Your title is about backups but your question seems mostly just about how to set up your storage for backups.
You can go about pooling disks in a few ways but you first need to define what level of protection from failure you want. Before going further though, how much space do you project that you will need for backups?
If you want simple you’ll have to manually decrypt each time it needs doing.
If you want it to be “automatic” then your best bet is something network based. A “simple” would be to just have a script ssh’s somewhere, pulls the decryption key, and then decrypts the disks. There’s plenty of flaws with this though as while a threat actor couldn’t swipe a single encrypted disk they could just log in as root, get your script, and pull the decryption key themselves.
The optimal solution would be to also encrypt the root partition but now you need to do network based decryption at boot which adds further complexity. I’ve previously used Clevis and Tang to do this.
I personally don’tencrypt my server root and only encrypt my data disks. Then ssh in on a reboot or power event and manually decrypt. It is the simplest and most secure option.
I backed this: https://www.crowdsupply.com/cool-tech-zone/tangara
Its not yet released and is in the manufacturing process but I think it’s worth considering
They do not work well in already humid environments but in a hot and dry climate they do quite well. It absolutely does add to the humidity (obviously) but speaking from experience I’d rather have a evap cooler than not if my AC is out.
The largest difference in utilizing one over AC is that they rely on airflow so you need to actually ventilate the area you are cooling as compared to AC where you want a sealed space.
The main driver is power efficiency. Only thing they are doing is running a small water pump and a big fan.
The domain doesnt really matter. The mail servers reputation is what really matters. If you aren’t going to run your own mail server then you have nothing to be concerned about.
I prefer restic for my backups. There’s nothing inherently wrong with just making a copy if that is sufficient for you though. Restic will create small point in time snapshots as compared to just a file copy so I’m the event that perhaps you made a mistake and accidentally deleted something from the “live” copy and managed to propagate that to your backup it is a nonissue as you could simply restore from a previous snapshot.
These snapshots can also be compressed and deduplicated making them extremely space efficient.
Assuming the implementation is done in such a way that I am not indirectly owned by the manufacturer of the BCI and am capable of maintaining its software and firmware myself…yes yes absolutely yes stick that shit in my head.
But if it is not open source and I’m expected to be tied to some corporate entity just to utililze it, no, absolutely not.
There are 0 solutions in a reverse proxy if it is not capable of absorbing the amount of traffic required to maintain service while under a ddos attack. How exactly does a reverse proxy do anything to protect from a ddos?
Edit: I see perhaps I misinterpreted this. Sure, there are other ddos protection services but if you are under attack RIGHT NOW and your critical services are down are you going to shop around for alternatives that aren’t Cloudflare or are you just going to go straight to the thing you know will do exactly what you need with a proven track record of doing it?
Going to CF is entirely understandable and they said that once the dust settles they will be looking at alternatives for the future that is not CF.
I’m far from a CF shill. I believe they do more longer term harm than their short term “good” has done. From an ops perspective though this action was very reasonable.
A “basic reverse proxy” does nothing to help against a large ddos. The only real thing you can do is absorb the traffic and this is not feasible for most operators to host themselves.
Trust no one. Not fully at least.
Yeah thats mostly the one that keeps me going.
Just look at the bit rate of what you are streaming and multiply it by 3 then add a little extra for overhead.
Ah, I was wondering why I couldn’t get it to detect my yubikey. I saw keepassxc-full in the repo but that also didn’t seem to work. I’ll have to revisit it.
I mean I’m not sitting here defending soldered on ram but your unnecessary aggression and sarcasm in your previous responses overshadows the fact that while solder on ram sucks for the upgrade and repair market the underlying tech has very tangible improvements and now we can maintain that improvement and the upgrade and repair functions.
I agree, soldered ram is bad. But I disagree that LPDDR ram is fundamentally bad and this improvement allowing it to be modular while maintaining its improvements is a very good thing.
As far as your complaints of battery life on your thinpad goes, there is much more to battery life than the consumption of the memory but naturally every part plays a role and small improvements in multiple places result in a larger net improvement. I’m assuming you’re running linux which in my experience has always suffered from less than optimal power usage. I’m far from an expert in that particular area but its always been my understanding that it is largely caused by insufficient fireware support.
As a whole this looking at this article in a vacuum i only see good things. A major flaw with lpddr has been address and i will be able to expect these improvements in future systems.
So you believe that the performance improvement and power saving is not worth creating a new standard?
But the article explains that there is a technical reason.
What exactly do you mean by “not mountable”?
If the total data is 3tb and you want disk failure protection I would take your two 6tb disks and put them in a mirror. With the amount of data you have and the drive sizes at your disposal that makes the most sense. This leaves you with 3tb free for growth. If you wanted an additional backup I would recommend storing it in a different location entirely or pay a cloud provider like Backblaze.
I would do this with ZFS but you can also do this via LVM or just straight md-raid/mdadm. I’m not sure what your issues are with zfs on popos but they should be resolvable as Ubuntu supports zfs fine to my knowledge.
An alternative you could consider is using mergersfs to logically pool indivial filesystems on each of the disks and then use SnapRAID to provider some level of protection. You’ll have to look into that further if interests you as I don’t have to much info in my head related to that solution. Its not as safe as a mirror but its better than nothing.