Cloud security geek, cigar smoker, amateur electric bass player, hoping to be an ally where I can. he/him
I’m with you. Same vintage IT guy, self hosting similarly. I dunno. I throw a lot of stuff up on my xcp-ng box. Some is important. Some isn’t. I’m doing all manner of old-school firewall and perimeter security and not worrying a ton about logging in my containers. I guess I’m just fatalistic. If I get hacked to the point that I’m digging through logs to figure out what happened, I’m kinda fucked. So I focus more on backup and restore. Can I restore to a known good state? But I hear you. Kids these days with their containers and their pipelines and their devops. Back in my day…
321 strategy: 3 copies of everything important, 2 on-site, 1 in cloud. I have a TrueNAS Scale NAS running RAID5 on ZFS. All the laptops, desktops, etc. backup to the NAS. (Mostly Macs, so we use time machine over the network). So the original laptop/desktop is 1 copy. The NAS is a second copy on-site, and then TrueNAS has lots of cloud options. I use Amazon S3 myself, but there are lots of choices.
Prior to this I had a Synology NAS. It was “small” (6TB), so it has a RAID mirror of 6TB drives and a single 6TB external USB that had a backup of the mirrored pair (second copy on-site). Then I also used Synology’s software to backup to S3.
For my Internet-facing VMs, they all run in xcp-ng and I use Xen Orchestra to manage them. I run regular snapshots nightly, and then use NFS to copy them to a cloud server. That’s sloppy, and sometimes doesn’t work. So the in-the-house stuff is backed up well. The VMs are mostly relying on Xen snapshots and RAID 5.