Hi! I know this is a kind of dangerous topic to ask :D And I am sorry this got so long.
I plan on building my own little home server. Currently I will mostly use it for nextcloud, maybe some other stuff, like git. I would like to be able to access nexcloud or git from outside my home (yes, i actually go outside sometimes… dont know why though). I will run docker and portainer on a pi5 (i guess its enough for one person) and I have 4x4tb disks. I currently plan on creating a software raid 10 with the disks to get 8tb of storage.
I have two types of disks, a new set of ironwolf and a used set of wd 24/7 drives. How would you arrange them? Put both from one type in raid 1 or mix both types in raid 1? I just heared about LVM. Would you recommend to put that on top of the raid? I dont know If i plan to change the storage setup, but doubt it currently. Im not shure if ZFS would be a better solution for me, but it seems unneccesserry at the moment.
I dont quite know what i should search for to find a solution about accessing the services from outside. I would like to avoid a (wireguard) vpn so i can log in on a different device without setting it up, or that i can connect to the vpn at work or uni and still be able to use my nextcloud data. So dyn dns with portforwarding seems to be the only option. But I am a little afraid to open up my home network to the outside like this, without another protection like a login. I know nextcloud has that, but im not shure if that is enough or what can be seen and accessed from the outside if i use ddns and port forwarding.
For backups I plan on using dublicati and storing the backups encrypted to either pcloud (would need to by, additional cost…) or a server at a friends or my dads house. But with the second solution I am not shure how I would create a tunnel to their server, so its secure for both of us. He has a static ip, so no ddns needed. Maybe here would be a wireguard tunnel be best? My dad does not have a static ip but would create a wirequard vpn for me with MyFritz (avm ddns service). Any thoughts on that? I would create a disk image of the completed os (the sd card…) once the services are running, so i can revert if something breaks. I guess a manual image is enough after the setup, because the docker containers reset anyways on restart, right?
Thank you so much, I am greatefull for every advice!
I hope that your router has a good amount of storage if it’s an embedded router because the Tailscale binaries are rather large. Last time I tried I had to run the
tailscaled
binary through a compactor, and I ran thetailscale
client only for the setup and then deleted it (the daemon doesn’t need it in order to run).Thats awesome that you got that working. I was hoping this would be possible the same way feeding a router a wireguard config is possible
Edit: I’m going to try this at some point in the next few months https://docs.gl-inet.com/router/en/4/interface_guide/tailscale/