This post documents my envisioned state of digital asset storage and maintenance. Most of the stuff is already implemented, so this page is a reminder for me what the final state should be.
Inspired by musings from Colin Percival.
- Archive using git-annex and hard drives at home.
- Backup all hard drives and laptop using tarsnap.
Levels of private information sensitivity and handling:
- Non-sensitive private information: pictures, documents.
- Sensitive information used daily: GPG subkeys, tarsnap keys, ssh keys, spiped keys.
- GPG master key: multiple offline physical locations.
Categories 1 and 2 are backed up in different physical locations (including tarsnap). Category 3 is in offline (digital and print) storage only.
I do not archive things that can be downloaded from the internet.
- All servers and services are self-configuring; (CloudInit style)
- All services are isolated. LXC is a bit too young, there are no settled practices; most likely Jails in FreeBSD.
- Permit SSH access through spiped only and close port 22 on all always-on machines.