Digital estate planning and succession

I have a small homelab centered around a 920+ NAS, Home Assistant running on a Raspberry PI and a few other services running in containers, either on the NAS or one of the Pis. It’s been fun so far, but it’s also becoming more mission-critical, and that leads me to the topic of the headline. I’m the technophile of the family. The other family members are decidedly not.

As much as we tout redundancy and resiliency, I’m the single point of failure. At some point in time there’s a 100% guarantee I will fail. What’s the 3-2-1 strategy for me? What needs to be put in place so the infrastructure can be accessed and maintained if I am unable to do so myself?

Stuff I’ve thought about and maybe implemented to some degree:

  • Detailed documents
    The target audience won’t understand much of it. Hopefully, they can hand it to somebody who might understand it. There’s the ongoing challenge of keeping it current.

  • Password manager
    I’m running Vaultwarden in a docker on the NAS with a contingency account configured. However, most of the passwords require multi-factor authentication and the MFA device may not be accessible or available. Secondary accounts aren’t an option for many third-party applications. I have shared passwords to my MFA authenticator with my spouse but that presupposes the device is accessible. What’s the strategy for reliably handing off MFA?

  • Failsafe fallback
    Services like DNS use a primary provider as the secondary DNS server so if the homelab stops working there’s at least internet access.

  • Emergency admin account
    ChatGPT suggested this one but I’m not sure how to make it work. It should not use MFA and be disabled for security purposes but would require some sort of deadman switch.

  • Recovery keys and backup codes
    If everything is encrypted for security, how does somebody else recover the recovery keys?

  • Monitoring tools
    Update Kuma is running. I haven’t had spent much time thinking about alarms yet. They can be a handy way to point somebody at the source of a problem, assuming the failure hasn’t made it inaccessible. A future project is investigating implementing a deadman switch on it to update the notification configuration.

My google fu has failed me. It feels like this topic is rarely discussed, and more rarely in sufficient detail to be useful. Has anybody else thought about this?

1 Like

Hi @sk8rs_dad,

So this is a topic that I have seen only a few times, mostly on data hoarding subreddits, and I don’t think there really is a good answer out there at all! But here is what I would do:

  • Make sure any service to use the internet (DNS, wifi, routing, whatever) will work if the lab goes completely down. I try to stick to very basic customizations for any internet stuff

  • Figure out what does NOT need to be encrypted. I know that this is backwards from what a lot of people think, but you should probably NOT encrypt your family photos. On the off chance that someone breaks into your house and walks off with the NAS you probably do not care if they get your photos.

  • Figure out what your spouse will actually need. I would spend the time and categorize the varies accounts and services that you have into 3 levels:

    1. Need on Day 1
    2. Would eventually need
    3. Do not need

    and figure out what you can do! After that write down instructions and test it!

-Will

1 Like