I use an SXT, as I got it cheap, but the wap LTE kits, the LTAPs mini or the hap AX lite should do as well - softwarewise they are all the same anyway. (Just watch out for hardware without LTE modem card and be aware of the difference between LTE-M and LTE as in the knot.)

Sometimes you find decent older ones on eBay as well.

I use a cheap Mikrotik LTE Router as a second route. It has the smallest data plan my provider offers - but it’s enough for maintenance and if I need more due to the main line being faulty it’s the same provider’s fault and they pay the bill anyway.

It mainly goes into the OPNsense as a second gateway,but it also allows me to VPN in and reboot the OPN if needed.

If the OPN would be fucked totally in theory I could run the network directly over it,but that would be nasty.

A friend of mine actually has a pretty nifty solution,but he is an absolute pro at these things. He has a small device (don’t ask me what SBC exactly) ping and check (I think DNS and a http check is included as well) various stages of his network, including his core switch, firewall and DSL modem. If one of them freezes the device sends a data packet via LoraWAN. He can then send a downstream command to reboot the devices.

I have central (water circuit based) heating with individual control per room. Additionally I have a weather station on my roof that tracks the sun and wind,temp, etc. and presence detectors in almost all rooms and electric blinds. The components are all KNX based, the logic part is home assistant based.

Basically what we do: I have a “normal mode” that is supported by two addon modules. Normal mode means:

• On schooldays the system tracks when school starts. If none is present in the kids rooms for more than 30min it assumes the kid is gone and goes into energy saving mode for that room (18 instead of 21). The system then looks when the kid is likely to come back and puts the room temperature up on time.

• Our offices are always in energy saving temp and only get into normal temp once someone has been there for 15min or one of our computers is put on - both the wife and I work home office full time,but travel a fair bit.

• The system tracks if our mobile phones are “pingable” locally. If they aren’t for 30min it assumes we are all gone and puts the whole house into “away” mode,including reducing the temperatures. Then it looks at our outlook calendars (and the school schedule) and puts the temperature back on as required.

• Additonally a room that has a window open is always cut off from heating and the system sends a message when the outside temp is either too hot or too cold after a certain time.

Additionally we have two prediction based module The system looks at three different weather predictions (my area is a bit of a problem for these) and creates a mean expected minimum and maximum day temperature.

If the expected max and min is below a certain point it switches on “winter mode” - this means the system tries to keep the shutters up as much as possible and open them as early as possible (based on the sun position) so the house absorbs as much sun as possible. Doesn’t help that much,but at least a bit. Additionally the time for “open window notifications” is reduced.

If the expected max is above a certain degree the system goes into summer mode. Then it’s basically vice-versa. The system tries to keep the blinds/shutters down as much as possible according to the position of the sun and opens them only after the sun has passed. That works fairly well and reduces the room temperature significantly - in the worst room around 3.8° on average. It also reminds the inhabitants to open windows in the morning when it’s still cold and close them in time.

Syncthing and nextcloud are not a good backup solution. Like ever. Potentially they aren’t even a backup solution at all. Or even cause data loss.

You sadly didn’t tell us too much about what you are actually trying to backup and how your infrastructure looks like.

If I understand you correctly you want to centralise the files that are currently hosted on a diverse set of devices into a central file storage on your server and backup from there. Right? That’s a fair goal and something I absolutely do myself - and both NextCloud as well as syncthing will help you make the files accessible for devices.

Now,back to the backup part.

You want basically three things from backup: They need to reliable (doesn’t help when you can’t access your files anymore because they are corrupted), you want them to be as unaffected by any potential risks as possible and let’s face it,you probably want them cheap. The second part basically dictates that for an online backup you want something that can do versioning so corrupted data (e.g. from ransomware) is not simply written over.

My current approach is: I have an internal backup server (see below), an external backup in the cloud, and a cold storage backup in a bank safe. Sounds like a lot? We will see.

