I definitely don’t need to but it also costs nothing and retention policy only keeps 5 minute backups for an hour. Then hourly back up for a day. Daily backups for a week, etc. Up to 2 years

Exactly this, I have hourly Borg backups and also since my install is entirely on a zfs array I have zfs autosnapshot every 5 mins with retention policy. Takes almost zero cpu or memory overhead extra and means and can do just about anything via command line and revert it back with ease.

That being said, I still don’t auto update. Unless having an issue, I just sit down every few months and update everything manually because if its already working why update. If you want the newest features, how will you even know what they are if you don’t at least glance at the release notes?

Traekif can reverse proxy just about anything include ssh.

That being said I don’t. For stuff like ssh I connect with wireguard first then ssh. For stuff like immich I directly expose that behind traefik so I can share images with others. For stuff like vaultwarden I have that behind traefik but internal only so you need wireguard first then you connect to vaultwarden.local.domain.com

I’m on version 1.143.1 I skipped all the beta timeline stages and updated from 1.135 I think.

About 30k photos and 2k videos

The web interface was great, the android app (pixel 8) was very slow. Even local assets were slow.

Since update, its way faster. Feels really good, responsive, low latency. Sync and backups have been no issue at all.

Sync on android turned itself off after updating, but I turned it back on, selected the same folders to watch and it processed for a few mins and then everything continued to work with no issues.

On the previous version, sync was pretty good. Sometimes it didn’t trigger as a background process and i had to manually open the app but it worked. New sync also works well though haven’t yet uploaded a large number of things.

The main feature I want is portion scaling. So I can type the number of servings and everything gets multiplied. Is that possible in obsidian via a plugin or with mkdocs?

This is great. Thanks!

Couldn’t the attacker just drop a dangerous binary into the data volume then?

How would you add new links if its read only?

I’ve been using this which works great.

https://f-droid.org/packages/com.sbv.linkdroid/

Works with my single sign on setup as well which was critical. Creates a nice share target on android so any share button gives the option of sending the link to linkwarden

One thing to consider is that once zfs is setup there really is no significant intervention that is needed. I probably haven’t done anything to my proxmox zfs array in years.

I know its almost a meme to say just learn command line, but unfortunately in this case it will really help you understand what is happening and it also just takes a few commands to setup up once and then never worry about it again.

After the inital setup, the zfs GUI will be pretty much unused.

For commands I don’t use often, i use a note taking software to keep track of commands I used during setup because years go by before I use it again. I find the GUI often changes in that time making it harder to replicate whereas command line is the same and easier to document.

Keeping 80 open is useful so that traefik can redirect all traffic to 443 (https)

I didn’t know what this was until now. It seems like the beta bitwarden app supports this. Would be interesting to get it setup for that.

This along with borg warehouse is the GOAT setup. Many others exist of course.

Borgbase for offsite backup as well. Has been rock solid and I test download files from there every now and again with no issues. Never really did a full restore since its my 3rd line backup

I used this years ago. I had issues with repeated database corruption. Google search showed lots of people with similar issues.

I moved to borg backup which has been great.

I use a docker container that uses the MySQL/postgress dump command to create database dumps every hour with a retention policy. The dump is placed into docker data directory.

My docker data directories are in a parent directory on the host.

Borgbackup then runs the backup on this one directory. Like the other reply mentions, this is probably overkill since the database doesn’t isn’t being written too that intensivley but the resources needed to do this are minimal so its not a big deal once you know how to set it up.

https://github.com/Martlark/pg_dump

https://github.com/fradelg/docker-mysql-cron-backup

I did his when I moved from unraid because I wanted better infra as code for my dockers etc. Kept unraid with all my drives and use NFS mounts from another machine with proxmox that runs a VM for my dockers

The best and most versatile system is having domains and a reverse proxy that has internal and external domains. Ie jelly.example.com and Vaultwarden.internal.example.com

Then you add authentik which does SSO for many app like nextcloud, immich, linkwarden etc. For apps that don’t integrate, you can still use his with reverse proxy authentication (sonarr).

Naturally this is more complex to setup but nothing beats the versatility.

I can choose extra protection for things like vaultwarden (need to connect via wiregaurd). Make things external for other users to access easily (immich, jellyfin, etc). Everything is based on users that are made in authenticatik and they all have the same password with single sign on.

You would approach this is pieces. get the domain and reverse proxy working first. Then authentik. this is only realistic with docker compose.

Assuming this is all true, sure its not great but how much does it matter?

Most have jellyfin in a docker. My jellyfin can’t only has read only accses to the media folder. Only the config folder has write access. Assuming the worst case scenario here, how much damage can than do?

I’ve been using jelly since just after the emby fork and never had an update issue on docker. Automatic snapshots every 5 mins (amoung other backup tools). means I don’t need to worry much if it does.

Owncloud infinite scale seems, well, much more scalable