My Raspberry Pi 3 is now back in a box with a few other old Raspberry Pis. Today I've moved my files and backup to a Raspberry Pi 1B, meaning that's now isolated from the Raspberry Pi 2 that runs my services.
That really feels good. My previous server started out as just a file server only accessible over ssh, because I use sshfs to mount it on my other machines. Then I started tinkering with other things on it, because it was already there. It was handy.
Over time some of those things became bigger and more serious. Stuff like Antenna, for example. It scared me a bit when the path traversal vulnerability in gemserv was found a couple of months ago. Most of all because journalctl was irrevocably broken since a while back, and I didn't have a clue what sort of calls were being made to my server.
Since I was migrating stuff now anyway I figured that it's best to have two servers. Separation of concerns and all that.
The service server, so to speak, runs the gemini server Molly Brown along with Apache and thelounge.chat. There's a couple of cron jobs and systemd timers that trigger other stuff too. It only has the data needed for those. It doesn't have ssh access to anything.
The backup server runs sshd, and that's pretty much it. A cron job takes backups every now and then from the home directories on it and from the service server, and from another server that I help maintain. It's a very simple setup. I also took the time to purge some stuff from my backups and improve the backup script to avoid storing duplicate info here and there.
All in all some good work this weekend. I haven't gotten around to making Antenna easier to install yet... I'm not sure it's very high on my list of priorities right now.
-- CC0 Björn Wärmedal