Netbox,especially when combinded with Plugins is so incredibly good and might,that’s it’s almost funny how good it is. What I do Plugin wise:

• Documents: not implemented yet by me,but one could store manuals,etc. directly within netbox.

• Lifecycle and Inventory: While it’s not as good as snipe-it (tbh, inventory is imho one of the worst plugins) it does the job for my small deployment

• Slurp it to scan automatically

• QR Code for obvious reasons

• Floorplan as well

Of course that sounds overkill for a small deployment, but I simply forget too many things after a few months otherwise and it’s something my family (wife is in IT and far more qualified than me) would need if something happens to me,so a proper documentation would be essential for that as well.

Just saying:

There are alternatives for LE,not for all things, but for a lot. Afaik not all of them do follow suit.

Yeah,Netbox is also my main solution, combined with forgejo repo.

Works very well.

She operated a (pretty shady) bar and basically prioritised that and her own enjoyment over her child a lot of times,letting her child sleep in the (guest area of the) bar,even when she was not working and someone else (she barely knew) worked there because she was out partying. Additionally this lifestyle led to her sleeping in for a long time letting her daughter often be unsupervised/uncared for at a very young age (like…toddler age) - as it happened on that day. (She kid skipped school - very likely with her mother knowing and allowing her after a fight they had. And left “to visit a friend the same age” - who would be in school at that time. There are some sources citing neighbours that it’s possible she threw her out because the girl was getting on her nerves as she possibly did before).

She actually, under mounting pressure from the German version of CPS and her relatives and friends openly (including in front of the child) discussed giving her up for adoption (like she had done 2 times before with other children)/ claimed she didn’t want to be responsible for the child.

She later refused to take part in the court proceedings, mainly these also did shine some light on her role of her as a mother and actually was almost imprisoned for being in contempt of the court. There are some theories that this, together with the fact that the perpetrator claiming that he was blackmailed by the child which back then would have fallen back on her as well (even if obviously untrue) was the real reason she decided to kill the guy at the time she did. (She later on confessed that it was murder and not manslaughter)

Surely a lot of things must be seen in the (very tight and depressing) morals of the time - she was a young woman with a bad family history herself and then her life became even worse. But…that was not the fault of the child as well. And by either standards, todays as well as the ones back then she surely was a bad mother,sorry.

Was she responsible for the murder of her daughter? No. Does that make her less of a bad person and less of a murderer herself? No.

(We had to cover this case in uni extensively - one of my professors actually was working as a DA in the same building back when it happend – or something like that, can’t remeber-)

To be honest: She was far from a saint herself and it’s very likely that she didn’t do it for the girl but more to make sure she wasn’t painted in even more of a bad light

It’s a sad story all along.

So far that’s not working to much,but development is fast it seems

Basically a book downloader that connects to various sources, mainly Annas archive, and then hands the downloads over to CWA(or booklore). While still heavily under development it works.

https://github.com/OrwellianEpilogue/ephemera

Calibre Web Automated and Ephemera. But looking to switch to Booklore some day,just haven’t had the time.

Mealie is far superior to Tandoor,imho.

Thanks a lot. I expanded it a little bit.

Basically:

• Small proxmox node (Zimablade) that basically does only operate a Proxmox Backup Server for local clients and fast backup.

• Offsite ZFS send to a VPS I operate for that purpose. As well as Proxmox Backup Server for VMs,etc. Basically meant as a fast recovery option. (Layer7)

• Offsite S3 storage backup to a different provider from above. Meant for a medium term backup. (Hetzner and IONOS)

• Portable HD: I have two different portable HDs. One is hooked up to the Backup server, the other one is in a lock box in my banks safe. The “connected one” does a weekly backup (and is switched off in between). Once in a while (around 6 to 12 weeks, with 12 weeks being the hard maximum) I take the active one to the bank and both drives switch places. That provides a full backup. (WD My Book and Seagate Expansion - the differrnt manufacturers are intentional)

• Last line of defence: The real real important things (photos of life events-weddings,etc.- important documents,Password DBs) etc.) get burned on a M-disc Archive blue ray. They are also in the bank safe and at a secure third location. They are more meant for “shit hit the fan and I might not be there anymore,but maybe the kids want these”. Additionally they provide a defence against encryption viruses - write once reas many (WORM) has it’s advantages here.

This is another thing to consider: Have detailed descriptions for others how to retrieve your data in case something happens. I operate a private wiki (on an external server) that also gets saved into the M-Discs that has step by step instructions, as they might need to be followed by someone not that tech adept. (Like my In-Laws in case both my wife and I perish.), have notes in my password DB (Vaultwarden, which has a digital heritage/emergency access function and is also exported), in the vault, and a note in my will notifying people about this.

