this post was submitted on 18 Nov 2023
1 points (100.0% liked)

Data Hoarder

0 readers
3 users here now

We are digital librarians. Among us are represented the various reasons to keep data -- legal requirements, competitive requirements, uncertainty of permanence of cloud services, distaste for transmitting your data externally (e.g. government or corporate espionage), cultural and familial archivists, internet collapse preppers, and people who do it themselves so they're sure it's done right. Everyone has their reasons for curating the data they have decided to keep (either forever or For A Damn Long Time (tm) ). Along the way we have sought out like-minded individuals to exchange strategies, war stories, and cautionary tales of failures.

founded 1 year ago
MODERATORS
[email protected]
1
Small offsite backup (alien.top)
submitted 1 year ago by [email protected] to c/[email protected]
1 comments fedilink hide all child comments
 

I'm looking to create a small offsite backup for 1-2 terabytes of from my NAS, mainly photos. I was planning on getting a mini pc off of ebay, putting a large ssd in it and then connecting it to my NAS via tailscale (which I already use) and leaving it at my parents house. For them this would functionally be a black box, they are not tech savvy and would not interact with it. I have pretty good upload speed and would probably only do a monthly backup.

Are there any additional pitfalls/security risks to this? Some obvious concerns:

Someone taking the SSD: None of the photos are sensitive, so if someone got access to the mini pc I would just remove it from the list of devices on tailscale.

Someone accessing my network via the mini pc: I know there is a chance that someone uses the sff pc to access my network, but personally I think that is an acceptable risk.

Single data drive in the sff pc: I'm trying to this easy for my parents, just plug it in next to their router and be done with it. I don't want to step up to a small tower with space for multiple drives.

How secure is tailscale? I know that "anything open to the internet is accessible" but I'm just looking for a reasonable level of security. If some bad actor really wants onto my network in particular I'd assume they're going to get in.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 1 year ago

I'd do directly Wireguard (this is what Tailscale uses but it's clear and controllable instead of more automagical). Openvpn or even directly openssh (of course configured with pubkeys) would be similar (run everything on non-standard ports to keep things quieter, and a non-standard user if applicable).

You can do local encryption there too, with LUKS, zfs, ecryptfs or even rclone (actually you can do it locally with rclone so the remote never sees cleartext).