Hey! I was curious. I run a success instances of WireGuard VPN, and I have all my trusted friends connecting to it at different times. I am quite happy with the current state of my Jetson Nano that runs this service. But I know that security patches are important. If I go to updated my Jetson Nano or even my Raspberry Pi, both boxes run Portainer/Docker Containers, do I have to worry, especially, for WireGuard to get messed up/corrupted from doing a "sudo apt get update"? How do you know when to update, or even if it is a good idea to update your linux system even if you are happy with the current state of your setup? Thanks in advance!
For me, with a publicly accessible computer, the question of whether to install an update or not does not even arise. Of course I install the updates.
Because if the computer is compromised due to an unclosed security vulnerability and is misused to distribute spam or phishing, for example, you definitely have a bigger problem than if an update didn't work the way you wanted it to.
You should also have backups so that you can quickly restore the previous state in the event of problems with updates. You can also use a file system such as btrfs that offers snapshots. This allows you to restore the state before an update within minutes.
If you're really worried you can go and find update notes and check for breaking changes.
I'm yet to have an update break anything particularly with something as fundamental as wireguard.
You're much better off updating and dealing with anything that breaks than leaving yourself unpatched.
What you mean fam? Everday I log into my server I do that
If your WireGuard and services (containers) are managed by the distribution, it is unlikely you lose the setup. It is always a good practice to read the release notes and try the upgrade on a test machine before touching the production systems.
the cost of not updating an externally accessible server is MUCH greater than the cost of updating it.