2025–2026 Infrastructure / Storage / Privacy GitHub ↗

Overview

This stack replaces Google Drive and Google Photos with fully owned infrastructure. Nextcloud AIO and Immich run in Docker on a BTRFS pool of external USB 3.2 SSDs, with per-user ACLs enforcing isolation and zstd compression maximizing capacity. A 3-2-1 backup pipeline snapshots locally, replicates encrypted archives to BorgBase, and keeps a secondary copy on rsync.net, achieving GDPR-aligned retention with zero data-loss events.

Storage Architecture

Backup Flow (3-2-1)

Implementation

1

Create the compressed BTRFS pool [PRIVILEGED]

mkfs.btrfs -d single /dev/sda /dev/sdb && mount -o compress=zstd:3 /dev/sda /mnt/data
2

Deploy Nextcloud AIO and Immich

docker compose -f nextcloud-aio.yml -f immich.yml up -d
3

Encrypted offsite backup with Borg

borg create --stats ssh://borgbase/repo::data-{now} /mnt/data
Archive name: data-2026-06-17
Deduplicated size: 38.2 GB    Time: 4m12s

Key Results

  • Achieved 3-2-1 backup compliance with zero data-loss events to date.
  • Reduced recurring cloud storage costs by 100% versus equivalent Google One tiers.
  • Sustained roughly 2.5 Gbps read/write across the external SSD array.
  • Enforced multi-user isolation via filesystem ACLs preserved across container mounts.
NextcloudImmichBTRFSDockerBorgBasersync.netBackupPrivacy