Sometimes when I think about my home network, I think about it in terms of what will happen when I die and what I will be inflicting on my family as the ridiculous setups stop working. Or like, how much it would cost a police forensics team to try to make any sense of it.
I think "home labbing" fulfils much the same urge / need as the old guys (I hate to say it but very much mostly guys) met by creating hugely detailed scale model railways in their basement. I don't mean that in a particularly derogatory way, I just think some people have a deep need for pocket worlds they can control absolutely.
Just ignore the useless threat scenario of someone stealing your physical disks to obtain your precious family data and you will be fine. In other words, just store all the photos and important documents in clear, some written down instructions and you should good to go.
I'm more worried by home automation in my case ^^;
The chance of someone breaking in to steal your sensitive files is next to nil I agree.
The chance of someone breaking into your house is sadly much more likely, and them choosing to take any computers they see is almost a certainty at that point.
Your drives are unencrypted. What's your next step if you come home tonight and find the house ransacked and the server gone?
If someone physically steal your things, and those were the only copies, you are screwed anyway, encryption or not. If you had copies somewhere else then it's a different story (but still, they need to be easily accessible by your loved ones).
In your scenario the only threat is that the thief is interested somehow in your data and will use it against you (which might be totally possible depending on the data and your exposure, but usually those things are re-sold in some kind of pawn shop).
It can be a side-effect. Francis Ford Coppola lost all his family photos when his PC was stolen in a burglary while in Argentina to shoot “Tetro”. Of course, he didn’t have backups.
> Your drives are unencrypted. What's your next step if you come home tonight and find the house ransacked and the server gone?
My drives are encrypted and so are my backups (with backups everywhere). But they're symmetrically encrypted with a password. The backup procedure contains a step verifying that decryption works.
Family knows the password: password is stored at different places on laminated paper (friends and family) but not alongside the backups.
Decryption of the backups is one command at the CLI (both brother and wife knows how to use a CLI and soon the kid shall too: already dabbled with it).
The one command is explained alongside the password, on the same laminated paper as the backups.
Yup I did really think this out, including rehearsals where I, literally, fake my own death (I fake a heart attack) in front of my brother and wife and I have to shut the fuck up while they open a CLI, hook up one of the backup hard disk and decrypt the backups.
Once a year we rehearse.
That way they are confident they can restore the backups. I know they can and I don't need reassuring, but they do (well less and less because know they began realizing I really thought this out).
> The chance of someone breaking into your house is sadly much more likely, and them choosing to take any computers they see is almost a certainty at that point.
Got a house break in years ago, they stole no computers.
> What's your next step if you come home tonight and find the house ransacked and the server gone?
Go to the bank, take of one my backup hard drive. Buy a computer, reinstall Proxmox, a VM, Docker CE, redeploy my infra. They still don't have the Yubikeys on my keychain. They still don't have what's on my phone.
Don't think some people here didn't plan for death / theft / etc.
Interesting reply, but I was responding to a poster who said they don't encrypt their disks because "someone stealing your physical disks to obtain your precious family data" is a useless threat scenario and so everything should be kept in the clear.
I think a much more likely scenario is an unencrypted drive fails and then what? Do you send it to the landfill unencrypted? Or do you have some process to physically destroy it? Encryption means you can just toss it and feel reasonably confident the data isn't coming back to haunt you.
You should see the hilaribad basis given in affidavits for search warrants that get rubber stamped by judges.
There is no burden of proof and no consequence for perjury. 100% of the search or seizure warrants I have read have had obvious perjury in them.
I encrypt my data at rest not because I fear a burglar breaking in, but because I fear the FBI coming in the front door on some
trumped up bullshit. Everyone has a right to privacy, even (and perhaps especially) if they are doing nothing wrong.
I’ve read too many stories of writers and activists getting bogus warrants and charges and arrests thrown at them to inconvenience and harass them to ever have a single unencrypted disk in my house.
If that's your threat model, then the "what happens with my loved ones data if I die" is not your threat model anymore. You are probably even making them a favor to have it encrypted and not under their control.
