Hey guys!
I want to convert my now corebooted Thinkpad T430 into a Nextcloud server and possibly more (Syncthing, maybe Tor, maybe more)
1 500GB SSD, 1 1TB SSD
Currently runs Fedora Kinoite, I could rebase to something like secureblue uCore, Fedora IoT, uBlue uCore, …
Not sure if those would have broken configs though.
Maybe I would prefer something with slower pace, but tbh the pace of CentOS bootc becoming a thing is quite frustrating. This would likely be the perfect ‘install and forget’ distro for many, a KDE Image would be there in no time.
I wouldnt want to use a traditional distro, even though a base Debian or AlmaLinux/ Rockylinux (what the hell was that of a hydra? Cut off one head, spawn 2? what are the differences??) could just be fine. I used Debian in the past, it really just works.
I would like
- Nextcloud AIO docker image, maybe with podman? It is supposedly more secure but the world runs on Docker, and all is fine. Podman is a pain quite often.
- some nice management like Cockpit
- dyn DNS, for example with NoIP, best free
- secure ssh, that should be no issue
- btrfs? or zfs? with backups to a secondary drive
- automatic updates with snapshot creation. Atomic system would be easiest here.
- easy to use and secure reverse proxy, with DynDNS for reliable address on the internet. NGINX, Traefik, Caddy, what is the best here??
Here I am not sure if I should use 1TB + 1TB, or 500GB used and 1TB backup. BTRFS backups can be incremental.
while I made a list of BTRFS tools I still have no idea what the best tool for this job is.
poVoq@slrpnk.net 2 months ago
Nextcloud runs fine via Podman. Stick with Fedora, cockpit and btrfs.
Btrbk is good for snapshots and automated backups.
If the 500gb is a NVMe drive then the database will benefit from the extra r/w speed.
OVH gives you free dyndns and an email address with every domain you register, goodoption for selfhosting.
boredsquirrel@slrpnk.net 2 months ago
Thanks for the tips!
Both SSDs are SATA and I want to LUKS encrypt both too.
So automatic updates could work, but I guess I would need to manually reboot as there is no remote LUKS unlock option. Debian has one?
That would also be a reason against Fedora with its very fast release cycle.
poVoq@slrpnk.net 2 months ago
I would carefully think about what realistic threat scenario full disk encryptio protects you from.
On a server that runs 24/7 at-rest disk encryption usually helps very little, as it will be nearly always unencrypted. But it comes with significant footguns potentially locking you out of the system and even preventing you from accessing your data. IMHO in most cases and especially for beginners I would advise against it for a home based server.