• 0 Posts
  • 6 Comments
Joined 1 year ago
cake
Cake day: June 19th, 2023

help-circle
  • Honestly, if you’re doing regular backups and your ZFS system isn’t being used for business you’re probably fine. Yes, you are at increased risk of a second disk failure during resilver but even if that happens you’re just forced to use your backups, not complete destruction of the data.

    You can also mitigate the risk of disk failure during resilver somewhat by ensuring that your disks are of different ages. The increased risk comes somewhat from the fact that if you have all the same brand of disks that are all the same age and/or from the same batch/factory they’re likely to die from age around the same time, so when one disk fails others might be soon to follow, especially during the relatively intense process of resilvering.

    Otherwise, with the number of disks you have you’re likely better off just going with mirrors rather than RAIDZ at all. You’ll see increased performance, especially on write, and you’re not losing any space with a 3-way mirror versus a 3-disk RAIDZ2 array anyway.

    The ZFS pool design guidelines are very conservative, which is a good thing because data loss can be catastrophic, but those guidelines were developed with pools that are much larger than yours and for data in mind that is fundamentally irreplaceable, such as user generated data for a business versus a personal media server.

    Also, in general backups are more important than redundancy, so it’s good you’re doing that already. RAID is about maintaining uptime, data security is all about backups. Personally, I’d focus first on a solid 3-2-1 backup plan rather than worrying too much about trying to mitigate your current array suffering catastrophic failure.


  • So two things about this:

    1. Tailscale doesn’t actually route through Tailscale’s servers, it just uses its servers to establish a direct connection between your nodes. You can use Headscale and monitor the traffic on the client and server sides to confirm this is the case. Headscale is just a FOSS implementation of that handshake server, and you point the Tailscale client there instead.

    2. Doesn’t renting a $3 VPS and routing your traffic through that expose many of the same vulnerabilities regarding a 3rd party potentially having access to your VPN traffic, namely the VPS provider?

    For what it’s worth, I generally think that the Headscale route is the most privacy- and data-sovereignty-preserving route, but I do think it’s worth differentiating between Tailscale and something like Nord or whatever, where the traffic is actually routed through the provider’s servers versus Tailscale where the traffic remains on your infrastructure.



  • I came here to say exactly this - WireGuard is great and easy to set up, but it gets harder as you add more people, especially less technical ones, as getting them to make keys and move them around etc becomes a headache. Tailscale also minimizes the role of the central server, so if your box goes down the VPN can still function. Tailscale can also do some neat stuff with DNS that’s pretty nifty.