ShortN0te
@ShortN0te@lemmy.ml
- Comment on Awesome Open Source Server Overview App 2 hours ago:
Have found it by accident too. Just amazing.
Would love something like that for the Desktop. Basically a Cockpit+Serverbox+xpipe for my desktop clients.
- Comment on Recommendations for a good .ca domain host? 19 hours ago:
Some (probably most) domain registrars allow to use different nameservers. So for example i use namecheap, since its cheap as domain registrar but cloudflare for DNS, since the API is free and widly supported.
- Comment on Would this flow work with Immich & Syncthing to copy images and auto upload and delete? 2 months ago:
Why not file a bug report when it does not find all your photos?
Also may file a feature request to delete photos after set period from your device via immich?
- Comment on Immich v1.102.0 - ⚠️ Breaking Changes (OPT-IN ONLY) 2 months ago:
Who the hell is pulling the docker-compise.yml automatically every release? I find myself already crazy by pulling the latest release but the compose file is just a disaster waiting to happen.
- Comment on Do you encrypt your data drives? 2 months ago:
This answer here covers it quite nice imo.
unix.stackexchange.com/…/ssh-to-decrypt-encrypted…
Important is that you update your initramfs with the command after you edited the dropbear initramfs config and or you copied the key over.
For the client it is important to define 2 different known hosts files since the same host will have 2 different host keys, 1 when encrypted with dropbear, and 1 when operational with (usually) sshd.
Also you need to use root when you connect to your server to unlock it. No other user will work with the default setup.
- Comment on Do you encrypt your data drives? 2 months ago:
How do you even encrypt a server so that it doesn’t require human intervention every time it goes down/restarts?
The only time my Server goes down, is when i manually reboot it. So waiting a minute or two, to ssh into it and entering the passphrase is no inconvenience.
- Comment on Do you encrypt your data drives? 2 months ago:
I use full disk encryption for every server (and other computers).
Encrypting your data drives is a must for everyone imho. Encrypting the OS is a must for me🤷♂️
- Comment on Wireguard in docker, no way of password authentication? 2 months ago:
Password protect your phone?
When a private key gets compromised just delete the public one from the allow list?
- Comment on Backblaze B2 vs other storage providers to store legally ripped media 3 months ago:
I have a personal account. Backing up 3 computers and they’ve never said anything over years
Until you need to use the backup and the process is like shit. And takes weeks to months.
- Comment on Self hosted syncthing relay with keepass, how secure is it? 3 months ago:
So you do not trust the syncthing encryption when it goes through someones server but when it goes through someones (your ISP and the ISP of the end device) router/server?
I am not really understanding the thread model here.
- Comment on What's wrong with Nextcloud, and why is it slow/clunky? 3 months ago:
Use redis and it will feel smoother.
- Comment on Sophos XG115 Rev. 3 as OPNsense firewall? 4 months ago:
Got a sg125 rev. 2 running OPNsense. Not actively running somewhere atm, but everything worked out of the box as far as i tested. Looks like solid build hardware on the first glance. And probably want to deploy it when i get my FTTH.
- Comment on I hate to ask, but help me spec a build please 4 months ago:
Like it was already suggested, everything since intel 7th gen with quick sync should do the job for transcoding 4k hdr 10 bit releases, even the low tier i3 ones. You will also not need much ram for transcoding 8 should be fine, with a larger raid array go for 16 or above. When you watch stuff just once anyway, honestly you will not need much, a couple of TB should be more than enough. Not aware of any service that does automatic downloads based on a queue.
- Comment on Services to host on a retired laptop? 4 months ago:
It just depends on the model. But yeh i would assume most devices since 2010 should be able to. Was more common back in the day.
- Comment on Services to host on a retired laptop? 4 months ago:
Also assuming the charge circuit is designed for that (usually all modern devices should be). Especially older devices often do not like to be used and charged at the same time, that can lead to swollen batteries which is a fire hazard.
