Comment on Help wanted: best Home server, Nextcloud, Atomic setup with DynDNS?

<- View Parent
boredsquirrel@slrpnk.net ⁨5⁩ ⁨weeks⁩ ago

Hm, so when using Nextcloud, is the db itself encrypted or something?

All my devices are encrypted.

Access to the decrypted data requires RAM access, i.e. cold boot attack. Or access to the server via ssh (fail2ban, strong keys) or the admin or user nextcloud accounts (again with strong passwords and possibly TOTP or webauthn).

I already fiddled with the required Nextcloud Addons for TOTP and it worked great. Webauthn is an Android/GrapheneOS limitation poorly, maybe that gets fixed some day.

The issue of course is upgrades. I should do a second post on that topic. There are solutions for that, like mounting encrypted partitions and running Nextcloud on there. This could be automated.

For the obvious raid attack, I would have a udev rule that detects when AC is disconnected and then performs a clean shutdown.

source
Sort:hotnewtop