Safa Global · Servers & Storage
A storage strategy for the holding company: self-host the bulk, keep a small cheap cloud doing double duty, and hold your own encryption keys.
Executive audio briefing. Two hosts, about 20 minutes.
The decision
Go hybrid. Self-host the bulk on a box you own to kill the expensive cloud tiers, keep a small managed-cloud tier for hot files that doubles as your offsite backup, and encrypt your own secrets so no provider can read them. It is the cheapest path that is also genuinely safe.
Two rules that are not optional: obey 3-2-1 (3 copies, 2 media, 1 offsite), and back up your encryption keys as carefully as the data. Free endgame: swap the cloud offsite leg for a second box at another Safa location and drive the monthly cost toward zero.
A video sold a "free" private cloud. Right in spirit, wrong on safety.
The build: a Raspberry Pi 5 with an NVMe SSD running Nextcloud (an iCloud/OneDrive clone) reachable anywhere via Tailscale. The thesis is sound. Stop renting space, own your data, pay nothing monthly.
But "free" means no subscription, not no cost. You still pay in hardware, electricity, your time as sysadmin, and risk.
It keeps one copy, on one drive, in one place. One drive failure, fire, or theft and it is all gone. No backup, no redundancy, no UPS for clean shutdown, no patching plan. A toy, not a system you trust business data to.
Keep 3 copies of anything you care about, on 2 different media, with 1 copy offsite. A lone self-hosted box is one copy, one medium, onsite. That is the opposite of safe, and closing that gap is what the hybrid model does.
One cheap cloud subscription does two jobs.
Split data by temperature. Self-host the bulk so you stop renting space for the 6 to 12 TB that would cost real money in the cloud. Keep a small managed cloud tier that pulls double duty: it holds hot, daily, mobile-synced files and stores an encrypted backup as your offsite copy.
| Data | Lives on | Why |
|---|---|---|
| Hot | Managed cloud | Today's files, phone media, shared docs. Sync, sharing, and mobile just work. |
| Warm | Self-hosted box | Maaia Library, brand assets, finished creatives. Big, rarely changes, no reason to rent it. |
| Cold | Self-hosted + encrypted offsite | Email/WP backups, old projects, raw footage. Almost never touched, cloud cost is waste. |
| Secrets | Encrypted vault | Financials, CFDI, contracts. Cryptomator gives zero-knowledge whatever the provider. |
Indicative, for roughly 6 TB of data.
| Measure | Pure cloud | Hybrid | Pure self-host |
|---|---|---|---|
| Upfront | $0 | ~$410 | ~$410 |
| Monthly | ~$30 | ~$5–12 | $0 |
| 3-2-1 safe? | Partial | Yes | No |
| Own the bulk? | No | Yes | Yes |
| Convenience | High | High | Lower |
Pi dies, restore from cloud. Internet down, local files still open. Cloud account locked or price-hiked, you still hold the box and the keys. No single thing takes you down.
Encrypt it yourself, then store the gibberish cheaply.
"Secure" means zero-knowledge: the provider cannot read your data. Stop paying a premium for someone else's encryption. Encrypt client-side with rclone crypt or Cryptomator (you hold the key), then put the ciphertext on the cheapest storage you can find.
| Cold storage target | ~Price / TB / mo | Access |
|---|---|---|
| S3 Glacier Deep Archive | ~$1 | hours to restore - deepest cold copy |
| Hetzner Storage Box | ~€2–4 | instant - cheapest with instant access |
| Backblaze B2 | ~$6 | instant - simplest, great rclone support |
With self-managed encryption, you own the keys. Lose the passphrase and the data is gone for good. Back up keys in your password manager and on paper in a safe, as carefully as the data itself.
| Item | Spec | Role |
|---|---|---|
| Raspberry Pi 5 | 8GB + Argon NEO 5 case | The server, cooled, NVMe-ready |
| NVMe SSD | 2TB M.2 | Copy 1 - primary |
| USB SSD | 2TB | Copy 2 - local backup, second medium |
| UPS | ~600VA line-interactive | Clean shutdown on power loss |
Full step-by-step build, cron schedule, and restore drill live in BUILD_AND_RUNBOOK.md alongside this brief.
rclone crypt for a nightly encrypted push to Backblaze B2 (add Glacier Deep Archive later for the deepest cold copy). Keep iCloud or Proton for hot files.