I have our family pictures on a RAID 1 array in my home lab. Every night they are rsynced to an external drive on a little computer at my in-laws. Both as a backup, and as an "if something happens to me" easy access. My wife doesn't have any interest in tech, so I wanted to make accessing it "just in case" as straightforward as possible. I told her that that is where all the photos are, and that it's just a USB drive she can connect to her laptop in case something happens.
I think planning for what happens once you aren't there to manage the setup (whether it be a vacation, hospital stay, or death) is important. It's not something I built specifically to make easy and I should think more on it
The most important thing is to be able to get important data off of it and have access to credentials that facilitate that. You could setup something like Nextcloud to always sync important data onto other people's devices, so make part of that easier
But I think another important aspect is making folks invested in the services. I don't expect my partner to care about or use most of them, but she does know as much as I do about using and automating Home Assistant (the little we've done). Things like that should keep working because of how core they can become to living our lives. It being a separate "appliance" and not a VM will also help manage that
But also that's a lot of hope and guessing. I think sitting down with whoever might be left with it and putting together a detailed plan is critical to any of that being successful
I have given this a lot of thought. I assume the nas and its docker services won't boot starting everything up for someone else. My offsite encrypted backup is probably not recoverable without hiring someone. So:
- I have an ntfs formatted external USB drive to which cron copies over a snapshot of changed daily into a new folder. Stuff like paperless, flat file copy of seafile libraries. The size of that stuff is small <50gb, duplication is cheap. In event of death or dismemberment... that drive needs to be plugged into another machine. There are also seafile whole library copies on our various laptops without the iterative changes. Sync breaks... keep using your laptop.
- I've been meaning to put a small pc/rpi at a friend's place/work with a similar hard drive.
- the email domain is renewed for a decade and is hosted on iCloud for ease of renewal. Although I am not impressed that it bounces emails when storage is full from family member photos which happens regularly so may switch back to migadu.
I ahve exactly the same thoughts and I wrote a document to be used in case I die.
Part one is money and where the important papers are.
Part twonis hiw to dulb down my home. How to remove the smart switches (how to wire back the traditionnal switches). How to mive self hosted key services to the cloud (bitwarden, mostly) and what to pay for (domain and mail). Hiw to remove the access point and go back to the isp box.
My wife is not supportive of the smart stuff but now that she knows she can dumb it down she is fine. Honestly she does not realize what strp back the lack of all this stuff will be. But at least it won't be my problem anymore:)
This applies to so many other things. Who in your house does the taxes? If it's you, would your SO be able to pick up the slack in the event of your death? Can they access all the accounts? Do they even know what all the accounts are? I keep telling myself I need to put together a "what to do if I'm dead" Google doc, but haven't gotten around to it.
I pay $3/mo or whatever for Bitwarden family. It’s wonderful. My wife and I can access all our passwords (and OTP codes!) in one spot. I grouped passwords into folders like “Health” and “Finances”. It has taken us far.
1Password is amazing for this, IMO. My spouse and I have been using 1Password together for more than a decade. One of the first things I set up is a "AAA Read Me First" note with links to a bunch of other notes and documents, including our estate planning stuff.
The biggest thing that makes me stick with 1Password, despite the semi-recent VC shenanigans, is the fact that if for some reason we fall behind on billing (for example, because the credit card got cancelled because I died) the account goes into read only mode forever. As long as 1P is a going concern the data we choose to put there is safe from the biggest risk in our threat model.
Just a year before my dad's stroke, my parents documented every account, password, service they had; it was incredibly helpful after he passed with all the stress and chaos
There is a dead man’s switch service [1] which can send an email if you die. In theory if you self host you could trigger something when their email arrives to an inbox you control.
I’ve been thinking of making a version of this that does a webhook but it doesn’t offer a huge amount of value over the email method.
Is the dead man's switch necessary? Unless your homelab contains secrets you don't want revealed until after your death, I'd just put this in a Google doc.
Depends how convoluted your setup is. For some use cases releasing the location of passwords physically written down might help matters or maybe trigger a process to export all data and upload somewhere - somehow.
Seeing some of the discussions around home labs with server racks and k8s doesn’t fill me with confidence that for a majority of use cases a family member would be able to get the data if needed.
