If the farmer accepts XMR over the darknet (I'm really hoping that XMR adoption will lead to widespread use of I2P over TOR), the government is going to have a fairly hard time of it without active 0-days.
He needs to use the darknet and keep his mouth shut, and things will fine unless he's a kingpin of sorts
I don't know why people are recommending apps like Navidrome and Jellyfin when it isn't a music server that you're looking for but a way to share the music collection.
With that said, I can think of 2 approaches, and (likely) the easier option will be to use the help of such a server. Both will require a VPN server in the cloud which will be redirected via NAT/reverse-proxy into your network.
Use something like Navidrome with LDAP/Auth solutions like Authelia. User has to authenticate themselves to access their account on the service like something in the cloud.
To offer more barebones access to the underlying storage directly: set up NFSv4 for Kerberos.
Yeah I guess installing a root CA cert (or an Intermediate, depending on how complex your setup is) and automatically rotating certs upon expiry isn't the most trivial thing. With that said, dekstop linux/windows isn't a problem. You could theoretically do it on iOS too. Android recently has completely broken this method, however, and there's a fair few hoops one must jump over to insert a root CA into the Android trust store on Android 13 and later. I'd like find a way to do it just for browsers on Android using adb if possible
The easiest way is to pay for a public domain, use a subdomain of that which does not have an A record on the wide internet, and then use certbot to get Let's Encrypt certificates for them and auto-renew. Stuff these in your individual reverse-proxy instances (or propagate them, no idea how) and you're done
I'm just afraid of data loss, but I also know that that is unlikely. I have a local backup but sometimes I feel like that's not enough, unfortunately my budget is also tight which means I can't spend too much on replicated buckets/another cloud provider with a complete backup etc.
Also, have you ever faced the issue where you're pushing files to backblaze with rclone and there are many failed uploads (rclone retries them eventually after reaching the end of the queue), which is something I've never had with S3. Well, you get what you pay for I suppose.
Can you explain the situation around you restoring a backup? Did backblaze lose your data?
AFAIK AWS replicates your data across buckets for reliability in case their datacentre goes down, which (from what I understand) is the cost of a whole another bucket with B2. That's my concern. I don't think Backblaze is going out of business any time soon but I'm afraid of data loss (I do have one local backup but my budget is unfortunately a bit tight right now - I'm going to have to pick and choose important bits from all of the data and add a second backup I guess)
If the farmer accepts XMR over the darknet (I'm really hoping that XMR adoption will lead to widespread use of I2P over TOR), the government is going to have a fairly hard time of it without active 0-days.
He needs to use the darknet and keep his mouth shut, and things will fine unless he's a kingpin of sorts