Agreed. Debian with docker, flatpak, and/or distrobox is solid

I think I see what you’re saying. My gripe is that if I want a laptop/tablet with a great ARM chip, with long battery life, my options all force me to use one of two operating systems that I’d prefer not to use for ideological reasons. If I’m forced to use one, because I want an ARM device, I might as well use the one that has the best hardware. M5s are right around the corner and the MacBook Airs are really competitive.

If I misinterpreted your question, then no, as far as I’m aware, none of the M series has FULL support. The M1s and M2s are pretty close though.

Let me know when these X elite chips have full Linux compatibility and then I’ll be interested. Until then, I’ll stick with Mac, it has the better hardware.

deleted by creator

This isn’t exactly what you asked for but just in case it might interest you; I ordered this Aoostar WTR Pro recently to replace an Odroid that died on me. It has an intel N150 and lets you install whatever OS you want. I’m pretty happy with it so far.

Paperless-ngx - it allows you to upload important documents like receipts, contracts, etc. and uses OCR so you can search them

has some basic monitoring on them.

What monitoring software are you using?

I feel like the other measures you talked about (backups, condom of network traffic, etc) I’m doing ok on. Its really just the monitoring where I’m stuck. There’s so many options

I’ll look into it, thank you

I’ve seen a bunch of people recommend Authelia. Do you mind if I ask why you went with it over other software? I only went with authentik because I found a tutorial on it first

1. check

2. check

3. check

4. I saw someone else recommend crowdsec. I’ll look into it, thanks

if you use one of those 5$/month VPSes, with a VPN tunnel to your backend services, that adds one layer of “if it’s compromised, they’re not in your house”.

I’ve heard this mentioned before but I don’t really understand how this works in practice. If the VPS was compromised, couldn’t they use the VPN to then connect to my home?

Caddy only allows private IP ranges

Do you mind telling me more about this? How does that work; a VPN?

that’s awesome. thanks!

Have also set it up so they get banned on Cloudflare’s side, so before another malicious request ever reaches me.

How did you end up setting that up?

I feel weird about having those apps on the internet and basically being blind to threats. I mean yeah, I’m not a target on anyone’s list and most IPs visiting the site are bots but I would still like to know what’s going on.

I don’t work in tech for a living, this is just a hobby for me so I have limited time to work on this stuff and do research. It’s very possible I fucked something up and don’t know it. I figured if I at least got an alert that said “hey, your immich server db was dumped and sent to <insert IP>”, I could at least turn it off

I get where the original commenter is coming from. A VPN is easy to use, why not have my partner just use the VPN? But like, try adding something to your routine that you don’t care about or aren’t interested in. It’s an uphill battle and not every hill is worth dying on.

All that to say, I appreciate your comment.

A few reasons

1. My partner has plenty of hobbies but sys-admin isn’t one of them. I know I’ll show them how to turn off wireguard to troubleshoot why “the internet isn’t working” but eventually they would forget. Shit happens, sometimes servers go down and sometimes turning off wireguard would allow the internet to work lol
2. I’m a worrier. If there was an emergency, my partner needed to access the internet but couldn’t because my DNS server went down, my wireguard server went down, my ISP shit the bed, our home power went out, etc., and they forgot about the VPN, I’d feel terrible.
3. I was a little too ambitious when I first got into self hosting. I set up services and shared them before I was ready and ended up resetting them constantly for various reasons. For example, my Plex server is on it’s 12th iteration. My partner is understandably weary to try stuff I’ve set up. I’m at a point where I don’t introduce them to a service I set up unless accessing it is no different than using an app (like the Homeassistant app) or visiting a website. That intermediary step of ensuring the VPN is on and functional before accessing the service is more than I’d prefer to ask of them

Telling my partner to visit a website seems easy, they visit websites every day, but they don’t use a VPN everyday and they don’t care to.

awesome, thanks for the info

That’s interesting, I didn’t know that was a thing. I’ll look into it, thanks!

the lack of logs

That’s the best part, with a script, you can pipe the output of the updates into a log file you create yourself. I don’t currently do that, if something breaks, I just roll back to a previous snapshot and try again later but it’s possible and seemingly straight forward.

This askubuntu link will probably help

I appreciate the info, thanks