The ip shouldnt change unless the server is down for a period of time and the ip is dynamic.

If it is returning OK then it sounds like duckdns is working as intended

I have been using duckdns for a few years without issues. It should be simple enough , just set up a cron job with your details as listed on their site where you configure it. This keeps your dns entry up to date.

If you want a quick and easy way to share the odd file you could set up a syncthing shared folder and COPY things in to it that you want to share. When the other side MOVES them out of the shared folder they will be removed from the shared folder on your side.

The advantage of this is security. No access is given to your system. If your friends box is compromised you dont have an nfs mount or ssh key on their machine. The worst that can be done to you is copies in the shared folder are removed or malicious files are placed in the shared folder but they wont be able to execute.

You also dont need to open any ports for syncthing , it will use relays if it cant make a direct connection.

Enshittification intensifies

Dont buy them for them. Kids have no money unless you give it to them

Well i have the rp as i only want one port exposed. I have separate networks per service too to isolate things. Only the things that need to talk to each other can.

My stuff is only accessible on the lan and via the vpn and even then only certain ips have access to certain things.

In your case it might be different , but generally a reverse proxy is better as you can have a single point of access to secure and you are not exposing all of your ports to the host or the internet.

Copies of important documents or photos you cant afford to lose. Then leave it in a safe place. Encrypt it if you like.

You can use a ddns such as duckdns or host on github pages with jekyll or something

Debian on the host and everything else in containers

I have the arr stack connected to gluetun doing its thing and then wireguard on the host. I only expose my reverse proxy to the host and can connect to the services through that.

Note the networks below, vpn_net allows it to talk to the gluetun network which has the other stuff. The gluetun and arr stuff are in a separate compose file that defines the network. Then the non vpn stuff connects to that network when it comes up

nginx: 
    image: nginx:1.25.4-alpine-slim
    container_name: nginx
    restart: always
    volumes:
       - /etc/letsencrypt/:/etc/letsencrypt/
       - ./nginx/nginx.conf:/etc/nginx/nginx
       - ./nginx/conf/:/etc/nginx/conf.d/:ro
       - ./nginx/htpasswd:/etc/apache2/.htpasswd:ro
       -  /var/log/nginx:/var/log/nginx/
       - ./www/html/:/var/www/html/:ro
       - ./content/Movies:/var/www/media/Movies:ro
       - ./content/Shows:/var/www/media/Shows:ro
    ports:
       - 443:443
    security_opt:
      - no-new-privileges
    networks:
      - reverse-proxy_service1
      - reverse-proxy_serviceN
      - vpn-stack_vpn-net
    depends_on:
      - service1
      - serviceN

I do monthly backups with cron and tar and syncthing for my containers.

I do quarterly backups of my server (14TB) to external USB HDDs. This is done via a script that mounts the drives, runs rsync to copy, then unmounts the drives again and emails me when it is done. I dont bother encrypting them as it ia mainly just media.

“less”. If its a small file i use cat. If i want the top I use “head” or "tail’ for the bottom. For a specific string i use “grep”

Good to know. I always liked #!

I have something similar . I have WG on the host to access my services and gluetun in a container using openvpn for specific services.

In my case I have the host wg pass through connections to the outside via iptables rules but I’m not forwarding the connection to gluetun. I have the ip of my server as my ip.

In your case as you want a commercial vpn ip as your exit ip you would need to use iptables to pass traffic between the 2 networks .

Puppy or Debian with openbox or another light wm , is crunchbang still a thing ?.

No issues at the moment but need to update a few containers when I get the chance. I also need to set up contacts sync in radicale for the address book and integrate it with Thunderbird and davdroid.

In the near term I’ve been working on a plan to make sure my keepass db is accessible to my SO and family in the event of my demise. I recently lost a dear friend and had to gain access to his stuff for his family, luckily he didn’t have the linux partition encrypted so I got a recovery shell then remounted the disk and changed the password and could then also mount the windows partition once I logged in.

It made me think as all my stuff is encrypted and there is no way someone would guess it nor crack it so I’m writing documentation and leaving it with family members.

The documentation explains how to use keepass and who to contact for support. Im leaving the db with family members and the password with a select few people that dont have the db. My SO will have access to all the info too.

I’ll update the db periodically and give them a newer version but keep the same password

I encourage you all to consider this too.

I do the same with adguard home, it works fine and like you say valid https for all services.

Syncthing ?

Except windows doesnt have 100% compatibility guaranteed either , there are cases where old games and programs are no longer working on newer versions of windows. These same games and programs in many cases will work on linux as there is a compatible wine prefix.

I get your point though, I’m pointing out the 100% figure is not true for either os.

I’m due a backup and other than that I hope nothing breaks