# Objectives

1. To have a secure, private workstation with protection from:
   1. accidental deletion
   2. loss
   3. theft
   4. remote attacks
   5. software exploits
   6. malware

2. To have a secure gaming machine with emphasis on performance

3. To have a secure, private storage server with protection from:
   1. accidental deletion
   2. theft
   3. remote attacks
   4. software exploits
   5. malware

4. To have a secure, private hosting solution with emphasis on:
   1. reliability
   2. ease-of-backup
   3. ease-of-restore

## Workstation

<https://wiki.archlinux.org/title/security>

It will use Arch linux.

It must support podman and qemu/kvm.

It will use the standard linux kernel.

1. accidental deletion

    - BTRFS with snapshots

2. loss

    - BTRFS with backups

3. theft

    - luks encryption with tpm2 decryption + secure boot

4. remote attacks

    - UFW firewall

5. software exploits

    - apparmor with custom profiles

6. malware

    - ClamAV with periodic scans

## Gaming

Arch will be used as the starting point with the default linux kernel.

## Storage

Truenas will handle storage with encrypted partitions.

## Hosting

K3S installed on Arch will be the hosting solution starting point.