This post considers the situation where you expose your ports to the internet, on the edge of your residential network, for example by setting your router to forward requests with port 443 to a certain host in your network. In this case you do have a public ip address and the configured port on your home server is now reachable from the internet. This is different from just exposing a port on a machine inside a residential network for local use.
Regarding gaming, I had big trouble trying to play some steam games on gnome. After switching to KDE stuff just works.
Also you can't (feasibly) run Hyprland on Debian stable, nor can you (easily) run GNOME on MX Linux, etc. So there are a few points where distro choice does have an effect. But I think I got the point across enough with the question
Can confirm, arch runs fine on my 2014 macbook pro too. Does definitely require some adjusting to get there, but if you wanna use arch that's a given anyway. Gnome desktop has decent multi touch support for the trackpad out of the box IIRC.
Something to consider, advice given to me, is that ZFS support on Linux regularly breaks with newest kernels so if you go for ZFS long term, be prepared to run a lts kernel at least as a backup.
I use both. LUKS+btrfs being nice on the Arch desktops, and ZFS on a serverside pool, managed by a TrueNAS Scale VM.
I have an external storage unit a couple kilometers away and two 8TB hard drives with luks+btrfs. One of them is always in the box and after taking backups, when I feel like it, I detach the drive and bike to the box to switch. I'm currently researching btrbk for updating the backup drive on my pc automatically, it's pretty manual atm. For most scenarios the automatic btrfs snapshots on my main disks are going to be enough anyway.
Exactly this. As a European I don't feel comfortable anymore relying on any US service for essential needs. Stuff like youtube is fine, it's just entertainment. But I cannot rely on big tech on anything that, if suddenly gone one day, would cause me any sort of actual annoyance. When you think about it the list is quite long and sneaky.
As for smart home control, HA is the standard. No-brainer.
For mobile OS, you can buy Fairphones with /e/OS pre-installed, a fork of LineageOS. There are some tradeoffs, but it's generally usable, though not as secure as stock Android as it gets the security patches with a delayed schedule.
Oh yeah and I did enable Proxmox VM firewall for the TrueNAS, the NFS traffic goes via an internal interface. Wasn't entirely convinced by NFS's security posture when reading about it.. At least restrict it to the physical machine 0_0
So I now need to intentionally pass a new NIC to any VM that will access the data, which is neat.
Replaced the bare metal Ubuntu with Proxmox. Cool cool. It can do the same stuff but easier / comes with a lot of hints for best practices. Guess I'm a datacenter admin now
Wiped the 2x960GB SSD pool and re-created it with ZFS native encryption
Made a TrueNAS Scale VM, passed through the SSD pool disks, shared the datasets with NFS and made snapshot policies
Mounted the NFS on the Ubuntu VM running my data related services and moved the docker bind mounts to that folder
Bought a 1Gbps Intel network card to use instead of the onboard Realtek and maxed out the host memory to 16GB for good measure
I have achieved:
15min RPO for my data (as it sits on the NFS mount, which is auto-snapshotted in TrueNAS)
Encryption at rest (ZFS native)
I have not achieved (yet..):
Key fetch on boot. Now if the host machine boots I have to log in to TrueNAS to key in the ZFS passphrase. I will have to make some custom script for this anyway I guess to make it adapt to the situation as key fetching on boot is a paid feature in TrueNAS but it just makes managing the storage a bit easier so I wanna use it now. Disabled auto start on boot for the services VM that depends on the NFS share, so I'll just go kick it up manually after unlocking the pool in TrueNAS.
Quite happy with the setup so far. Looking to automate actual backups next, but this is starting to take shape. Building the confidence to use this for my actual phone backups, among other things.
This post considers the situation where you expose your ports to the internet, on the edge of your residential network, for example by setting your router to forward requests with port 443 to a certain host in your network. In this case you do have a public ip address and the configured port on your home server is now reachable from the internet. This is different from just exposing a port on a machine inside a residential network for local use.