Ceph is a huge amount of overhead, both engineering and compute resources, for this usecase.

Sometimes I think this community should be called homelab instead of selfhosted based on the kinds of questions

What’s the cost and impact of downtime for you? If you’re doing this for personal use it’s probably minimal for both so doesn’t really matter. If you want to try the new thing and you’re not afraid of the time investment or potential downtime then go for it

Runc is native.

It’s been a long time since I took it but these are two I recall being helpful. There is a ton of material out there on this cert. I think I recall the official book being helpful too.

https://www.professormesser.com/network-plus/n10-008/n10-008-video/n10-008-training-course/

https://youtu.be/_QBY29dmr-M?si=hmUo22xwjU6oa7Aj

Part 1 and part 5 look most applicable to you. You’re unlikely to ever need or want to mess with dynamic routing unless you’re doing networking for very large networks for example.

What you’re looking for is a backup. RAID is not a backup, as another poster said it’s a tool for enduring high availability, and possibly higher throughput.

Buy a second pi and put it in another location in your house or even better at friends house then configure regular backups of your important data to it. There are also cloud services for doing backups which are great because having a location to do off-site backups to can be really hard to get as an individual.

A lot of this is being complicated for you by not understanding networking fundamentals. I’d suggest looking into a Network+ certification which will cover all of these basics like DNS. You don’t have to actually get the cert, just going through the motions on learning the material should help a lot.

You seem to be close on grokking the whole picture and just need some of the basics that are hard to pick up from just doing things at home. A lot of work has been done to try abstract that away from consumers in order to make things easier which is making it harder for you.

Fair enough. Personally I’d start with their documentation then: https://docs.openstack.org/install-guide/

For OS it looks like they support RHEL/CentOS, Ubuntu, Debian, and SUSE so I’d stick with one of those.

Openstack is like self-hosting your own cloud provider. My 2 cents is that it’s probably way overkill for personal use. You’d probably be interested in it if you had a lot of physical servers you wanted to present as a single pooled resource for utilization.

How does one install it?

From what I heard from a former coworker - with great difficulty.

What is the difference between a hypervisor/openstack/a container service (podman,docker)?

A hypervisor runs virtual machines. A container service runs containers which are like virtual machines that share the host’s kernel (more to it than that but that’s the simplest explanation). Openstack is a large ecosystem of pieces of software that runs the aforementioned components and coordinates it between a horizontally scaling number of physical servers. Here’s a chart showing all the potential components: https://upload.wikimedia.org/wikipedia/commons/a/a5/Openstack-map-v20221001.jpg

If you’re asking what the difference between a container service and a hypervisor are then I’d really recommend against pursuing this until you get more experience.

Neat

How is this different from Fail2Ban?

Heartbleed was a thing that happened.

A lot of ISPs and hosting providers block outbound email by default.

You’re making it that much easier for someone to brute force logging in or to exploit a known vulnerability. If you have a separate root password (which you should) an attacker needs to get through two passwords to do anything privileged.

This has been considered an accepted best practice for 20+ years and there’s little reason not to do it anyways. You shouldn’t be running things as root directly regardless.

One. Use a switch for networking.

You can only do 100M runs max anyways, just replace the whole thing? 100M of CAT6 is pretty cheap if you already have a box for it.

Or is this an academic question?

10mb is pretty much nothing. May as well just use Fail2Ban.

FWIW that’s illegal and is considered hacking in the US and can result in jail time. You should only do this on equipment you own. Not saying you did anything particularly nefarious or that the chance of getting caught is high but just FYI.

It’s fun to learn a bit more about how wifi and encryption works by cracking it using something like aircrack-ng. There’s not really any other practical use unless you have bad intent or are planning on entering the security field.

If you don’t trust your VPS host then you shouldn’t use them. They have physical access to the hardware so it’s impossible to prevent them from accessing your stuff if they really wanted to (realistically they probably don’t want to).

I was wondering if an encrypted volume would make no difference for protecting any data uploaded there.

This is known as “encryption at rest” (as opposed to “encryption in transit”). In order for an application to use the content then it has to be decrypted using the private key (decryption key). Where are you storing the private key? If it’s on the VPS they have access to it. If you transmit it to the VPS at runtime they can access it via network monitoring. If you kept the private key only on your end-user devices (phone, desktp computer, etc) and then decrypted the content locally, then encrypted it before it was uploaded to the VPS then the provider would have no way of accessing that.

I’m not sure how is my data protected inside a VPS.

Ask your provider. The larger ones have a lot of security certifications and periodic audits showing that they’re in compliance with best practices for securing the clients’ data, including from their own employees. If what you find isn’t satisfactory then pick another provider.

Am I being too paranoid? Or should I be investing in a small physical server?

IMO yes but you need to determine how sensitive the data you’re storing actually is. Chances are that no one really cares about your personal photos or private git stuff. If you want to store the passwords for all of your email accounts and banking then I’d be more concerned - though I think that’s still fine to store on a VPS if you trust the provider.