1·
8 days agoAlways risky to be exposed to the internet. unless you can’t, you should look into using tailscale/netbird to keep everything within a VPN.
- 0 Posts
- 6 Comments
Joined 2 months ago
Cake day: December 24th, 2025
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
My personal journey:
- arch is annoying to maintain and whil it is mostly stable, you do get some breaking updates here and there. It’s not a bad choice, it just doesn’t makeuch sense for a headless server.
- Ubuntu server, just why? Works fine but why?
- a not headless fedora, worked fine but still annoyed me sometimes
- proxmox (debian based) works great, annoyed me to manage vm resources.
- headless debian. Just works, I rarely if ever encounter OS issues. The only downside is that not everything can be found in the debian repos, but there is almost always an option to add a repo for whatever you want.
My setup is mostly dockers so keep that in mind.
But really, if something works for you go with it. If you are looking to change, I would recommend debian.
My setup is easy and reliable:
Bash script that runs restic to backup to backblaze with a 90 day retention snapshot policy and a systemd service + timer.
It runs everyday, everything is backedup to b2, and I don’t need to bother with it.
Pros:
- easy
- quick
- reliable
- private (restic encrypts before sending)
- don’t need to worry about multiple backups as backblaze does it for me (3-2-1 system)
Cons:
- costs (very little) money (backblaze is basically the cheapest provider)
- long restore time as it would be slow to download
- restore costs (pay per gb downloaded)
Cold storage solutions would be cheapest if you don’t need to access it often, if you do then Backblaze b2.
Lastly you could do your own backup (drives sitting at a friends of family’s place?)
deleted by creator
It is important to remember that there are scanners running over all IP addresses on the internet and checking for all the new vulnerabilities. So if you are not updating your services and one of your services has a vulnerability that already has an open source module to scan for it, then you are going to get scanned and you are going to get exploited. So it’s not just about having basic protection, it’s also about being really up to date, which not everyone is doing properly.
No kink shaming!