Highly recommend restic. Simple and flexible. Plus I've actually used it on two occasions to recover from dead boot drives.
loganb
joined 1 year ago
GrapheneOS also has this cool feature called Scramble PIN Layout to try and protect against guessing the pin from fingerprints on the screen.
Have you looked into policy-based decryption? Here's an knowledge base page on the RHEL customer portal that goes over it well. I'm not sure if this will work on freebsd but it does offer a solution that allows for zero-touch reboots.
I stand corrected, its been quite a few years since I needed to use the ADB backup so I guess back then it was more complete.
Found a good detailed explanation here.
Shame that it seems to be getting phased out for cloud backup solutions. Makes sense that google would want to control more of your data and make you pay for it.
As installing a custom ROM typically involves using ADB anyways, I would suggest that you back up your device normally (copy files over to a folder on your computer), and then use the built-in backup function in ADB to make a secondary complete backup.
Also, depending on your threat model, you might not want to move any files from your old installation to your new one. Its possible that the old files, applications, and linked accounts could compromise your new installation privacy / security. I also generally enjoy starting with a clean slate after a new OS install.
CGNAT = Carrier Grade Network Address Translation. It makes it practically impossible to open ports to the public internet and in some extreme instances make zerotier very unstable. Typically you only have CGNAT if your internet connection is 4G or fixed wireless.
OpenVPN is just a VPN protocol. Roughly comparable to wireguard. It has been the gold standard for VPN technology for the past decade or so. Wireguard by comparison is much newer, and lighter to run. This typically results in faster throughput from a computational standpoint and devices where power is limited (cell phones), uses much less power by leveraging modern CPU encryption methods.
If you have the option to port forward on your home internet connection, its possible to setup a VPN connecting in a straight shot from your home to your roaming device. If you can't port forward, you will need a main in the middle (the VPS) to establish and route the connections through.
Zerotier works off of a PTP style network and the free plan allows up to 50 devices when last I checked. I'm not sure on the availability of zerotier or wireguard on truenas as the last time I used TrueNAS was Scale 22.
My recommendation would be some kind of VPN. If your looking for something plug and play and free, look into zerotier.
If your home internet connection sits behind CGNAT, like me, just buy a cheap vps and set up your own wireguard network.
Both solutions avoid exposing your services directly to the public internet which reduces attack vectors and adds an extra layer of encryption.
If my understanding of how "force SSL" works for most proxies, it just simply issues a HTTP 300 redirect message for all http traffic coming in on port 80. It then sends everything to port 443 https.
Do you get a 502 when you try to connect with the force SSL turned off? It might me less of an issue with SSL and more that your proxy is not pointing to the right host / port of your nextcloud server.
Very interesting idea for a self hosted service! I will definitely take a stab at hosting it! I have a decent collection of DRM-free games from humblebundle and GOG that I always wanted in one place. Question, I know you dont currently have a native linux client. That being said, do you have a native linux client on the roadmap?
Just to make sure. Are you copying to your ZFS pool directory or a dataset? Check to male sure your paths are correct.
Push vs pull shouldn't matter but I've always done push.
If your zpool is not accessible anymore after a transfer then there is a low-level problem here as it shouldn't just disappear.
I would installe tmux on your ZFS system and have a window with htop running, dmesg, and zpool status running to check your system while you copy files. Something that severe should become self evedent pretty quickly.