ZFS snapshots combined with replication to another box. That and a cronjob on packaging up my compose/config files.
nyrosis
joined 11 months ago
This...
It's good to have the router/firewall as it's own device. An argument could be made for a NAS too simply doing NAS functions.
For servers I see no point because in the home environment you can squeeze more out of the system using a hypervisor. Even in an enterprise environment you are likely thinking about clustering/HA which still will be utilizing a hypervisor.
It's really not that bad especially if you setup access lists. That simple configuration alone eliminates most problems from even accessing the server.
Security operates in layers and ufw is a pretty simple layer to setup. Especially if you only have like one or two services you need exposed on a given system.
It's convenient for some services like jellyfin that have a companion app. It's much easier to just point the app to a domain name you control to get everything working without vpn. The certificate support is nice too.
Say for instance you have a family member that you know won't be taking the time to setup vpn configs to access this device. It's easy to just say here is the link the app is asking for and here is your username/password.