Getting6409

@Getting6409@lemm.ee

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨MicroOS: Rootless podman?⁩ ⁨⁨7⁩ ⁨hours⁩ ago⁩:
Honestly I’m not sure, or maybe I knew but forgot. Since working out my needs I wrote it to ansible and never looked back. Worth trying the more secure way for sure.
⁨Comment⁩ on ⁨MicroOS: Rootless podman?⁩ ⁨⁨7⁩ ⁨hours⁩ ago⁩:
I do this on the minimal Debian release which is essentially coming from the same place, you’re left to get things configured with a root user or maybe a privileged user after install. There’s a few things to tweak for rootless podman and it will vary based on the distro. The gist for me and Debian is:
1. make an unprivileged account for running podman containers
2. enable linger so i can use systemd with this account and the running of the containers
3. allow lower ports for podman rootless in sysctl (for example, 80 if you’re running basic http services rootless), net.ipv4.ip_unprivileged_port_start=<start of lower range of ports rootless containers will use>
4. run containers with the appropriate --userns flags. This can vary a lot depending on the container. Some maintainers are nice and ensure the internal uid/gid is something expected like 1000, sometimes not and you have to fire it up and figure out the app account name, uid/gid. An example I’ll put here is a podman run snippet for running jenkins (official image from cloudbees) rootless:
podman run --name jenkins --user jenkins --userns=keep-id:uid=1000,gid=1000 …

Again, that’s just Debian, never tried MicroOS, but if MicroOS isn’t doing anything special to accommodate rootless podman I imagine these steps are somewhat applicable. One issue I ran into was with an older version of Podman, whatever comes with Ubuntu 22: That version of podman requires you to set the namespace mappings; Debian 12’s version does not and the --userns=keep… flag just works.
⁨Comment⁩ on ⁨Sharing Jellyfin⁩ ⁨⁨6⁩ ⁨days⁩ ago⁩:
I expose jellyfin to the internet, and some precautions I have taken that I don’t see mentioned in these answers are: 1) run jellyfin as a rootless container, and 2) use read-only storage where ever possible. If you have other tools managing things like subtitles and metadata files before jellyfin there’s no reason for jellyfin to have read access to the media it hosts. While this doesn’t directly address the documented security flaws with jellyfin, you may as well treat it like a diseased plague rat if you’re going to expose it. To me, that means worst case scenario is the thing is breached and the only thing for an attacker to do is exfiltrate things limited to jellyfin.
⁨Comment⁩ on ⁨New Jellyfin Server/Web release: 10.10.7⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
If you’re looking for more tinkering on the music around the house front, Lyrion music server + squeezelite players can be a very fun endeavor. I think it gets a little sketchy if you’re favoring automation and casting, but as a network of players that will utilize a wide swath of hardware, it shines. I had a bunch of pi4s laying around and eventually repurposed them all into a multiroom audio gang.
⁨Comment⁩ on ⁨Google To Subscribe To Your Emails To Find Content For Your Search Listings.⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
Startmail (from the Startpage folks) has been fine for me. You pay for it, you can put your domain on it, you can do alias addresses, works with any IMAP client since it’s just IMAP ran by a (so far) competent company. Their web ui is fine, but ive only used it for initial setup. Besides Thunderbird on mobile I use Snappymail within Nextcloud and this works just fine as well. All I can say is it does what it says on the tin.
⁨Comment⁩ on ⁨Jellyfin is not just good... but *better* than Plex now?!⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
This isn’t a complete solution, but trakt.tv covers a lot of ground. I started using it for getting a consistent history of watched shows between jellyfin on the road and kodi at home. It works okay enough for this, though at times it does seem that one or both of the plugins can fail to log a watched show. I would guesstimate a 90% success rate.
⁨Comment⁩ on ⁨⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
My favorite open secret of the internet. It’s crazy to think how long that network has been running. I think I stumbled on it around 2003. Thanks for pointing out this client. I’ve been relying on a rickety container build that uses novnc and nicotine+ to give a quasi-portable experience. It will be nice to ditch that, hopefully.
⁨Comment⁩ on ⁨Post your setup. no matter how uggo⁩ ⁨⁨5⁩ ⁨months⁩ ago⁩:
I did a 4 node Pi4 kubernetes cluster for about 5 years. The learning experience was priceless. I think most notable was learning to do proper multiarch container builds to support arm and x86_64. That being said, about half a year ago I decided to try condensing it all into two n100 nuc-like clones and keep one pi as the controller. For me and my apps and use cases there was no going back. Performance gains were substantial and in this regard I think I was hobbling myself after the educational aspect plateaued.