• 1 Post
  • 19 Comments
Joined 1 year ago
cake
Cake day: July 15th, 2023

help-circle




  • Maybe the first question is what your budget is, both regarding money and time. For example, you could buy a pre-configured NAS from Synology or QNAP, which requires less technical skills but more money, or a home-made solution reusing used components (but fresh disks for reliability). Depending on your electricity costs, you may want to choose a low-power solution or something which you power off when not used. For storage, maybe a three-disk RAID5 is a good compromise. For backups, plain S3 cloud storage encrypted via restic is a good idea.









  • There is some information missing in the problem description. For example, if you close the lid, does the computer suspend/sleep/hibernate? It may be that when the computer sleeps something “breaks” or it may be that the act of physically closing/opening the lid has an effect (e.g. because the WiFi antenna is embedded in the display frame).

    Some time ago I had a similar problem with Tailscale and sleeping. When Tailscale initializes itself (at boot), it has to interact with another service to communicate which DNS servers have become available (e.g. 100.100.100.100). Several implementations of such services exist (resolvconf, openresolv), in my case systemd-resolved. During normal operation, resolvectl status (if using systemd-resolved) shows which DNS servers and which search domains are configured for each network interface such as tailscale0. Now, there is a bug (or feature) that systemd-resolved “forgets” the DNS configuration it got from Tailscale when the computer is put to sleep. So, when the computer wakes up, name resolution via Tailscale no longer works, giving you the impression that Tailscale itself is not working, although Tailscale’s low-level functions are still operational. My “solution” was to write a small script that gets executed when the computer wakes up which sets again DNS server and search domain for network device tailscale0.







  • Backups serve different purposes and if encryption by malware is a threat, you have to do backups differently, as opposed to, for example, hardware failure, where your NAS is a valid approach. To protect against encryption malware, you must make your backups inaccessible. One example are read-only backup media like DVD-ROMs. Another example is to make regular backups on tapes or HDDs and lock them up somewhere. You only take them out after you have wiped all computers that were affected by malware.