I messed around in portainer before and I think possibly OP is referring to their feature where it can watch a git repo and anytime a change occurs, it’ll try to do a pull and recreate the container.

You could be right. I am not a pro so I don’t really want to speak on the best practice approach. Really the only reason I containerize my services is the ease-of-deployment and the ease of potential re-deployment if my server did crash.

I personally am not too stressed about bad actors, being as this is a hobby server and the payout for a bad actor would be pretty low.

But your point does make sense to me.

I also do this. Just run Tailscale on bare metal and then I can access my all my services the same as if I was on my LAN, essentially.

I don’t follow the full 3-2-1 rule, but I did want some sort of offsite backup for my Nextcloud so I use Duplicity to back up my user data from Nextcloud, plus all my DockerCompose files that run my server, to an S3 bucket. Costs me like $2/mo. Way cheaper than google drive