I just use ssh for management. Monitoring is handled by nagios.

Shouldn't use the Xfinity router anyway, that thing is fuckin garbage.

If you've got a copy of the data that's local, why are you opening up ports? Just run the backup job internally.

I'm also not fond of using SBCs as a NAS, by nature their I/O is extremely limited. It will probably work as a backup, but man do I not trust a USB interface at all.

I also recommend not relying on email for notifications - too unreliable. I use the healthchecks.io docker image and have it send me notifications via Pushover when something fails.

Depends on your needs and your threat surface.

Are you just an individual? Use Windows defender and ublock origin in the browser.

If you're setting this up for some older folks create a separate non-administrator id for them to use day to day.

As a business if you need antivirus your really want something with an EDR team behind it looking for anomalies - not just virus signatures. Something like bitdefender EDR or Huntress.

Doesn't come with a power adapter and has weird power requirements. Wouldn't power up at all with a standard 5V 1A wall plug, needed 5V 4A.

Apart from that it's been perfectly fine. I wish other OS than the armbian they provide supported this CPU.

freshRSS. I'm using the linuxserver.io docker image.

Nothing is really too much.

I have too much hardware to swap out to go 10G networking or I totally would.

The point of my homelab is for me to learn and break stuff in a safe environment, so if that leads me down a Kubernetes rabbit hole at some point so be it.

I only rolled my own Wireguard VPN because I wanted to learn how things worked on the backend - I've suggested Tailscale to many other people, its just a really well designed product.

It's astonishing to me how much they're giving away for free.

Unrelated note, but , the URL in your profile description is misspelled, OP.

I recently migrated all our various Excel and Word documents from Sharepoint into a self-hosted Bookstack instance. I love it.

I have one shelf for stuff like SOP, contracts, etc, and another for customer documentation.

Me currently banging my head against the wall trying to get Sway configured.

Someone may have commented this already but my recommendation is to set up an overlay network like tailscale or twingate.

Doesn't require you to open any ports on your firewall, and Tailscale at least is very performant since it uses Wireguard as it's underlying protocol. (I have yet to test Twingate but I've heard positive things.)

It will require a little more setup per device but it's honestly incredibly simple and more than secure enough for a home network.

Tailscale also has something called a subnet router which you can use to get incompatible devices onto the tailnet.