Edit: And: Test your recovery. Almost every data loss I have witnessed in the last years was a recovery problem. Missing encryption keys, data structure issues, etc. I have seen them all. Personally I try to recover a random file (as in: A script tells me which one) twice a year from every method and try a full recovery of each method at least once six month after introduction. Thst being said: It’s nice to have encrypted backups,but that doesn’t help if you can’t find the keys/the software does no longer exist,etc. Currently a LOT of my clients have the same problem: They use Tandberg RDX for backup, including WORM. Now, Tandberg has gone bust and it’s not that unlikely that yhey won’t be able get another RDX drive in 5 or 10 years. Or 20. Which is the legal requirement for some official files here. Well,fuck. They needed to get additional drives asap when the bankruptcy became official.

Friends have used ancient LTOs and now face the same issues - LTOs are not downwards compatible. (That’s why I use “common” technology. It’s extremely likely that I will be able to find a spare BD drive in 20 years,etc.)

Cyberpower OR600ERM1U or similar are nice - or the OL1000ERTXL2U if you want a online usv.

Not that the Eatons are bad,they are a little bit nicer in a few things, but often also more expensive.

Privileged or unprivileged LXC?

Just like Cloudron.

Tbh, I have given up on Proxmox Helper Scripts for more demanding things recently as I had similar issues.

You can use the fully packed VM appliance or iso as well. Or Docker.

Or,tbh,try the manual install,it’s somewhat straight forward. If you need help let me know.

Another option: Zabbix.

Sounds like overkill initially, but works fine and can be automated fairly well. Once installed (as a LXC/VM or on a seperats device if you want independent monitoring), you can setup a API acess for monitoring Proxmox (which will monitor all LXCs,etc. automatically) and then add the agent on top to monitor the underlying machine. There are dozens of ways to monitor Zabbix hosts temps, HDDs,etc. available online.

In theory you could also let a zabbixproxy collect all your hosts data (e.g. your Proxmox Host, your switch,etc.) in your network and then send it to a VPS outside your network so you monitor offsite and can be alerted when not at home.

ZeroSSL has unpaid plans (for non wildcards) that have a few advantages that LE doesn’t:

• No Ratelimits,
• A WebDashboard
• More ways to validate
• They have a RestAPI

And, first and foremost, they are European and it’s always good tk have an alternative ready.

But as said before, I totally missed the wildcard issue, as I haven’t touched these for a long time and recently had more to do with my public services (which get a ACME single domain cert via zeroSSL)

Sorry, then proceed with LE. Got that part mixed up, you are totally rjght.

It is absolutly possible, but oersonally I would highly recommend getting yourself a proper public domain for that,even if you won’t use it otherwise (it’s even somewhat saver if you use a designated one for it).

To make it really easy get the domain with someome who also provides DNS with it (Hetzner is a solid choice, so are others, has to have an API). (E.g. “mydomain.casa”.)

Now get an internal DNS server that can handle it’s own zones. I always recommend technitium, but there are other choices. Pihole is not a good choice here.

Next thing is a reverse proxy,as you mentioned. If you want it easy, NginxProxyManager is a good choice, but limits what one can do later. But it kind of works out of the box. Traefik and caddy are both often named,but I found none of them as “fire and forget” as NPM is - and caddy can’t do a lot of things either. Traefik is what I currently use,but even using Manatrae or similar GUIs it’s sometimes a pain. But it’s absolutely powerful especially when you run a lot of docker container on the same host. Tbh, if I had not some special requirements I would still use NPM.

Now, what to do? (Not a full manual, more like a ovrview that it’s not that complicated)

1. Install all of the above on docker.
2. Setup NPM with a wildcard certificate, register with zerossl.com (has advantages over LetsEncrypt), add them as a provider and get a wildcard(!) certificate. (*.yourdomain.casa).
3. Setup a proxy host. You simply add the domainname (nextcloud.mydomain.casa),point it to the actual container ("192.168.1.10:3000) and choose the wildcard certificate as a SSL and switch on “force SSL”.
4. Go to the DNS server, create a DNS zone “mydomain.casa” and then simply add “nextcloud.mydomain.casa” and point it to the Reverse proxy IP. Done.

For good practice I would recommend to also keep a zone that links directly to the services so you can use that whenever necessary. (mydomain.internal)

I would avoid a Raspi/ARM at all costs. But there is a third alternative: A x86 SBC like a Zima Board or blade might be exactly what you are looking for. Small, powerful enough and far easier than an ARM to maintain.