I started my Tiddlywiki journey with a node.js version running on Termux in Android on my phone in hospital when I caught Covid.

I got home and moved it to my media centre that provides services for servicing up music and videos. It is running Arch Linux though it only gets updated every month or so because I am running the server 24/7.

I use it to keep primarily a journal / Zettelkasten of my reading and it has a lot of notes.

This was fine as I was mostly home as my partner needed 24/7 care - basically I only left home to shop or collect medicines. Sadly my partner died and I want to take my tiddlywiki out with me and use it when I am on holiday - I went on a week long holiday to Berlin and recorded everything in my notebook and am still two weeks later catching up.

That preamble is to asking some broad questions:

setting up a new instance of Tiddlywiki on a Raspberry Pi Zero W 2 for carrying it around to the library or on the train.

security issues with it being a separate device

My problem is that I have a comfy set-up and data that is precious to me so I want to be sure I can get this to work.
I have test Tiddlywiki to try it on but I think I need some helpful websites or folks who have put their node.js on the web and dealt with the security issues.

fwiw, my “making my node TW available to me anywhere” solution is running the node TW on a VM in my home server, then on that same VM running an nginx reverse proxy. This provides SSL cert for encryption, and basic auth for access (it also checks for a cookie to skip auth to save me logging in every time on devices previously seen). Then on my router I port forward back to that nginx reverse proxy.

For this to work, it does rely on my home systems and internet working, as well as being internet connected from where I want to use it. It’s not an offline solution.

Also whether this is sufficiently secure for your needs is not something I can comment on.

You could try the core Browser Storage Plugin, which will save your tiddlers on your device as long as you are offline.

Once you are online again, it can be synced back to the server. So IMO you can use your existing configuration and use the offline mode when you are away.

When the plugin is used the first time, the browser asks for permission to store the data in the “persistent” store. If you allow that, this storage will be protected from automatic deletion.

Hope that helps
Mario

Typically to have a node app everywhere you have to open up ports (80, 25) that will then be continuously assaulted from the outside.

What I’m doing is to have my TW run in a docker container which then connects to Tailscale. The TS network then runs on my phone device. So at least in theory, only someone who can log in to the TS network can access the data. And, also in theory, anyone who does get in will be stuck inside the docker container. And I don’t have to worry about a domain name since TS provides it.

Outside of all that, if you do have a net-facing service, consider routing your domain name through cloudflare instead of sending it directly from your name provider. That provides some protection from the less sophisticated bots.

Just as a side note, if you haven’t bought the hardware yet, Raspberry PI isn’t necessarily the cheapest or easiest option these days. You can get a mini computer for the same price that will have much more power. And it will be able to run a standard version of linux for which you can find lots of support. And it will be more upgradeable. The only advantage of PI that I can see is that it uses less electricity. But not that much less. A mini-computer might run at 25W, and a PI would run at 18W. So if you live somewhere where power is expensive, then maybe that is a consideration.

In practice, nobody should be opening either of those ports from their home network to the world though. One is http unencrypted (a huge target), the other is smtp (completely irrelevant here). Using up a non-standard port is pretty decent at avoiding the less sophisticated bots (I get less than one hit a day which I’d call “looks suspicious”. And zero of those actually concern me)

In Austria the Raspberry Pi Zero W 2 costs 18€ plus 6€ shipping. So I am sure it will be hard to find any mini-pc, that is as well supported and works out of the box, for that money.

The main selling point for Rasperry Pi’s is support. They just work out of the box. I did never use the Pi Zero myself, so I do not know, how it runs with a Node.js server and 500MB memory. Pi OS Lite may be an option.

I can suggest Jeff Gerling’s videos: https://www.youtube.com/watch?v=lKS2ElWQizA about everything Pi, his GitHub repository or blog posts

I assume, you want to power the Pi Zero with a powerbank, if you want to take it with you. You should be able to create a self signed certificate to run https:// over WLAN.

You may be able to disable the HDMI port and the USB/LAN chip, to save power. Connecting via WLAN should be possible.

The main concerns I personally would have is the micro SD card. They are not really designed to run an OS on them. So permanent write cycles that are necessary for an OS to run, may break them earlier. There is a blog post a TheLinuxCode: Boost Your Raspberry Pi‘s SD Card Lifespan using Log2RAM – TheLinuxCode

Hope that helps
-m