Do you mind giving me an example? I have issues with technical questions but with enough coaxing I could find what I was looking for.

Anything that can run proxmox is running proxmox. Even if it’s a single OS running on it, it’s still running proxmox

It’s a VPN. It’s standard ChaCha20/AES 128. Good enough for private entities but not FIPS certified

I use a mixture of tailscale and zerotier. Both are pretty powerful.

Then you’ll need to factor in the solar initial cost as well!

BirdNet Pi!

https://github.com/Nachtzuster/BirdNET-Pi

Yes but you can get two free instances under the same account.

Actually you can get 2 IPs for free. Then use high availability

I use ZeroTier on a MikroTik router.

Then just advertise routes on the router.

Ionos.de has a €1 a month VPS

I think 1 core, 1gb ram, and 10gb.

Use either caddy or Nginx proxy manager. Both are easy to setup. Also both are dockerized.

I use Tailscale as my tunnel.

Total latency is about 70-90ms for me.

My friend has 1G/1G Internet. I have a rsync cron job backing up there 2 times a week.

It has a 8TB NVMe drive that I use bulk data backup and a 2TB os drive for VM stuff.

Sony already did that with the PlayStation didn’t they?

RouterOS has WG built in as well as ZeroTier. RouterOS has become quite powerful lately, but make sure you have at least an ARM/ARM64 CPU for it.

All of my remote routers are running RouterOS without anything on top of it. RouterOS is powerful enough for anything I throw on it. But I am using much beefier routers, I have 2 x 5009 and a HAP AX3 which have plenty of flash and ram ro run the additional packages I need.

As for normal computers, I have it on a UPS and I backup core files to off-site areas. Additionally, I buy SSDs that have a little bit of powerloss protection.

I’ve never had issues with mini PCs but I’ve had issues with PIs. I’ve since switched to high endurance SD cards for my Pis and they’ve been rock solid. One’s actually semi exposed to the elements for about a year now without a hiccup.

With RouterOS you can still use DoH with either a self hosted list or a selected ad list. If you want to selfhost a DNS server I’d just host a Adguard Home instance on a VPS for all of your devices.

I also have 2 VPN system for my remote management on 2 separate systems. I learned that the hard way when one of my clients is 8 timezones away.

My ISP blocks all outgoing ports. Maybe I’m not trying hard enough but anything I try port forwarding ends up getting blocked.

Minecraft and port 80 are the 2 I’ve tried and they’ve been unresponsive

I’m using the rb5009 but im using RouterOS not openwrt. Any reason why you’d want to do that?

I personally think if you’re buying a purpose built hardware and then putting your own software on it, you should move to a mini computer with OpnSense.

I’m switching my immich instance to an SSD one and switching my VPN from zerotier to tailscale.

Hopefully that means my Immich will be a little more reactive.

I want to be able to upload/download/share my photos from anywhere in the world without using a VPN. Additionally, this satisfies the wife requirement. It works in the background without her needing her to turn on the VPN. I don’t want her to keep asking me how do I turn on the VPN? If it’s just me, then no issue, I’ll use a VPN.

It’s hard to explain from scratch.

Caddy is a reverse proxy software that essentially redirects traffic from a certain port to another port. For example external:port => internal:port. It also enables SSL encryption meaning everything will be encrypted en route between the external and the user.

VPS is a virtual private server. Just someone else’s computer you can expose to the Internet.

Tailscale is a mesh VPN that uses wire guard as its transport. I use this to tunnel between my VPS and my Immich server to hide my home IP and to allow encrypted traffic between my Immich server and my VPS.

A zero-day (also known as a 0-day) is a vulnerability in software or hardware that is typically unknown to the vendor and for which no patch or other fix is available. The vendor thus has zero days to prepare a patch, as the vulnerability has already been described or exploited.

There’s no fix other than security through layers.

Pretty much I have caddy on a VPS that’s pointing to my internal IP using a tailscale tunnel. You are still exposing the web gui to the Internet so I just changed authentication to OAuth to mitigate since risk. There is still a possibility of attacks via zero days, but my immich is on a VM and I’m creating firewall rules to just allow certain ports out.