non_burglar
@non_burglar@lemmy.world
- Comment on XCP-NG vs PROXMOX security hardening? 1 day ago:
Kind of a vague question, but I take it you mean OS-level hardening, which should be fine with CIS hardening.
In a virtualized environment, there are many security layers to take care of: network access, storage, api control, identity access, cluster config, backups, etc.
- Comment on Would there be any potential problem of hosting public and/or private (vpn) services in a school office? 2 days ago:
Don’t be flippant.
This is like going to a car enthusiast forum and asking “any potential problems with driving a car that may or may not be stolen?”
You have indicated that you’re aware of the potential repercussions of running a personal project in a publicly-funded environment.You’ve already been told that this is unethical everywhere and illegal in many places.
- Comment on Would there be any potential problem of hosting public and/or private (vpn) services in a school office? 3 days ago:
If you are so sure of your indemnity because it’s “your device”, why are you asking on Lemmy?
- Comment on Selfhosting Sunday - What's up? 5 days ago:
It can manage KVM, so I don’t see why not .
- Comment on Selfhosting Sunday - What's up? 6 days ago:
Side question, but where are you hearing this about incus?
I’m wrapping up 9 years of using proxmox and I have very specific reasons for switching to incus, but I this is the third time I’m fielding questions in the last month about incus.
- Comment on Selfhosting Sunday - What's up? 6 days ago:
I think so.
It is LXD + KVM, so way more and finer tune control on lxc instances. It can run OCI images as well, so for docker instances with only a few configs and no persistent storage, it is actually quite handy. For docker instances that need pretty complicated compose files, I just run docker inside an lxc for now, until I figure that out.
- Comment on Selfhosting Sunday - What's up? 1 week ago:
Bash variables are really, really fun.
- Comment on Selfhosting Sunday - What's up? 1 week ago:
More incus:
- mounting persistent storage into containers (cheating by exporting NFS from my proxmox zfs into the incus host.
- wrote a pruning backup script for containers, runs daily
- passed through hardware (quicksync) into jellyfin container (it works!)
- launched an OCI container (docker home assistant) natively in incus (this is a game-changer!)
Next:
- build 2nd incus node
- move all containers from proxmox to incus
- decom proxmox
- setup Debian with NFS export
- Comment on lightweight blog ? 1 week ago:
I use eleventy. Similar to other static site generators.
- Comment on Do I really need a firewall for my server? 1 week ago:
Because NAT acts as a firewall with a “default deny” policy for incoming packets, but no other rules. You cannot prevent a device on the private subnet side of a NAT from attempting to communicate with an “outside” ip with nat alone, nat doesnt understand the concepts of accept/deny/drop.
All nat does is rewrite address headers.
The machines behind a NAT box are not directly addressable because they have private IP addresses. Machines out on the general Internet cannot send IP packets to them directly. Instead, any packets will be sent to the address of the NAT box, and the NAT box looks at its records to see which outgoing packet an incoming packet is in reply to, to decide which internal address the packet should be forwarded to. If the packet is not in reply to an outgoing packet, there’s no matching record, and the NAT box discards the packet.
It’s a confused topic because for a lot of people, nat does essentially everything they want. As soon as you get into more complex networking where a routing table needs to be updated, or bidirectional fw rules, it becomes apparent why routing + fw + nat is the most common combo.
- Comment on How best to store a media library in proxmox? 1 week ago:
Yes, Lxc, docker, whatever cgroup2 isolation environment, but not VMS, true.
Vms can achieve the same thing through shares
- Comment on Do I really need a firewall for my server? 1 week ago:
NAT simply maps IPS across subnet boundaries in such a way that upstream routing tables don’t need updating.
If you use destination NAT forward rules to facilitate specific destination port access, you are using a firewall.
- Comment on How best to store a media library in proxmox? 1 week ago:
Each cgroup container mounts a host path. That’s it.
- Comment on Do I really need a firewall for my server? 1 week ago:
Op means, as they said, a firewall on the server itself.
NAT is, effectively, a firewall.
No it isn’t. Stop giving advice on edge security.
- Comment on How best to store a media library in proxmox? 1 week ago:
Zfs (and most modern filesystems) are fine with concurrency.
I mount the same data store into several instances, it works well. Just needs some planning for permissions.
- Comment on How best to store a media library in proxmox? 1 week ago:
Yes, not course. I forgot about the gui, that’s valid.
- Comment on How best to store a media library in proxmox? 1 week ago:
If it’s a private ZFS pool not on the network you’re fucked.
Sorry, i didn’t word that correctly. I understand why you might need a share, I just think a whole truenas instance just for a few shares is way overkill. If I needed a samba share, NFS export, or an iscsi lun i would just spin up a Debian container and be done with it.
- Comment on How best to store a media library in proxmox? 1 week ago:
Why bother with truenas? Just put the media in a zfs pool and mount it directly into jellyfin.
- Comment on calibre 8.0 2 weeks ago:
Correct, my bad
- Comment on calibre 8.0 2 weeks ago:
Oh yeah, sorry. There is some vendor lock-in with all bookstores, but kobo looks the other way.
I have calibre-web setup with kobo sync, so calibre-web pretends to be part of the kobo store to my reader and I’m able to add non-drm books to my reader while still using the kobo store if I like.
- Comment on calibre 8.0 2 weeks ago:
Kobo does not block non-drm. Calibre is used as a server all the time, see calibre-web.
- Comment on [deleted] 3 weeks ago:
Not false, and shame on you for suggesting it.
I not only disagree, but sincerely hope you aren’t encouraging anyone to look up information using an LLM.
LLMs are toys right now.
- Comment on [deleted] 3 weeks ago:
It is not a search box. It generates words we know are confidently wrong quite often.
“Asking” gpt is like asking a magic 8 ball; it’s fun, but it has zero meaning.
- Comment on [deleted] 3 weeks ago:
I don’t understand the willingness to forgive error … Would you go to a person if you knew for a fact that 1 of 5 things they say is wrong?
- Comment on [deleted] 3 weeks ago:
Good reply, we’ve all been there. Hope your next disks survive their journey.
- Comment on [deleted] 3 weeks ago:
You’re perceiving some kind of blame from those users asking, but tbh you didn’t make your situation clear in your original post and they’re fair questions.
And I’ll echo most here and suggest you stop buying from that provider. It seems like the obvious choice. NewEgg isn’t exactly the paragon of customer service.
- Comment on Self-hosting minecraft 4 weeks ago:
OK, I respect your opinion.
I’m coming from a place of administering a server and I attest to this:
- Minecraft players want their particular mods on their particular seed, they don’t see value in armadillos and whatever other nonsense MS is “releasing”.
- most of my player base has moved on to Vintage Story because Minecraft itself is stagnating like counterstrike did. And now we have the same situation CS had, where there’s a huge base of mc players who are stuck on old versions because, let’s be honest, Minecraft is stale AF under microsoft.
- just because modern hardware is better at running vanilla doesn’t mean paper won’t run even better.
- Comment on Self-hosting minecraft 4 weeks ago:
Try paper or fabric, add Aikar’s Flags (docs.papermc.io/paper/aikars-flags) and marvel at the high ticks!
- Comment on Self-hosting minecraft 4 weeks ago:
Because paper and others don’t run like garbage, unlike vanilla MC.
- Comment on What's up, selfhosters? - The Sunday thread 4 weeks ago:
Finally moved all my lxc onto a lower-power Xeon D host, consumes 1/3 the electricity of my previous Dell R430, same essential performance.