Let’s look at cloud storage first. There are a multitude of solutions available for free with Duplicati, urBackup or goMFT being some fairly popular ones - I personally use Duplicati. These periodically scan the folders for changes, encrypt the files and send them to a cloud provider of your choice (e.g. an S3 bucket.) and to some extent can also do the versioning. (Although it’s safer to regulate that via a bucket policy as otherwise the application needs delete rights - which means in theory could delete all the data when compromised). Main benefit is the ease of access - you need to restore a single file? Done fast and easy. Not so much for a whole setup, restoring things can get quite expensive.

If you use ZFS there is also the option to use ZFS sent to backup, but as there is currently no reliable European Union ZFS sent provider I am aware of (rsync.net does this,but is US based) legally cannot use them. So no experience on that.

To backup clients completly and VMs/LXC it might also make sense to use a designated backup server,e.g. the proxmox backup server. These do require local (as in “where the PBS is running” storage, though, so a local PBS and a cloud storage behind doesn’t work. (There is a “hosted PBS” Service available, though from Tuxis. They work really well). But it can make sense to let a zimablade run a few old hard drives for a few hours a day for that.

For offsite and online backup - as a full restore is always expensive and time consuming from the cloud- I also use two USB hard drives. One is always stored in a locker in a bank vault and every few months I change drive - so in case of a full server loss I only would need to restore the state of a (at max) 4 month old server via USB and then update stuff from the cloud for the 4 months after that.

Now, to be extra sure I also burn the most important files (documents about the house,insurances,degrees,financial and tax data, healthcare records, photos of lifetime events, e.g. weddings, birthdays,births, graduations as well as “emergency data restore howtos”, password files, basically all the stuff I want to make sure my heirs/kids have access to if I die) on blue archive (important, not normal disks!) M-Discs. They are supposed to last far longer than normal blue rays and most consumer accessible media. These are stored locally,in the safe and at the court that holds our will. The reasons for that? Powered off hard drives lose data quite fast and if the wife and I perish at the same time, eg. because we have a car crash or the house burns down the issue is time: Cloud backup might not be available anymore as our bank accounts are frozen and therefore the backup is no longer paid for. The bank safe is not accessible for a long time for the same reason. When someone then accesses the USV drive it might be of no use. The server might be powered off or damaged. And sadly the legal system here can take years (up to 7 years are my planning times) before they can actually access the data.

Where I wish it would be:

• Somewhere where there are more customisationS of how it actually stores files.

• Somewhere where it’s possible to sync instances.

Just saw that my way of doing this isn’t actually needed anymore, there is an integration now:

https://github.com/Amateur-God/home-assistant-technitiumdns

Yeah, absolutely - nevertheless it can inspire that reaction - which is a shame, because it’s indeed fairly easy.

I absolutely second Technitium as well. That thing is rock solid, can be used for basically everything, has blocking with a multitude of options and does provide a nice graphical GUI.

I have it running in a dual DNS setup (main server+a Zimablade nowadays) and that shit just works - it’s the container that has caused the least amount of problems in the last 3 years.

The API is fairly handy and quite easy - I have it integrated into HomeAssistant so I have a “Disable DNS Blocking” button in my “Network control” tab in the app.

The only downside is the fact that initially it can be quite overwhelming, especially if you are not an DNS guru and just did the step from AdGuard/PiHole - but soon you realise that you actually only need a few fields for basic operations.

Yeah. It basically can only do guest and non guest, sadly. There used to be a hack allowing proper VLANs,but that’s long gone.

I am using it and tbh didn’t have too many issues with it. It runs as a LXC on my Proxmox server.

With that it’s a fairly comfortable setup - it does have API access on the proxmox node and therefore automatically discovers all LXCs,even the ones you add after the installation.

For other machines I use a fairly easy bash script to download the agent 2 and then overwrite the config file with the right parameters,but that’s just me being lazy - it’s not that much work doing it by hand as well.

And for everything else there is always SNMP which is fairly well supported and there are tons of templates nowadays.

Tbh, I had Prometheus/Grafana before and found it to be much more complicated, especially when you need active and passive nodes. The fact that Zabbix is “All in one” is fairly nice sometimes.

Dashboards are a bit lacking behind Grafana at times,but I can live with that.

And this is somehow better?

