As the title says, I want to know the most paranoid security measures you’ve implemented in your homelab. I can think of SDN solutions with firewalls covering every interface, ACLs, locked-down/hardened OSes etc but not much beyond that. I’m wondering how deep this paranoia can go (and maybe even go down my own route too!).

Thanks!

  • hauiAEnglish
    6·
    5 months ago

    Neat post and great comments. Saved. Thanks. :)

    My personal setup includes:

    • non web facing homeserver for the juicy stuff
    • vps with stuff I‘d barely miss if it was gone
    • far too many backups
    • automatic cleanup of backups so my hdds dont fill up
    • fail2ban listening on every log, even docker containers with permaban enabled
    • scripts are root 700 and so on

    I‘m aware that stuff might go horribly wrong but so far it hasnt.

      • hauiAEnglish
        2·
        5 months ago

        Losing stuff costs a lot more, depending on what it is. Also the stress and health risks accompanied are too much for me.

        You can get backups as low as 3$/tb afaik. But I only backup stuff that actually means something to me. Photos and videos, documents and code. No movies which take up a lot of space if you copy them with all the subtitles and languages.

        • HumanPerson@sh.itjust.worksEnglish
          11·
          5 months ago

          Hey so uhh… I just formated the wrong drive. It’s recoverable but requires terabytes of network transfers so I’m thinking you may be right.