Happy to see some alternatives, but I’m a very happy user of PhotoPrism (+PhotoSync) so will stay there for now. Agreed that encrypted at rest isn’t all that helpful for a self-hoster.

Oh right. The last three business I’ve worked in have all been fully public services; assume the intruder is already in the LAN, so don’t treat it like a barrier.

Funnily enough it’s exactly the opposite way of where the corporate world is going, where the LAN is no longer seen as a fortress and most services are available publically but behind 2FA.

Yup all makes sense. Thank you for explaining it to me.

I’m sorry if I seem obtuse but isn’t it easier to just set up OPNsense, which is a fully configured router/firewall on top of BSD?

Is it an APTIO BIOS? My setting was hidden in IT813 Super IO Configuration —> Advanced —> Restore AC Power Loss. Took me ages to find it.

I only backup what I can’t redownload, ie personal media. Everything else would be annoying but probably also a “great filter” if it all got lost and I’d have to make choices about what I really wanted in the first place.

Same, have had a few select services exposed to the internet, behind very, very complex passwords or keys, with fail2ban etc. never had an incidence.

I’ve had really poor results with duckdns recently - it seems propagation flakes out every 2-3 months. Wrote to them about it but never had a response.

Honestly it couldn’t be simpler. Look at wg-easy docker container. You’ll be up and running in 10 minutes.

By Darwin I had not heard of wg-easy before. That is indeed easier than my setup. Thank you.

Oh yeah. I do remember that. Ok. They’re assholes agree.

Been using OpenWRT for a long time on a cheap consumer router. Finally decided to upgrade to a fanless N100 appliance. Had to choose between OPNsense or pfSense.

pfSense just seemed too good to be true.

What do you base that strong opinion on?

OPNsense is ready to route pretty much after the default install, like any other off-the-shelf router. It’s only really complicated if you have complicated needs.

Hardly the same price range and since most passive cooled N100 rigs come off AliExpress you’ve got to take the lottery of import duty.

To crush your ComTech conglomerates, see them driven before you, and to hear the lamentation of their routers.

This is what I do for downloading Linux ISOs. It works a treat.

+1 for PhotoSync to NAS. Rock solid for me - the only backup solution for iPhone that actually gets the job done IMHO.

They upload via sftp and from there move into an organised and viewable photo hierarchy on a mirrored, local NAS drive via PhotoPrism (wholeheartedly recommended). An overnight backup from the NAS then moves them to a European and a US cloud storage with different providers (Backblaze B2 in the US and OVH Cloud Archive storage in Germany).

I’ve run Synology since they got into the router game and I unfortunately I cannot recommend them. I adore their NASes and they are rock solid but the routers aren’t tested properly in my opinion. I live in a VERY Wi-Fi contested area and it really affects their hand-off between nodes in their mesh, which means a device often stays connected to the wrong node up to a point where there’s simply no connection. I thought it was a 1st gen problem but after upgrading to their 2nd gen systems it hasn’t solved the problem.

I’m moving to another router/mesh system now, which I’ve tested and it works considerably better.