This along with borg warehouse is the GOAT setup. Many others exist of course.
Borgbase for offsite backup as well. Has been rock solid and I test download files from there every now and again with no issues. Never really did a full restore since its my 3rd line backup
I use a docker container that uses the MySQL/postgress dump command to create database dumps every hour with a retention policy. The dump is placed into docker data directory.
My docker data directories are in a parent directory on the host.
Borgbackup then runs the backup on this one directory. Like the other reply mentions, this is probably overkill since the database doesn't isn't being written too that intensivley but the resources needed to do this are minimal so its not a big deal once you know how to set it up.
I did his when I moved from unraid because I wanted better infra as code for my dockers etc. Kept unraid with all my drives and use NFS mounts from another machine with proxmox that runs a VM for my dockers
Then you add authentik which does SSO for many app like nextcloud, immich, linkwarden etc. For apps that don't integrate, you can still use his with reverse proxy authentication (sonarr).
Naturally this is more complex to setup but nothing beats the versatility.
I can choose extra protection for things like vaultwarden (need to connect via wiregaurd). Make things external for other users to access easily (immich, jellyfin, etc). Everything is based on users that are made in authenticatik and they all have the same password with single sign on.
You would approach this is pieces. get the domain and reverse proxy working first. Then authentik. this is only realistic with docker compose.
Assuming this is all true, sure its not great but how much does it matter?
Most have jellyfin in a docker. My jellyfin can't only has read only accses to the media folder. Only the config folder has write access. Assuming the worst case scenario here, how much damage can than do?
I've been using jelly since just after the emby fork and never had an update issue on docker. Automatic snapshots every 5 mins (amoung other backup tools). means I don't need to worry much if it does.
I have traefik running with all config done via the docker compose files and I just couldn't figure out how to get the bouncer middleware to work without causing problems. Doesn't help that most examples seem to be based on the static yaml based config so I'm trying to convert jt.
Would appreciate anyone who might know of a resource that explains with docker compose environment tags.
I also have middle ware for things like authentik which complicates things.
Others have already mentioned the question makes no sense but for others that are curious.
Headscale is a self hosted tailacale alternative and for a small number of devices plain wireguard is as well. I use plain wireguard on my router to allow LAN access from my mobile devices.
I want rock solid stability and simplicity since I use this for to debug issues if they crop up while I'm away.
The thing I like most about linkwarden is that it integrates with my existing single sign on (authentik). After you get to a certain number of apps, it becomes extremely annoying to not have this so I now look for SSO as a major factor when deciding what app to use.
The small android app that allows android share button to send links to the app and full archive options also make it fantastic
The native rewrite of the Android app is butter smooth. I think it's still technically in beta, but I've been using it for more than a year.
Also, I don't think I ever use the pop-up on mobile. Instead, I use the button on my keyboard. Gboard and FUTO Keyboard both show bit warden buttons at the top when I'm on a logon page
Mine works instantly on a pixel 8. There is a notification that is always active for the gotify app. I believe an always on notification is required for instant pushing with non google apps. Maybe you haven't enabled it in the settings somewhere?
This along with borg warehouse is the GOAT setup. Many others exist of course.
Borgbase for offsite backup as well. Has been rock solid and I test download files from there every now and again with no issues. Never really did a full restore since its my 3rd line backup