@ogarcia
@lemmy.worldI know this is not the best answer since you would probably like me to talk about Nebula, but I have to say that the best solution I have found for setting up a mesh VPN is Zerotier.
It is a very complete solution. Multisystem, very simple but very configurable, fast, etc.
You simply start by creating a network on the public controller (which will generate an ID for that network) and then join the rest to that network and everyone can communicate with everyone (by default, then you can create subnets if you want).
Using the public controller is completely optional (I personally use it because it is convenient for me and because I have few hosts) but if you want you can set up your own controller, I have an article (the bad thing is that it is in Spanish, but if you run a translator you can understand it perfectly) where I explain how to do it without any requirement. If not, you can use ztncui for it.
Take a look at it, you might find it more attractive than Nebula.
By the way, for me one of the great advantages of ZeroTier is that I don't have to worry about certificates and keys, the controller takes care of everything for you and security is guaranteed from the point of view that each node has a unique identifier.
If you live in Europe you have 1TB by € 3.81 / month with Hetzner. It works fantastic with Restic (I'm using it too for my backups).
LessPass has the possibility to connect to a database (via its API) to store the configurations made for each site. This API can be used from any of the clients (either the browser extension, the mobile application, etc.).
You set up the DB server wherever you want. If you want something light you can use this implementation. And if you are interested, there is also a command line client.
In my view, both a password file (vault/database) and LessPass are potentially attackable via brute force. I don't see that one is safer than the other.
Before using borg I would recommend you to take a look at restic. In my opinion it is better in everything than borg.
As for how to backup the database, my advice is to export the database to a SQL file and backup that file. That will always be easier than having to deal with agents that connect to the database.
As for the number of repositories, if you use restic, a single repository is enough. Besides, as restic does deduplication, if you have the same files between your machines, they will only occupy the space of one. ;-)
I hope I have helped you with some of my ideas.
Best regards.