanks for the mentions!

you can run the open source control plane called Headscale instead of relying on Tailscale’s (the company) free service tier

Ah, that sounds more interesting. I still have time until I buy everything, there’s still going to be a lot of research, especially with all the ideas and feedback people have given me in this thread.

I’ll definitely try it, thanks!

Not sure if it checks all the boxes perfectly, but if not it is probably as close as youll find ready-made

That’s a good point. To have cohesion and good integration, some sacrifices have to be made. This seems better than having 20 independent services working with (and sometimes probably against) each other.

Thanks for the heads-up! Those sound like acceptable problems, as long as they’re temporary and my data is safe.

Google is evil but I know that GDrive has pretty low prices on data storage […] Don’t forget to encrypt everything when uploading to these services!

That is what I am hoping for :) My free Google account grants me 15GB of online storage and my free Microsoft account provides me with another 5GB. The 15 GB should be enough for encrypted photo backups, while 5GB definitely is enough for encrypted calendar, contact and probably some document backups. I just need to find a way to automate backups to these.

based in the USA, priced at 3$/TB/month

If I am going to pay money for something and with how the world currently is, I’m going to use some EU based service. My only VPS resides at hetzner, if the need arises I will probably just add a storage volume to my VPS or upgrade it to the next tier.

The filter criteria on geizhals are so far superior to amazon (at least for computer and tv stuff), it’s not even funny anymore.

Plus, you can filter for “item is physically present in shop”, so you can just look up what you want and then go there and get it yourself, no need for same-day-delivery.

Up to personal preference if you trust a fork for this work

I see 3600 stars and I guess that’s kinda trustworthy :) I also do like some of the enhancements listed on the github page. I’ll try it, thank you very much!

Then I give praise to you, for you are more prepared than any other individual I personally know of and even some smaller companies I had worked with.

Okay so not critical, just mildly inconvenient if lost.

I wouldn’t put it at “mildly inconvenient”, as the photos I could lose can never be restored. Most of the other things can. I’d be really sad if I lost all the photos, but it wouldn’t threaten my existence in any way.

I’m sorry, I should have specified in more detail what I meant by “critical”.

It’s not life-threatening, it’s just critical to me. It’s kinda like “my priciest possession” could mean a yacht or a half-dead car, depending on the context.

[EDIT]

a disk failure is probably the most likely failure scenario. Corruption is the second most likely

Yes, these are things that are 100% going to happen at some point. I cannot guarantee theft, floods, earthquakes or anything like that, but hardware degrades with time and use, so at some point things are going to fail.

Not make or break by any means

That’s great to hear. I can always buy better hardware later and first test if things run with what I already have. I don’t like to have my IT wasting in some drawer.

Thank you for your advice!

tailscale with headscale over openvpn

Is a vpn inside a vpn really improving security at all? Or is there a different reason to use tailscale inside a vpn?

I assume you basically want protection against disasters, but not high uptime. (E.g. you likely can live with a week of unavailability if after a week you can recover the data.)

Exactly. These are not business-data, but my personal data. No money or absolutely necessary thing is lost if I lose all of that.

The key is about proper backups.

Thanks to other commenters I realized, I can just export contacts, calendar events and photos every night to some on-disk location and back them up somewhere offsite. This would probably be a few GB only. The other ~1.5 TB of data is stuff like movies, music, old games that I’d probably never get anywhere else etc. My data is not life-threatening. It’s just “critical” to me.

Via google I found that you can export your calendars via a URL, so I my current backup plan is this:

• daily backup from onsite-hypervisor to onsite-backup server (all VMs and all data)
• daily export of calendar and contacts
• backup calendar, contacts and photos to offsite-location

This way, I’d still be compliant to the 3-2-1 rule (just not for all my data), while saving quite some money on the offsite data storage.

As you are already using nextcloud, could you verify if exporting calendars and contacts work with these 2 URLs?

# calendar export
https://${NEXTCLOUD_URL}/remote.php/dav/calendars/${NEXTCLOUD_USER}/${CALENDAR_NAME}/?export

# contacts
https://${NEXTCLOUD_URL}/remote.php/dav/addressbooks/users/${NEXTCLOUD_USER}/contacts/?export

This is the command used in this tutorial. The website is in german, scroll down for bash, python, nodeJS and windows powershell examples.

curl -L -J -O -u "$username:$password" "$downloadLink" --create-dirs -o "./$(basename "$url")"

my Nextcloud server is running in a datacenter. Every week I run a backup to a USB drive that I keep in a third location.

If you don’t mind me asking, how much are you paying for your datacenter server and the third location?

you can’t seem to restrict people commenting on a file you shared

That’s okay. My circle of friends I’d share files with is not all too big. So everything stays between a few people anyway.

Nextcloud often updates and sometimes breaks small things

Does breaking stuff happen often? I plan to use the docker image nextcloud:stable-fpm in the hopes of bypassing some bugged releases.

I’ve done nothing special regarding security and have it exposed to the public internet. I intend on having fail2ban look at its logs but I’ve not yet set that up

That sounds kinda dangerous. I remember years ago, when I rented my first vcloud-server, within the first 10 minutes I had bots trying to get in via SSH. I’d be way too paranoid.

I would recommend having it entirely behind a VPN

Yes, that’s my plan. I intend to create a new OpenVPN server on my pfSense with access only to the nextcloud VM. This would also allow me to share the vpn config files with my friends without a password, as the authentication is done by inline-cert vpn config.

Memos is pretty usefull for me. App on fdroid momemos is superb. Syncthig takes care of google drive ish needs. Immich for photos. Mealie keeps food interesting.

I’m going to have to test a lot of new android apps, I guess. Thanks for the mentions!

Regarding syncthing, according to gedaliyah’s answer here, syncthing will be dropping the android app :(

Thank you for answering!

Good to know that most things I would need seem to be already working nicely in nextcloud :)

It should respect permissions though, so if you share a file with read access only, they won’t be able to edit it in the editor.

I’ll definitely have to try that before trying to send out links.

Thanks for the tipp!

I’ll definitely try the native file editor and collabora, just to see how they compare for me. I even found a tutorial by nextcloud on how to integrate collabora (see this post)