Unifi network; small proxmox vms for core services; big truenas box for movies, storage, "apps ecosystem" stuff like minecraft servers; baremetal 12 node k8s cluster on opi5s for "research" (coz I do lots of k8s at work).
Each "stage" above is like incremental failure domains, unifi only keeps internet working, core vms add functionality (like unifi mgmt, rancher, etc), truenas is for "fun extras" etc. k8s lab has nothing I need to keep on it because distributed storage operators are still kind of explodey.
Like each part makes sense individually but when I look at the whole thing I start to question my mental health.
Imagine simplest possible deployment you've cooked up.
Now imagine explaining your mother how to maintain it after you're dead and she needs to access the files on the service you setup.
usually, selfhosting is not particularly hard. It's just conceptually way beyond what the average joe is able to do. (Not because they're not smart enough, but simply because they never learned to and will not learn now because they don't want to form that skill set. And I'm not hating on boomers, you can make the same argument with your hypothetical kids or spouse. The parents are just an easy placeholder because you're biologically required to have them, which isn't the case for any other familial relationship)
why does it have to be a non-technical next of kin ? Write down the details for a technically inclined person to follow, maybe a specific friend. Print at the top of the page “show this to X”. In the document explain how to recover the necessary data and replace the setup with a standard one.
I assume most people know at least one person who would do this for them , in the event of their death?
I'm glad to see this comment here. People build these projects for family and friends - which is great - and encourage their use, without considering what happens if the only sysadmin suddenly dies. You wouldn't let one person at work hold all of the keys, so the same should be true for your homelab.
While I haven't given all of my keys to my family, there's a clear route for them to get them, and written instructions how to do so. Along with an overview of the setup and a list of friends and colleagues they can turn to, this is enough for them to get access to everything and then decide if they want to carry on using it, or migrate the data somewhere else.
To be frank, if you die, isn't it much more likely your friends and family will just stop using your homelab setup? They'll switch back from Jellyfin to Netflix, replace the smart light bulbs with regular ones, etc.
> I think about it in terms of what will happen when I die and what I will be inflicting on my family as the ridiculous setups stop working.
I run proxmox too and I've now got a nice little infra at home.
For my family it's simple: I explained them that the infra doesn't matter. The only thing that matter is data. And that there are many, many, many redundant backups of the data and that the backups are functional. That the data are correct (not a single bit missing) and pristine (deduplicated etc.).
Basically 20 years of family pictures and family movies, notarized documents, many proofs of big money transfer (as we now live in an hellhole of KYC/AML where I constantly need to prove money transfer, even when they're so old my banks don't allow me to get that info anymore), all the invoices related to real estate, medical stuff, cars, etc.
My backup procedure uses an intermediary steps that restore the data from the backup and verifies that the data is correct: once that step passes, the backup gets the greenlight. 3-2-1. Even more than 3-2-1.
Cryptographic hashes everywhere, including in filenames: I've got scripts that do verify x% of the files, random sampling style. I'm 100% guaranteed that at least 99.999% of the files are correct. And there are so many backups (online, offline, onsite, offsite, ...), all checksumed. My family won't lose our data. They're literally in various safe and in several countries.
Once I won't be there, they'll have the data up to that point. FWIW both my wife, daughter and brother --although they're not techies-- all happen to be familiar with computers and all took Python lessons. They know what a CLI is.
So even should they have a problem hooking up a hard disk, there's not a world in which they cannot do that:
"LLM> Dear AI, I've got disks with backups of family pictures and notarized documents, how can I access them?"
The world where you couldn't ask that question doesn't exist anymore.
Data of new memories shall be theirs to do deal with though.
P.S: besides that I think homelab'ing is also for convenience and understanding how things (like the network and servers) do work. It's to me more about thinkering and learning than "controlling".
I think "home labbing" fulfils much the same urge / need as the old guys (I hate to say it but very much mostly guys) met by creating hugely detailed scale model railways in their basement. I don't mean that in a particularly derogatory way, I just think some people have a deep need for pocket worlds they can control absolutely.