To add on to this, if you are using flatpak apps and want granular permission control, check out flatseal. Fedora (IMO) has one of the best flatpak integrations out of the box. Other "sandboxing" or containerized app deployments are snaps (made by Canonical), and appimage (I'm not entirely sure this qualifies as an app container).
From my experience, flatpaks is currently leading in adoption when compared to the other two.
I'm not entirely sure tbh. Like I said, mixed results depending on the app, but my working throey is that the session installer can automatically install apps that have the same signature and don't require any changes in permissions. I've seen some apps do in-place upgrades with no user touch but some don't.
I've had better success with auto-update using Driod-ify. At the very least the client downloads the updates automatically so it's just a matter of tapping install.
I dont know if this qualifies as a "toaster" but Ive used this docking bay in the past for a NAS and it served my purposes decently well.
One thing to keep in mind is that random IO will be lacking with a usb interface. Also, this particular chipset does powercycle all the drives when one is removed so drive swaps end up requiring you to power the entire system off to perform. Also no integrated cooling may be a deal breaker as you illuded to.
If I was basing a nas build off of a PI, I would look to use the PCIe 1x2.0 interface on the pi 5 as a HBA.
It depends on the size of your budget (if it exists at all). Your probably better off doing some e-waste dumpster diving. Shoot for something with a 3rd gen i3 / i5 or newer and at least 4gb of RAM.
That generation is when Intel added MPEG hardware encoder so it opens up a lot of options for self-hosting media servers.
Just to make sure. Are you copying to your ZFS pool directory or a dataset? Check to male sure your paths are correct.
Push vs pull shouldn't matter but I've always done push.
If your zpool is not accessible anymore after a transfer then there is a low-level problem here as it shouldn't just disappear.
I would installe tmux on your ZFS system and have a window with htop running, dmesg, and zpool status running to check your system while you copy files. Something that severe should become self evedent pretty quickly.
Have you looked into policy-based decryption? Here's an knowledge base page on the RHEL customer portal that goes over it well. I'm not sure if this will work on freebsd but it does offer a solution that allows for zero-touch reboots.
Shame that it seems to be getting phased out for cloud backup solutions. Makes sense that google would want to control more of your data and make you pay for it.
As installing a custom ROM typically involves using ADB anyways, I would suggest that you back up your device normally (copy files over to a folder on your computer), and then use the built-in backup function in ADB to make a secondary complete backup.
Also, depending on your threat model, you might not want to move any files from your old installation to your new one. Its possible that the old files, applications, and linked accounts could compromise your new installation privacy / security. I also generally enjoy starting with a clean slate after a new OS install.
CGNAT = Carrier Grade Network Address Translation. It makes it practically impossible to open ports to the public internet and in some extreme instances make zerotier very unstable. Typically you only have CGNAT if your internet connection is 4G or fixed wireless.
OpenVPN is just a VPN protocol. Roughly comparable to wireguard. It has been the gold standard for VPN technology for the past decade or so. Wireguard by comparison is much newer, and lighter to run. This typically results in faster throughput from a computational standpoint and devices where power is limited (cell phones), uses much less power by leveraging modern CPU encryption methods.
If you have the option to port forward on your home internet connection, its possible to setup a VPN connecting in a straight shot from your home to your roaming device. If you can't port forward, you will need a main in the middle (the VPS) to establish and route the connections through.
Zerotier works off of a PTP style network and the free plan allows up to 50 devices when last I checked. I'm not sure on the availability of zerotier or wireguard on truenas as the last time I used TrueNAS was Scale 22.
If my understanding of how "force SSL" works for most proxies, it just simply issues a HTTP 300 redirect message for all http traffic coming in on port 80. It then sends everything to port 443 https.
Do you get a 502 when you try to connect with the force SSL turned off? It might me less of an issue with SSL and more that your proxy is not pointing to the right host / port of your nextcloud server.
Very interesting idea for a self hosted service! I will definitely take a stab at hosting it! I have a decent collection of DRM-free games from humblebundle and GOG that I always wanted in one place. Question, I know you dont currently have a native linux client. That being said, do you have a native linux client on the roadmap?
I second restic. Have been using it for a year now and have been generally very happy. Actually had to use it in a couple occasions to restore directory content and even recover a complete workstation drive. I have had relatively easy success in both scenarios.
To add on to this, if you are using flatpak apps and want granular permission control, check out flatseal. Fedora (IMO) has one of the best flatpak integrations out of the box. Other "sandboxing" or containerized app deployments are snaps (made by Canonical), and appimage (I'm not entirely sure this qualifies as an app container).
From my experience, flatpaks is currently leading in adoption when compared to the other two.