solariplex
@solariplex@slrpnk.net
- Comment on Selfhosting Sunday - slrpnk edition 1 week ago:
Cool, I haven’t tried either of those.
I’m the type of person who likes to upgrade my systems via the terminal because I like to know the detailed processes, but I’ve also burned myself numerous times; hence my preference for declarative and immutable/atomic solutions.
It’s (quite) a bit more of a hassle, but I’ve lost trust in GUIs.
k3s is fairly simple (as far as k8s distros go). Helm is good to start with but for the long run I recommend using kubernetes manifests directly (i.e.
kubectl apply -f pvc.yaml, deployment.yaml, etc) rather than helm, because there are quite a few gotchas with helm which can cause trouble. Besides that, it’s good practice to use the–secrets-encryptionflag on the server node(s), and if you’re deploying agent nodes it’s good to use bootstrap tokens (k3s token create) - Comment on Selfhosting Sunday - slrpnk edition 1 week ago:
Working on a split staging/prod hybrid-cloud k3s setup using nixos, tailscale, systemd-nspawn and fluxcd. If someone has advice for running k3s in unprivileged (mounts idmapped) nspawn containers, I’m all👂.
This will run
- (openwisp)[openwisp.org] to make it feasible to provide lots of less tech-savvy people in the local community with secure, simple, privacy-respecting wifi using free software and recycled routers.
- Various libre software I’m helping community, unions and political orgs adopt. Notably Discourse and Peertube.
- Comment on Denmark apologises for Greenland forced contraception 2 weeks ago:
Denmark did a genocide against the Inuit peoples, according to the UN convention on prevention and punishment of the crime of genocide: un.org/…/Doc.1_Convention on the Prevention and P…
- Comment on Where to begin? 2 weeks ago:
Jerboa crashed mid-comment so i’ll be brief.
Save yourself pain and increase your happiness by
- using btrfs or zfs (snapshots, checksum and self-healing is great)
- using declarative approach rather than imperative, and keep a copy of configs elsewhere (I accidentally nuked my system multiple times, you should expect to do the same)
- keeping backups. If zfs, github.com/jimsalterjrs/sanoid and syncoid are great discourse.practicalzfs.com/t/…/1611
- have an extra tiny machine running the same system and workloads, where you test potentially risky stuff before doing so on the prod server
- metrics solutions like prometheus and grafana are your friend
- Comment on Microsoft says U.S. law takes precedence over Canadian data sovereignty 3 weeks ago:
Norway has pretty draconic surveillance laws regarding digital cross-border communication, allowing all comms (encrypted or not) to be stored in the servers of the intelligence service for years, with the vague hope of combatting organized crime and terrorism.
If you use post-quantum encryption you should be fine though.