You're right. I always thought Peertube was another YouTube frontend.

I'm in the same boat as you in that I need Instagram for work. My approach is to create a separate work profile in GrapheneOS. I handle all of my mobile work apps in that profile using a separate VPN from all other profiles. I don't expect to be completely free from tracking in this profile, but for my threat model I don't mind too much. Any web queries I make in this profile I keep strictly work related.

People arguing you just shouldn't use Instagram need to remember Instagram is a tool just like Windows, Adobe, etc. Sometimes you need a specific tool to do your job and I believe as long as you containerize that aspect of your life then you'll be fine.

Just don't use your work Instagram for personal stuff, not even browsing memes.

I have a remote pbs but the backups aren't current because there was a connection error. I have Proxmox backups locally to a USB thumbdrive. That's what I was going to restore from.

I use Joplin and it works great for this exact thing. Anytime I discover a new command that fixes something I’ll throw it into my Joplin notebook. “New Server Cheatsheet” goes to list in order common operations and commands for setting up SSH, UfW, making a non-root user, configuring wireguard, etc. I have hundreds of notes by now and they’re easily found via search bar.

Yeah I think we’re talking about the same thing. Got any guidance on how you set that up?

I would say pretty secure. Of course, I would ensure all of the proper firewall, app pins, 2FA are in place in case my phone was ever compromised.

I'm already accessing all of the services now over the web with authentication. This new configuration would shift thos services from being public to only devices on my private mesh network with the proper certificates.

Yep. The models I have don’t have motion detection.

Underlying system is running Proxmox. From there I have the relevant two VMs: OMV and Proxmox Backup Server. The hard drives are passed into OMV as SCSI drives. I had to add them from shell as the GUI doesn’t give the option. Within OMV I have the drives in a mergerfs pool, with a shared folder via NFS that is then selected as the storage from within the Proxmox Backup Server VM. OMV has another shared folder that is used by a remote duplicati server via SSH(SFTP?), but otherwise OMV has no other shared folders or services. Duplicati/OMV have no errors. PBS/OMV worked for a couple of months before the aforementioned error cropped up.

Also possibly relevant: No other processes or services are setup to access the shared folder used by PBS.

Maybe I'm missing something but you can tell a compromised account from a secure account by the user behavior, no? If an account is compromised the activity will be spam/harassment, etc at which point a ban on that account would happen. And compromised accounts could be accessed from a non-vpn Ip also.

I would suggest trying wireguard first as it’s much less complex to set up. Once you have a handle on that, you might consider moving to a mesh network. I personally would love to use a mesh network, but have not been able to get it configured correctly the few times I’ve tried.

Forwarded mail but it may be two way in the future so it would probably be smart to just go that route from the beninging.

I haven't.