Help wanted: best Home server, Nextcloud, Atomic setup with DynDNS?
Hey guys!
I want to convert my now corebooted Thinkpad T430 into a Nextcloud server and possibly more (Syncthing, maybe Tor, maybe more)
1 500GB SSD, 1 1TB SSD
Currently runs Fedora Kinoite, I could rebase to something like secureblue uCore, Fedora IoT, uBlue uCore, ...
Not sure if those would have broken configs though.
Maybe I would prefer something with slower pace, but tbh the pace of CentOS bootc becoming a thing is quite frustrating. This would likely be the perfect 'install and forget' distro for many, a KDE Image would be there in no time.
I wouldnt want to use a traditional distro, even though a base Debian or AlmaLinux/ Rockylinux (what the hell was that of a hydra? Cut off one head, spawn 2? what are the differences??) could just be fine. I used Debian in the past, it really just works.
I would like
Nextcloud AIO docker image, maybe with podman? It is supposedly more secure but the world runs on Docker, and all is fine. Podman is a pain quite often.
some nice management like Cockpit
dyn DNS, for example with NoIP, best free
secure ssh, that should be no issue
btrfs? or zfs? with backups to a secondary drive
automatic updates with snapshot creation. Atomic system would be easiest here.
easy to use and secure reverse proxy, with DynDNS for reliable address on the internet. NGINX, Traefik, Caddy, what is the best here??
Here I am not sure if I should use 1TB + 1TB, or 500GB used and 1TB backup. BTRFS backups can be incremental.
I would carefully think about what realistic threat scenario full disk encryptio protects you from.
On a server that runs 24/7 at-rest disk encryption usually helps very little, as it will be nearly always unencrypted. But it comes with significant footguns potentially locking you out of the system and even preventing you from accessing your data. IMHO in most cases and especially for beginners I would advise against it for a home based server.
Does the distro even matter as long as you're comfortable with it? Most of your services (if not all) can be managed as containers. Kind of the same deal with your filesystem choice, as long as you're comfortable with it and keep regular backups you can use anything.
I'm going to suggest something a bit more out there. You can setup this whole thing with NixOS. I have a bunch of docker containers that run as a systemd service, declared with Nix and personally, I like it very much. It's also got everything else you want but the atomic upgrades are top tier in NixOS.
For example if you want NoIP and Cockpit just add this bit to your configuration.nix
Adding something like docker or podman is just as easy with a one line like
virtualisation.docker.enable = true;
There is always a bit of a learning curve when doing anything with Nix but I find the buy in to be worth it. Here's a blog post about converting docker compose files over to the Nix format. This really isnt necessary as you could just make the systemd service run a oneshot against a docker compose file but this blog has a lot of nice examples.
Atomic automatic updates with snapshot creation? Maybe consider opensuse microOS if you are going headless...didn't quite understand from your description. I have a VPS running microOS that has been doing its automatic updates/reboot thing for a year+ now without a single issue. Opensuse's rolling stuff works very well, and you get native btrfs and snapper integration out of the box.
Easy to use reverse proxy - I really like Caddy. Reading/writing the config for that clicks better for me than others.
I like the novelty of using filesystem tools for backups, but can't shake the feeling that tools like restic and borg are more widely deployed and battle tested.
Fedora on its own doesnt do backups at all, which I find crazy.
rpm-ostree or bootc though are better, as they allow rebasing, resetting etc. This is not possible with microOS, which is a huge dealbreaker for having a server that will never have the need to be reinstalled.
Re reverse proxies, not exactly. Tried reading vanilla nginx configs and trying to understand nginx proxy manager, couldn't grasp either. Also gave haproxy a shot.
rpm-ostree
I guess I don't exactly understand the value of rebasing the core system. Small atomic core with snapshot-based rollbacks, with containerized beyond core stuff seems to get you 99% of the way there, no?