- Comment on If you were to suddenly come into possession of 12+ enterprise-grade SAS hard drives, how would you go about incorporating them into your homelab? 4 months ago:
Buy a cheap Disk shelf the Netapp ds4246 (do not remember the smaller models name) and a cheap used hba (host bus adapter) to plug it into.
- Comment on Advice on encrypted storage 4 months ago:
Steps are basically not more then this (Can not find the original blog i followed but this is the small write up i have made years ago)
- install dropbear
- update config to your liking
- copy public ssh keys over
- run update-initramfs -u (has to be rerun on config change)
- done (for the server part)
For some reason i install busybox too in the personal write up. But i do not think it is necessary.
- Comment on Advice on encrypted storage 4 months ago:
Have not looked through the setup steps of that link, but using FDE with luks and remote ssh unlock for years and have not had any problems.
Also, when you update the kernel you have to rebuild the initramfs with sudo update-initramfs -k all -u, or it won’t be able to boot to the new kernel.
Shouldn’t that be automatically handled by apt? I dont remember that i have setup a manually hoom for that and i never rebuild my initramfs manually.
- Comment on Help and questions on my current setup 4 months ago:
Tailscale would be the most “secure” as you have no ports open and only you can access it. Keep in mind your services will only be accessible by you along as all your devices connect to your tailscale instance. Sharing access is possible but will require some explanation.
Wireguard is another option, just as secure as the first option, it will need one port open but the port only responds if you are connecting with proper keys/authentication. Like tailscale you can only access your services if connected to your wireguard instance.
I disagree. Tailscale has a much higher attack surface since the network is controlled by a separate entity, tailscale. As on pure wireguard, you would need to first compromise one of your clients to get into the network.
Also tailscale is a much higher value target since you could compromise thousands of devices/networks/communication with ‘just’ compromising the vendors network.
- Comment on Haier hits Home Assistant plugin dev with takedown notice 5 months ago:
Sadly it does not matter. The company could keep the battle going for close to a decade until there is a final decision. It is financially draining and you have to give up a lot of time in order to attend the hearings (or even travel to the correct jurisdiction).
- Comment on Adding services to an existing Docker nginx container 5 months ago:
A compose file is just the configuration of one or many containers. The container is downloaded from the chosen registry and pretty much does not get touched.
A compose file ‘composes’ multiple containers together. Thats where the name comes from.
When you run multiple databases then those run parallel. So every database has its own processes. You can even see them on the host system by running something like top or htop. The container images themself can get deduplicated that means that container images that contain the same layer just use the already downloaded files from that layer. A layer is nothing else as multiple files bundled. For example you can choose a ‘ubuntu layer’ for the base of your container image and every container that you want to download using that same layer will just simply use those files on creation time. But that basically does not matter. We are talking about a few 10th or 100th of MB in extreme cases.
But important, thoses files are just shared statically and changing a file in one container does not affect the other. Every container has its own isolated filesystem.
I understand the architecture, I’m just not sure about how docker streamlines separate containers running the same process (eg, mysql).
Quite simple actually. It gives every container its own environment thats to namespacing. Every process thinks (more or less) it is running on its own machine.
There are quite simple docker implementations with just a couple of hundreds lines of code.
- Comment on Adding services to an existing Docker nginx container 5 months ago:
So from what i get reading your question, i would recommend reading more about container, compose files and how they work.
To your question, i assume when you are talking about adding to container you are actually referring to compose files (often called ‘stacks’)? Containers are basically almost no computational overhead.
I keep my services in extra compose files. Every service that needs a db gets a extra one. This helps to keep things simple and modular.
I need to upgrade a db from a service? -> i do just that and can leave everything else untouched.
Also, typically compose automatically creates a network where all the containing services of that stack communicate. Separating the compose files help to isolate them a little bit with the default settings.
- Comment on How often do you back up? 5 months ago:
When you use deduplication on the backup side you can do backups every minute without needing much storage. When the backup programm looks at the filesystem to determine which file has changed, the CPU only need to process the changed files.
For my personal devices i do daily backups. There is not enough change every day.