(no title)

I use syncthing to synchronize files. It's fast, stable, cost me nothing and the only limit I have is the size of my disks.

Syncthing is decentralized, that means that two machines have to be powered on at the same time to be able to perform sync. Raspberry Pi allows me to have that always-on machine at home which is small, quiet and unnoticeable in my electricity bill. Syncthing works across internet bypassing NAT thanks to the community-ran relays (I also run one of them). I could take my laptop everywhere and file changes will still reach my Raspberry Pi.

I hook up an external Seagate USB HDD and it runs just fine without an extra power source. Syncthing keeps up-to-date copy of all my files on that external HDD.

I use borg-backup to take hourly snapshots of my files. Those snapshots are encrypted and I upload them offsite without any worries that some cloud provider could possibly read them. I use rclone for that, it can interface with a number of cloud providers out there. It just take your files and one-way sync them into the cloud.

The setup of rclone and borg-backup is not particularly complicated but still requires some time. Directories, encryption keys, periodic jobs have to be configured. I abstracted all that into one script which is a bit opinionated but works for me. That script can be run on Linux on on MacOS. I used my Mac for that before Raspberry Pi. It uses system or launchd to run periodic jobs https://github.com/senotrusov/backup-script

I installed Ubuntu server on that Raspberry Pi to have familiar environment.

Sadly Raspberry Pi lacks secure boot and have no internal TPM functionality. My external HDD is encrypted but I can't trust Raspberry Pi to hold the encryption key. In rare event of reboot I have to ssh in and manually enter the LUKS key.

This setup is still prone to an evil maid attack as someone could replace or modify the SD card to log that key. That scenario is highly unlikely as I am no particular interest to anyone. What is slightly more realistic is that someone could brake into my house to steal stuff. For that my data is secure as the key is lost the moment you power off the Raspberry Pi.

Overall I'm pretty happy with that setup. My Raspberry Pi slowly blinks with it onboard red LED to indicate that all that services run well and alarms me with fast blinks if something is not right.