24 lines
668 B
Markdown
24 lines
668 B
Markdown
# Security
|
|
|
|
## Threat model
|
|
|
|
One-person homelab on a residential connection.
|
|
|
|
## Update
|
|
|
|
- Edge components: patched promptly when CVEs land.
|
|
- Hypervisor and backup server: quarterly review, with security patches applied when needed.
|
|
- Application LXCs: rolling updates on a regular schedule. certain ones take precent
|
|
- Container images: re-pulled on the same rolling schedule.
|
|
|
|
## Backups
|
|
|
|
Hypervisor-level backups go to a dedicated backup server. Conservative retentions and backups are verified periofically.The rebuild order is documented.
|
|
|
|
## Limitations
|
|
|
|
This is a learning environment.
|
|
|
|
- No High Availability - One hypervisor, one firewall
|
|
- One-person ops
|