There is a lot of room between “BigTech” and “Joe Average” doing it for his neighbours. Mailbox.org, etc. (see my other post here)

Yeah,big US tech is cancer - but I am fortunate enough to not live in the US and there are enough mid size companies that fall under reasonable laws and governmental oversight (in the good way,not the bad way) that I can choose from. People always seem to think it’s “selfhost or big tech” but there is a shitton of solutions between them.

Mailbox.org, Infomaniak(but I would be cautious on them due to the changing legal framework), posteo,Mullvad,Photoprism,Passbolt,Hetzner Storage Space,Ionos, Deepl, etc. are all a sane middle ground for most people and

I much rather have people do that than fall into the arms of their neighbourhood asshole (and let’s face it,there are a lot of difficult characters in IT). Because first of all it’s people’s lives who are at stake - You can wait for the first creep who will use access to his neighbours photos (Immich,Photoprism,etc.) for some uncanny purposes. Who will use the WiFi&Device passwords saved to get access to someones CCTV system to spy on his neighbours. Etc. Etc. And, and this is as much of an issue,it will only take a few of these people to drive people away from all open source products, right back into BigTech.

Lastly: It’s okay,that you see it that way. But people need to be informed that these are the risks. If you would take those risks (and don’t think from an IT role but from your neighbours perspective here), go for it. I wouldn’t, we can absolutely agree to disagree. And I don’t think many would once someone tells them the truth: “Yeah, BigTech can absolutely access your files and possibly your passwords with enough efforts. If you let Joe over here host your files and passwords he can,but BigTech can’t.” I am not sure how people would decide.

Yeah. And I am sure you won’t do anything bad.

But we all know how many that will not be the case. There were countless cases of school IT staff being malicious, of healthcare IT staff being malicious. Do you think that won’t be happening regularly on a small community scale? And that goes both ways: What happens when your neighbour suddenly accuses you of stealing passwords from you?

Don’t get me wrong - I am also providing services to my friends and family. But I absolutely do refuse to do so for any vital or financially debilitating services (which I consider vaultwarden for example). And I am seeing large issues with promoting this model as a solution - which need to be addressed.

Lol. So we trust local governments and communities now?

Has anyone ever worked with them IT wise?

I do so in four different EU countries and know people who do in the US and Canada. And…well…there is a reason local governments often went towards the cloud services. Do people think Joe Admin in Bumfucknowhere can operate what basically becomes a MiniDC? And who controls that?

Sorry. Either go “host at home” and only fuck up things for oneself. Or do it properly with a proper DC. Colocate if you want. But that? I know it sounds appealing, especially for someone entering selfhosting (like the author did a few weeks ago). But there is a reason hosting is a business once it comes to other peoples data.

I am currently open for any software solution, that’s why I came here.

Yeah, that would be ideal,but the issue is that I need a photo management software that exports the metadata and imports it - this is the main issue. Otherwise things would be far easier.

And then?

Would need a stable enough connection - as written above that is sadly not the case and won’t be it for the next few years.

Nightly backups/syncs might work,putting the private machine “public facing” won’t - I tried that.

I would love to do that, but the issue is the software to accept it - basically I need a solution that exports the metadata as well and then adds it into a larger library - and that is the problem.

It depends. Very much. And this is the main problem: There isn’t “one” solution, you will need a few.

The thing with the PRC is: Their great firewall isn’t “one big uniform block”. It’s fairly “variable”.

For example: In Beijing,even 10 years ago, I could access google maps and Facebook without any issues(back then highly blocked) as long as my mobile phone was roaming. The second I was on wifi of course it was blocked. But even the cheapo VPN my colleague had did work out fine. Until the day the police started to prepare for the party convention - then suddenly my colleague couldn’t get out, neither could I with our company wifi and even my carefully crafted wire guard over HTTPs didn’t work - unless I was in the wifi of the hotel or our host company. There it did. Party congress over? Back to normal operations.

If you travel through the country you will find that in one place solution A works, in another solution B. Generally the more rural (or closer to Tibet/Xinjiang/Myanmar) you get, the more restrictive it seems to be.

Personally I would simply get there different commercial VPNs to make sure you have a choice to get out at all - there are various ones with a good PRC reputation. Most providers have trials as well. And then double tunnel through that if you can’t directly reach your usual VPN at home