My #nextcloud runs on a little box in my home.

I am a bit worried about floods, fire, or the oil refinery(!) next door, and having to evacuate.

Sooooo... A #hostedServer somewhere, right?
But my nextcloud also has my #passwords, and then someone else might have access to my passwords. 😱

Also, storage is quite expensive right now.

Every week or so, I start to worry, then look up prices, and decide that no. I'll live with the little box in my hallway.

I #selfhosted myself into a corner.

@techwitch #selfhosted comes with added responsibility.
How are your passwords stored? In Notes/docs or using one of the Password apps?

@daj Fully agree.
i have a vaultwarden selfhosted, and regular keepass exports in several places for paranoia reasons.

@techwitch I self-host basically everything but then I use B2 as a cloned storage in the cloud. You can encrypt everything before it leaves.

(Substitute whatever cloud solution in your area for B2 - just find something usage based)

@raineer What is your plan if circumstances make you leave your home for an unspecified time? Take it with you?

I have a data backup in cloud storage if all else fails, but none of the functionality nextcloud brings.

@techwitch For your passwords specifically, I would keep it self hosted but run a cron script every week or so to do a backup, create an archive of the backup, encrypt the archived, and upload it somewhere.

@techwitch I’m hosting all my services at home. Every week I do backups of all important data to multiple harddrives and also the cloud ( @filen ).
That way I can always recover my data in case if for example a fire in my home.

@techwitch I use WireGuard to vpn to my house from wherever I need.

Very easy and lightweight from almost any device, and all of my homelab stuff feels local wherever I am.

@techwitch I agree with @raineer . If you are able to host your Nextcloud at home, an encrypted backup to an external storage should be your choice. I run a nightly backup of database, Nextcloud directory and data directory with automysqlbackup and #borgbackup, which is mirrored to an external #raspberrypi connected with #wireguard.

@techwitch I have a secondary server at the basement of a friend a few 100km apart. The server is torned off most of the time but awakes once a week and syncs my backup (#bup based system) over. So, I have good faith that I might only loose 7 days of data in the worst case.

@chrisp I don't often create new passwords any more, so I mostly do the backup-in-all-the-places on demand, about once a month. My automated daily (encrypted) backup "only" gets saved to 1 local and 1 cloud location.

Reading between the lines of what you and everyone else is saying, I need to reign in my paranoia, but it's hard! 😅

@pdl @raineer
I'm already doing offsite backups, no worries.

I'm just not really able to accept that if my neighbourhood blew up, my nextcloud would be down for however long I need to secure new hw, set it up and restore from backup.
Yes, it's a one-witch-instance, not any kind of enterprise.

Reading between the lines of what you and everyone else is saying, I need to reign in my paranoia, but it's hard! 😅

@techwitch @raineer My neighborhood did not blow up the last 65 years. I hope this event will not happen in the next 20 years.

@pdl I'm with you, completely. Not just for your and my neighbourhood, but any of them, anywhere.

A few nights ago, the refinery close to me burnt some gas in the night that was audible over several km even through closed windows, and made me realise that the refinery is much closer to me than my biking past it led me to believe. (But there wasn't even a warning on FOSSwarn, so everything must have been harmless...)
So that is probably the inciting incident for my paranoia this time.

@techwitch @pdl this isn’t available for everyone or all use cases, but I did make sure I have two personal laptops which are able to have full downloads of all the content

Even one laptop which stays synced can serve as a recovery plan. If you lose the house, you still have all your local files on a single source which maybe you could save and remains easy to access

Beyond this, you really are talking about hosting it at a VPS. If I wanted to do this, I’d probably use folder-level E2E for the most sensitive stuff, meaning it’s not possible to be seen without the client keys - but those folders are restricted in the interface for anything but sync. You could run everything in this mode if you really wanted to.