Depends on the usecase. If you don’t need chat history for new-joiners, you can work with a single key per group, rotating it whenever someone joins or leaves. Since the server broadcasts a „so-and-so has left/joined“ it might as well include the new key. That key is then used by everyone in the group, so you can still broadcast all messages and don’t have to encrypt them individually.

Don’t let perfect be the enemy of good. Discord isn’t E2EE either. Having data under your control even if not encrypted is a big win.

If all your backups are near you, a flood or fire (or even break in) can still cost you all your data. At least one copy should be off-site.

For 7 people you could look into Virola Messenger. Not open source but uses Mumble under the hood and is super lightweight. No electron shit.

XMPP is also still a thing and IMO much easier to host (at least ejabberd is). Look into Movim, which looks quite nice as a discord replacement on top of XMPP.

Ah ok, thanks for the clarification. In the end I also use Sunshine for game streaming, but for pure remote desktop access RustDesk is far nicer, since I can also quickly move files back and forth. RDP is even nicer in that regard, where I can remote-mount local devices.

Where does rustdesk not have a good reputation? I see it being recommended regularly and also use it myself heavily. Never had issues or heard about issues (that I would attribute to reputation).

True. The default rocksdb is completely unusable on HDDs. For me it runs pretty good with PostgreSQL. Dovecot was certainly easier to handle with its file based storage and was super fast. But Postfix was a pain and I can’t count how often it bit me over the years (and since it’s SMTP, that means something broke in receiving, delivery or was suddenly a spam vector, which all sucks quite hard).

Stalwart

Written in rust, contains SMTP, IMAP, JMAP, Sieve, CalDAV, CardDAV, WebDAV. Has an admin web ui. Sane defaults, minimal foot guns. No zoo of containers needed.

I use Kopia to perform incremental encrypted backups (with some retention policy of up to two years) and store them on Backblaze B2, which is reasonably cheap.

That, on the other hand, is only viable, if you are sure, data never needs to expire. Dedicated backup solutions work with retention policies.

Where I could see an LLM being useful is categorizing entries and maybe proposing sanitization (for example when the payment provider uppercases or abbreviates stuff)

From maybe to definitely not.

Just to clarify: OwnCloud or OwnCloud Infinite Scale (OCIS)?

Probably some fastboot shit. I like the idea of fastboot… if only it wasn’t so tied to Windows.

The ONLY thing I don’t like about it is having to finish the install of windows before you can wipe the ssd.

Why? Can’t you get to the bios, change to usb boot loader, boot linux and wipe the disk?

If your client(s) accept irregularly changing remote certs (i.e. they don’t do cert pinning), it should work. If both cloudflare and you use the same CA, it would likely work even with cert pinning. Certainly possible, but increases the complexity of the overall setup.

Possible, true. But then the setup also becomes more complicated. In addition you end up with different certs for local and remote access, which could cause issues with clients if they try to enforce cert pinning for example.

Cloudflare tunnel likely terminates TLS on the edge. So if you bypass it, you don’t have HTTPS. Not a problem locally, but then destroys the portability of the URL (because at home you need http and outside you need https). Might as well use different hosts then.

Does it make a difference, if that setting uses a trailing slash? Might be it redirects you to the path without, which triggers caddy to redirect you again, and so on and so forth.

You could also, instead of redirecting, rewrite it. Then it is handled serverside without sending the client somewhere else.