Just a misunderstanding, then. I did not intend to talk down on a hosting provider I don’t even know. Instead, I prioritize hetzner because I’m familiar with them and they’re based in europe.

I didn’t intend to be elitist about anything and I actually fail to see the elitism by saying “that hoster is not about providing cheap storage”? Maybe there’s something in the english language I do not pickup on?

Yeah, hetzner’s more about having your own servers than providing cheap storage.

Proton also seems to be interesting. Privacy by default and being swiss based definitely are plus points.

Thanks for the mentions!

you can run the open source control plane called Headscale instead of relying on Tailscale’s (the company) free service tier

Ah, that sounds more interesting. I still have time until I buy everything, there’s still going to be a lot of research, especially with all the ideas and feedback people have given me in this thread.

I’ll definitely try it, thanks!

Not sure if it checks all the boxes perfectly, but if not it is probably as close as youll find ready-made

That’s a good point. To have cohesion and good integration, some sacrifices have to be made. This seems better than having 20 independent services working with (and sometimes probably against) each other.

Thanks for the heads-up! Those sound like acceptable problems, as long as they’re temporary and my data is safe.

Google is evil but I know that GDrive has pretty low prices on data storage […] Don’t forget to encrypt everything when uploading to these services!

That is what I am hoping for :) My free Google account grants me 15GB of online storage and my free Microsoft account provides me with another 5GB. The 15 GB should be enough for encrypted photo backups, while 5GB definitely is enough for encrypted calendar, contact and probably some document backups. I just need to find a way to automate backups to these.

based in the USA, priced at 3$/TB/month

If I am going to pay money for something and with how the world currently is, I’m going to use some EU based service. My only VPS resides at hetzner, if the need arises I will probably just add a storage volume to my VPS or upgrade it to the next tier.

tailscale with headscale over openvpn

Is a vpn inside a vpn really improving security at all? Or is there a different reason to use tailscale inside a vpn?

you can’t seem to restrict people commenting on a file you shared

That’s okay. My circle of friends I’d share files with is not all too big. So everything stays between a few people anyway.

Nextcloud often updates and sometimes breaks small things

Does breaking stuff happen often? I plan to use the docker image nextcloud:stable-fpm in the hopes of bypassing some bugged releases.

I’ve done nothing special regarding security and have it exposed to the public internet. I intend on having fail2ban look at its logs but I’ve not yet set that up

That sounds kinda dangerous. I remember years ago, when I rented my first vcloud-server, within the first 10 minutes I had bots trying to get in via SSH. I’d be way too paranoid.

I would recommend having it entirely behind a VPN

Yes, that’s my plan. I intend to create a new OpenVPN server on my pfSense with access only to the nextcloud VM. This would also allow me to share the vpn config files with my friends without a password, as the authentication is done by inline-cert vpn config.

Memos is pretty usefull for me. App on fdroid momemos is superb. Syncthig takes care of google drive ish needs. Immich for photos. Mealie keeps food interesting.

I’m going to have to test a lot of new android apps, I guess. Thanks for the mentions!

Regarding syncthing, according to gedaliyah’s answer here, syncthing will be dropping the android app :(

Thank you for answering!

Good to know that most things I would need seem to be already working nicely in nextcloud :)

It should respect permissions though, so if you share a file with read access only, they won’t be able to edit it in the editor.

I’ll definitely have to try that before trying to send out links.

Yes, you’re right. As David From Space said in this comment, the real critical data is far less then all of the backed up data.

So I definitely can have an offsite-backup, it just depends on if I can single these things out in nextcloud, possibly via regular export to the filesystem.

Are the documents you edit with the online editor files which are visible in the online drive? Does nextcloud use the open document specifications for saving documents (e.g. .odt, .ods)? Can you view these files without opening them in the editor (like the preview in google drive)?

If so, that is acceptable. The document thing is more for completion, I don’t handle documents all too often. And if the online editor is bad or not working but the files are visible and offline-syncable in the drive to some desktop client and they are using the open document format, I can edit them with libreoffice.

Thanks for the heads-up!

Oh, it’s nice to hear somebody already did that, thank you!

Did you have any hiccups or general problems with nextcloud or calendar/contacts/photos sync? Did you do any specific thing to harden security, other than using ufw, fail2ban and changing sshd config?

Thank you for your input!

I also thought about the 3-2-1 backup rule, but am unsure if that is overkill.

My VM-backups and file-level-backups are proxmox backup server (pbs) backups. Meaning, to have them offsite, I’d need to rent a dedicated root server on which I am able to install pbs to act as an offsite sync-target. With TB of backups, this is gonna get very costly very fast.

I thought about regularly exporting encrypted calendar and contacts onto some free online storage, hoping I can automate this process.

With what I have layed out in my post, to lose contacts and calendar events, both my intel NUC and the zotac mini-PC have to be corrupted at the same time. Or both RAIDs simultaniously failing both drives. Am I not paranoid enough or is that an acceptable level of failure-safety?