Beginners Setup and questions

[tim.tom]

Hi y'all, I recently brought a simple Dell Wyse 5070 with the intention to migrate my RPi3 home server. While planning this, I extended my use cases to the following:
VM for Home assistant
VM vor paperless.ngx
In a rather small internal SDD

Furthermore I'd like to connect one external USB HDD to be used in my home network (mainly Windows devices) as Backup storage as well as storage for paperless.ngx. For a bit additional security regards ransom ware, I would like to protect the network share with user and password. Maybe with Samba via TurnKey?

To protect my data against physical theft, I thought of encrypting the whole HDD. Is ZFS the way of choice?

To complete the backup strategy, I'd like to push data from my Windows PC encrypted via Cryptomator to the cloud. The same date is pushed unencrypted to the encrypted HDD above.

Does that setup make sense or are there any other ideas?

Thanks in advance
Tim

 

[wbk]

Hi tim.tom,

Welcome to the forums!

VM for Home assistant
VM vor paperless.ngx
In a rather small internal SDD

First my pet peeve: why use VMs in resource-constrained environments, when containers are available? Has the option crossed your mind?

I have hardly used ZFS (in favour of LVM), and I never heard of Cryptomator, so for answers to your actual questions I defer to other forum members ;-)

How specific is your 'the cloud', is money an issue and about how large is the data volume?

 

[tim.tom]

Hi, thanks for the quick response.

First my pet peeve: why use VMs in resource-constrained environments, when containers are available? Has the option crossed your mind?

Indeed it did. But somehow I have in mind, that a VM is preferred for home assistant. But I will double check

I have hardly used ZFS (in favour of LVM), and I never heard of Cryptomator, so for answers to your actual questions I defer to other forum members ;-)

Don't bother about Cryptomator. The key question here is, how to encrypt the external HDD for network sharing.

How specific is your 'the cloud', is money an issue and about how large is the data volume?

I have to buckets. 1) personal photos pure backup 2) personal documents. Using Cryptomator would give the opportunity to access single encrypted files in case of emergency. Cloud storage is Microsoft OneDrive. But actually the cloud backup is the 2nd step and doesn't need to be focused here.

 

[Dunuin]

For a bit additional security regards ransom ware, I would like to protect the network share with user and password

Thats not how ransomware protection works. If you want the data to be protected against ransomware NO machine may be able to access to those credentials then. As every client accessing the network share with privileges to write to it (which would be required if that client should be able to store files for backups reasons there) could be infected by ransomware and destroy all backups.
Would be better to buy 2 external HDDs, rotating them and always having one connected and one stored offline + offsite.
Or to use proper backup server software (Proxmox Backup Server, Veeam, bacula, ... ) that allows you to restrict client to be only able to backup and restore but not to overwrite or delete anything.

Don't bother about Cryptomator. The key question here is, how to encrypt the external HDD for network sharing.

LUKS or ZFS. Depends what you want. ZFS for example won't encrypt the entire disk. Some metadata is still unencrypted and readable.

 

[tim.tom]

Or to use proper backup server software (Proxmox Backup Server, Veeam, bacula, ... ) that allows you to restrict client to be only able to backup and restore but not to overwrite or delete anything.

Fair point. So would it be recommended to replace the SSD with a bigger one, install PBS on a separate VM, and backup everything to the external USB HDD which is connected only during the backup process? The SSD is also mirrored to MS One Drive to keep another copy of the data.