Daniel, aka. CactiChameleon9- #Bitwarden
- #Tailscale
- #LineageOS
- #Linux
- #NixOS
- #MicroTextEditor
- #Bash #Scripting
- #Friends (who I will miss)
- #Fediverse
- #MomentsByMyself
Emon (moved to masto.top)@daniel do you use server side encryption on your selfhosted server(s) ? I'm thinking i'm going to reinstall ubuntu with luks, never did this, hope it's not a hassle.
@emon I don't use encryption, thanks for asking. (I do on my laptop tho)
I didn't really think about it when setting up my server and (tbh) I am not expecting someone to physically raid my server
I am interested to hear your reasoning
@daniel OK,
I self host almost everything as well (mail, cloud, virtual machine, photos etc.) except bitwarden.
I read a lot about security practices to build the most secure installation possible according to my threat model.
I have automatic off site backups, self built UPS, so I was pretty confident about security and availability.
But during holidays I realized anyone breaking in and stealing my disks have access to all my data. Including mails, ID's and so on.
I self host almost everything as well (mail, cloud, virtual machine, photos etc.) except bitwarden.
I read a lot about security practices to build the most secure installation possible according to my threat model.
I have automatic off site backups, self built UPS, so I was pretty confident about security and availability.
But during holidays I realized anyone breaking in and stealing my disks have access to all my data. Including mails, ID's and so on.
@daniel
I feel stupid for not having thinking about it earlier. Thanks to docker this should not take to much of effort, but I never used encryption before, I just hope I can make it work properly (with ssh unlock support).
I feel stupid for not having thinking about it earlier. Thanks to docker this should not take to much of effort, but I never used encryption before, I just hope I can make it work properly (with ssh unlock support).
@emon
Clearly your security game is very good... I'll be honest, self-hosting is a convenience thing for me.
My install is cobbled together with automatic updates and separated users for each service... but thats about it - for me thats enough. (443/80 only allowed)
I don't yet have proper off-site backups (because storage is expensive), but some of my important data I have a 2nd copy on physically on my (client/normal) machines
I commend your efforts there.
SSH sign-on makes sense!
@emon I want to note that I do have a raid 10 with ZFS setup, so I am not going to loose data by (simple) hardware-failures... but I know raid isn't a backup solution 😅