And this is somehow better?

There is a lot of room between “BigTech” and “Joe Average” doing it for his neighbours. Mailbox.org, etc. (see my other post here)

Yeah,big US tech is cancer - but I am fortunate enough to not live in the US and there are enough mid size companies that fall under reasonable laws and governmental oversight (in the good way,not the bad way) that I can choose from. People always seem to think it’s “selfhost or big tech” but there is a shitton of solutions between them.

Mailbox.org, Infomaniak(but I would be cautious on them due to the changing legal framework), posteo,Mullvad,Photoprism,Passbolt,Hetzner Storage Space,Ionos, Deepl, etc. are all a sane middle ground for most people and

I much rather have people do that than fall into the arms of their neighbourhood asshole (and let’s face it,there are a lot of difficult characters in IT). Because first of all it’s people’s lives who are at stake - You can wait for the first creep who will use access to his neighbours photos (Immich,Photoprism,etc.) for some uncanny purposes. Who will use the WiFi&Device passwords saved to get access to someones CCTV system to spy on his neighbours. Etc. Etc. And, and this is as much of an issue,it will only take a few of these people to drive people away from all open source products, right back into BigTech.

Lastly: It’s okay,that you see it that way. But people need to be informed that these are the risks. If you would take those risks (and don’t think from an IT role but from your neighbours perspective here), go for it. I wouldn’t, we can absolutely agree to disagree. And I don’t think many would once someone tells them the truth: “Yeah, BigTech can absolutely access your files and possibly your passwords with enough efforts. If you let Joe over here host your files and passwords he can,but BigTech can’t.” I am not sure how people would decide.

Yeah. And I am sure you won’t do anything bad.

But we all know how many that will not be the case. There were countless cases of school IT staff being malicious, of healthcare IT staff being malicious. Do you think that won’t be happening regularly on a small community scale? And that goes both ways: What happens when your neighbour suddenly accuses you of stealing passwords from you?

Don’t get me wrong - I am also providing services to my friends and family. But I absolutely do refuse to do so for any vital or financially debilitating services (which I consider vaultwarden for example). And I am seeing large issues with promoting this model as a solution - which need to be addressed.

Lol. So we trust local governments and communities now?

Has anyone ever worked with them IT wise?

I do so in four different EU countries and know people who do in the US and Canada. And…well…there is a reason local governments often went towards the cloud services. Do people think Joe Admin in Bumfucknowhere can operate what basically becomes a MiniDC? And who controls that?

Sorry. Either go “host at home” and only fuck up things for oneself. Or do it properly with a proper DC. Colocate if you want. But that? I know it sounds appealing, especially for someone entering selfhosting (like the author did a few weeks ago). But there is a reason hosting is a business once it comes to other peoples data.

I am currently open for any software solution, that’s why I came here.

Yeah, that would be ideal,but the issue is that I need a photo management software that exports the metadata and imports it - this is the main issue. Otherwise things would be far easier.

And then?

Would need a stable enough connection - as written above that is sadly not the case and won’t be it for the next few years.

Nightly backups/syncs might work,putting the private machine “public facing” won’t - I tried that.

I would love to do that, but the issue is the software to accept it - basically I need a solution that exports the metadata as well and then adds it into a larger library - and that is the problem.

It depends. Very much. And this is the main problem: There isn’t “one” solution, you will need a few.

The thing with the PRC is: Their great firewall isn’t “one big uniform block”. It’s fairly “variable”.

For example: In Beijing,even 10 years ago, I could access google maps and Facebook without any issues(back then highly blocked) as long as my mobile phone was roaming. The second I was on wifi of course it was blocked. But even the cheapo VPN my colleague had did work out fine. Until the day the police started to prepare for the party convention - then suddenly my colleague couldn’t get out, neither could I with our company wifi and even my carefully crafted wire guard over HTTPs didn’t work - unless I was in the wifi of the hotel or our host company. There it did. Party congress over? Back to normal operations.

If you travel through the country you will find that in one place solution A works, in another solution B. Generally the more rural (or closer to Tibet/Xinjiang/Myanmar) you get, the more restrictive it seems to be.

Personally I would simply get there different commercial VPNs to make sure you have a choice to get out at all - there are various ones with a good PRC reputation. Most providers have trials as well. And then double tunnel through that if you can’t directly reach your usual VPN at home

Yeah, I come from the same scenario. Consolidated multiple nodes incl. a NAS into one. Initially had the HDD (which run through a controller anyway) passed through to a TrueNAS VM. That was…a mistake. TrueNAS can become a real bitch if it’s own VM storage is slower/has a hiccup while the rest of the pool is not. And a lot of other things are a PIA as well, e.g.permission wise, especially with a FreeIPA Domain. And all that for a quite hefty price in ressources.

The day I pulled the plug on that was a good day. Later had the issue repeat itself with a client system that the client brought with him.

Nowadays I really love the proxmox only solution,even though it’s somewhat icky to run something directoy on the host - but it’s acceptable imho,when it’s literally built onto host data-as it is the case for ZFS NFS anyway.

(I have Samba in a proper LXC, though - but rarely use it these days as we run everything via NFSv4 by now)

The question is why use both. TrueNAS adds a lot of overhead, tends to become unstable if the workload is high in a VM, can lead to problems especially with ZFS and it often leads to people using privileged containers to use NFS directly (for ease of use) or use a mount bind solution via the host.

With ZFS NFS the whole thing can easily be provided directly and then use mount bind - which is way more consistent. With Cockpit and Napp-it you have graphical tools available.

Don’t get me wrong, for an existing solution it’s fine,but if one is doing a new build I would absolutely not go for it. TrueNAS has some oddities with permission handling one can also avoid if doing it directly - and far more stringent.

Personally Proxmox+ZFS is imho currently the best bet in that regard, especially if you can avoid Samba. (The Zamba Server is solid,though). Especially with a FreeIPA/RhelIDM setup things are surprisingly easy/stringent in terms of permission handling.

Personally I would avoid rasperries like the plague here - they have many downsides when booting up rarely. I’d rather use a Mini PC or ZimaBoard, maybe a build on a MC12 leo (if you can still get it cheap),chuck it all in a cheap case and be good. Unless you have something with IPMI on it I would also invest in a semi professional KVM like PiKVM,JetKVM,NankKVM - and if you can’t stop/start power with that due to the device not following the standards maybe an IP switchable plug.

We are talking about a hobbyist here - if you want to have precautions against all these points OP would need to have a redundant PSU, redundant power sources with automatic failover, backup power,etc. Of course paired with redundant data connections, redundant KVM solutions, physical access management, etc.

In other words: A freaking data center.

Sure, PSUs break. Happens. But very very rarely. And everything else that is on the side of his backup device can be handled through a KVM. And tbh, if that one fails, one can usually direct a “non IT user” to simply pull the plug and put it back on.

In theory that is solvable by a PiKVM,JetKVM,nankKVM, etc.