"with an nice client?"
You gave the answer to yourself. There aren't any user friendly multi-platform clients with synchronization / conflict resolution / versioning.
"with an nice client?"
You gave the answer to yourself. There aren't any user friendly multi-platform clients with synchronization / conflict resolution / versioning.
My backup strategy:
Data:
- Sycnthing with 1x Copy with my Clients and 1x Copy on my Server accessible via Nextcloud
- Daily Push-Backup with of my Nextcloud-Data-Folder via Kopia to Backblaze
- Daily Pull-Backup of my Nextcloud-Data-Folder via QNAP-NAS in the basement
VM:
- Daily Backup of my VM's to a Proxmox Backup Server running on QNAP-NAS
- Daily Backup of my VM's to BackBlaze (but encrypted before)
Still, I'm not fan of having just one Cloud-Backup. So I think I will also get Hetzner Cloud Storage for Borg Backup additional to Kopia.
Goal:
- Different Hardware (Server, QNAP, etc.)
- Different Backup software (Syncthing, Kopia, Borg)
- Different Backup technique (Push, Pull, Snapshots)
- Different Locations
"On the other hand, if I run Watchtower first, I'm backing up the latest version."
This makes no sense. I hope you are backing up the persistent data, not the Docker-Images.So before and after Watchtower is identically in the best case scenario.
(In the worst case scenario, after the docker update your persistent data are corrupted because of an bad version update. So the backup should always be before)
Do you have an example?
"Open Source + hosted" always involves trust, as you can only look into the Github repository, not if the running hosted application is running identically.
Only exception: It's an E2EE encrypted solution, and everything else happens client-side (example: Bitwarden)
E-Mail.
And maybe unpopular opinion:
Any service that you use with port-forwarding, besides WireGuard.
I would never access any self-hosted application without VPN.
Password manager. I want to minimize complexity with my most important data (that's why I'm using KeePass instead of Self-Hosted Bitwarden).
If you want to secure something, you should know how it works?!
My journey:
Joplin -> Trilium Notes -> Logseq -> Obsidian
I find Obsidian the most powerfull, because of the PlugIn system and full compatiblity with Android and iPad.
And I realized, it's a stupid idea to have a "knowledge base" in a Docker setup, if you need this knowledge base also for debugging or reinstall your Homelab. So the local installation of Obsidian togeter with Synchting gives you always access to your knowledge, even if the server are down.
However, none of the above have collaborate features. But don't need it.
Expensive. And I avoid small providers, without any established compliance, where a bored admin could surf through my server root ;)
I would repair my capslock next :)
Create 2 virtual machines.
One Virtual Machine with OpnSense Firewall, where you setup the ProtonVPN WireGuard connection.
One Virtual Machine with your Docker-VM.
Connect both machines via a virtual network, and setup the OpnSense-Firewall so that only internet-traffic through the WireGuard-Gateway is allowed.
That's the most bullet proofed solution, as any connection of your Docker-VM is secured, independent of the VM's configuration.
Where are you reading such things?
You can do what ever you want, as long as you stay in the limits (e.g. bandwidth) of your service and are not uploading any illegal content.
And of course: If you are privacy focused, always encrypt your backups.
Because we can. Just because we can.