There are solutions for everyone’s parameters, scenarios, and use cases. You just have to pick a horse and ride it.

<ahem…I’ve been known to uhhh…velcro them to the case with industrial velcro. <cough cough>

Just throwing it out there mate. I’m sure there may be others. I just have had a decent amount of time with them, and so far I have had no issues. However, I will say that one man’s solution is another man’s plague.

It would be embarrasing if I disclosed all the weird ways I have ‘mounted’ SSD / HDD in a case before. LOL

AWS Glacier (inb4 fuck Amazon - it’s cheap)

I mean, unlimited, personal backup on Backblaze is $99 USD per year. The only downside is restoring large, multi-tb backups. The way they get around that is ‘Restore by Mail’. You ‘rent’ a 10 tb drive(s) from them with your files and have it shipped to you. When you have transferred your data, you can return the drive for a full refund. Also, temporary storage is not backed up like CDs, etc. You have to physically transfer that to an internal HDD / SDD.

https://www.backblaze.com/blog/introducing-the-restore-return-refund-program/

Many people even intentionally turn off sleep-mode in “green” drives so that they don’t shut down automatically.

I’ve always sort of wrestled with this conundrum. Powering on and off HDDs exerts the most wear imho, and so is it better to keep them powered on in order minimize intermittent start/stop wear, or power them off and assume that keeping them powered on means constant wear?

I’m just suggesting review their list of apps they support to get some ideas of what’s out there.

Ahh my people. Another list searcher. LOL

You didn’t miss a whole lot. LOL Those first UI’s were clunky.

Hmm that sounds like something you could do with n8n.

Hey mik, thanks for that. Geoblocking with Caddy was on my list, and I can now bump it up to the front.

Pi-Hole always tops my list as a cool project that has definite benefits and will still be in service after the new wears off. It’s been quite a while ago, but I built an Alexa with an RPI. That was kind of cool. Home Assistant on an RPI is pretty cool. In fact, there is a whole list of cool stuff to do with an RPI: https://pimylifeup.com/category/projects/ . There’s also an Awesome list for the RPI: https://github.com/thibmaek/awesome-raspberry-pi.

I have a question about xcaddy, if anyone would be so kind as to school me. I too would like to geoblock with Caddy. I have investigated the process and of course it uses xcaddy. Having no knowledge of xcaddy, how does that work? Is xcaddy for building modules for Caddy? Does it run separately or in conjunction with Caddy? Does it interfere with Caddy in any way. My hesitation stems from the embarrassingly long time it took for me to wrap my noodle around how Caddy works. IKR? Now it seems so simple, but I’d like very much not to mess up my Caddy installation fat fingering my way through xcaddy. Yes, I know screw ups build knowledge bases, but I’m really trying to be careful and not go in like a bull in a china closet.

'presh

I’ll probably get boo’d but NetData covers just about everything I could want to monitor, and then some. If you don’t want to hook up to the mother ship, you can use the /v3 switch in the url on your homarr dash, or equal like:

https://netdata.mycoolserver.duckdns.org/v3

Also, as has been mentioned, ntopng is pretty awesome as well.

so if any questions here seem dumb

Not dumb. I say the same, but I have a severe inferiority complex and imposter syndrome. Most artists do.

1 local backup 1 cloud back up 1 offsite backup to my tiny house at the lake.

I use Synchthing.

Don’t ever install WordPress, just let it die

I’ve never run wordpress, but it always fascinates me at the number of daily exploits that get released for WP. It seems to me that the core WP is solid, but it’s all the plugins that open up unintentional attack surfaces.

Hey bro. I apologize for getting back to you so late. Did you ever get this resolved? I’m not hugely knowledgeable about the intricacies of nginx. I went with Caddy, but there is probably some commonality between the two. lmk

From the guy that has been accused of going overboard on security measures, I use both. It just depends on your setup tho. On a low resource server, I would pick crowdsec as it covers more ground than F2B. Running two log parsers does use more resources. ~ my 2 cents

As you probably know the crowdsec bouncer doesn’t directly parse logs or do checks like F2B filters. It queries the crowdsec LAPI for decisions and applies them. The “allowed” or “whitelisted” IP logic is handled at the Security Engine or LAPI level, not by the bouncer itself.

You can whitelist an ip in /etc/crowdsec/whitelists.yaml or even whitelist decisions in the whitelist.yaml as such:

name: private-ips
description: Whitelist local and private IPs
whitelist:
  reason: "Allow local and private IPs"
  ip:
    - "127.0.0.1"
    - "192.168.1.0/24"
  cidr:
    - "10.0.0.0/8"

Then issue sudo systemctl reload crowdsec. Kind of the same concept as F2B’s ignoreip option. If you are using Tailscale to administer the server, then it’s easier to whitelist. IIRC, you can use cscli decisions add --type whitelist --ip 192.168.1.100 --duration 1y but it doesn’t add them to the whitelist.yaml. Instead it keeps them in crowdsec’s database managed by LAPI. To undo: cscli decisions delete --ip 192.168.1.100 --type whitelist

https://docs.crowdsec.net/u/getting_started/post_installation/whitelists/

If a container uses Postgresql, you can’t auto update.

That’s interesting. I certainly will keep that in mind.