There have been multiple accounts created with the sole purpose of posting advertisement posts or replies containing unsolicited advertising.

Accounts which solely post advertisements, or persistently post them may be terminated.

buedi

@[email protected]

This profile is from a federated server and may be incomplete. Browse more on the original instance.

buedi ,

Could it be an MTU issue? Networking van be weird if packets get fragmented unexpectedly, but I see this mostly for IKEv2 and other VPN Services. Try to lower your MTU on the WAN side Maybe?

buedi ,

Me too, I have a lot of fun with it this season.

buedi ,

Diablo 4 for me too. I did not play much last season, but this one I enjoy a lot. I like the changes regarding loot and crafting and I see myself finally using the Aspects now that they are not consumed, but can be pulled from the codex as often as I want. Previously I saved my good rolled aspects “for later”… and later was usually beyond my playtime for a season :-)

Nextcloud appreciation post

After months of waiting, I finally got myself an instance with Libre Cloud. I was expecting basic file storage with a few goodies but boy, this is soooo much more. I am amaze by how complete this is!!! Apps let me configure my instance to fit everything I need, my workflow is now crazy fast and I can finally say goodbye to...

buedi ,

I run Nextcloud for many, many years. I hosted it for a very long time at Hetzners second lowest tier of Webspace they rent. It was not very fast there (you get what you pay for), but fast enough for our need here. Later I moved it to an Azure VM and after that to my Homeserver where it runs blazingly fast, especially since the last updates they pushed out.

In all that time I never reinstalled. I just upgraded to the newer versions when they were out. The only times I had problems upgrading was when I was hosting at the cheap Webspace instance at Hetzner and an upgrade process took longer than the PHP timeout my very cheap hosting instance provided. So it was never a fault of Nextcloud, but just that I hosted it on basically the cheapest hosting plan I could find.

We use it for file sharing, calendar + contacts (+ Sync with DAVx), Notes and of course Talk. For talk to make full use of Voice + Video calls, you should have a TURN Server, but if you do not use that (if you just text) it was running great even on the Webspace instance at Hetzner.

We are very happy in our family that it exists, that it is free and that it serves us well since many years.

Should I move to Docker?

I’m a retired Unix admin. It was my job from the early '90s until the mid '10s. I’ve kept somewhat current ever since by running various machines at home. So far I’ve managed to avoid using Docker at home even though I have a decent understanding of how it works - I stopped being a sysadmin in the mid '10s, I still worked...

buedi ,

I would absolutely look into it. Many years ago when Docker emerged, I did not understand it and called it “Hipster shit”. But also a lot of people around me who used Docker at that time did not understand it either. Some lost data, some had servicec that stopped working and they had no idea how to fix it.

Years passed and Containers stayed, so I started to have a closer look at it, tried to understand it. Understand what you can do with it and what you can not. As others here said, I also had to learn how to troubleshoot, because stuff now runs inside a container and you don´t just copy a new binary or library into a container to try to fix something.

Today, my homelab runs 50 Containers and I am not looking back. When I rebuild my Homelab this year, I went full Docker. The most important reason for me was: Every application I run dockerized is predictable and isolated from the others (from the binary side, network side is another story). The issues I had earlier with my Homelab when running everything directly in the Box in Linux is having problems when let´s say one application needs PHP 8.x and another, older one still only runs with PHP 7.x. Or multiple applications have a dependency of a specific library when after updating it, one app works, the other doesn´t anymore because it would need an update too. Running an apt upgrade was always a very exciting moment… and not in a good way. With Docker I do not have these problems. I can update each container on its own. If something breaks in one Container, it does not affect the others.

Another big plus is the Backups you can do. I back up every docker-compose + data for each container with Kopia. Since barely anything is installed in Linux directly, I can spin up a VM, restore my Backups withi Kopia and start all containers again to test my Backup strategy. Stuff just works. No fiddling with the Linux system itself adjusting tons of Config files, installing hundreds of packages to get all my services up and running again when I have a hardware failure.

I really started to love Docker, especially in my Homelab.

Oh, and you would think you have a big resource usage when everything is containerized? My 50 Containers right now consume less than 6 GB of RAM and I run stuff like Jellyfin, Pi-Hole, Homeassistant, Mosquitto, multiple Kopia instances, multiple Traefik Instances with Crowdsec, Logitech Mediaserver, Tandoor, Zabbix and a lot of other things.

buedi ,

You would think so, yes. But to my surprise, my well over 60 Containers so far consume less than 7 GB of RAM, according to htop. Also, of course Containers can network and share services. For external access for example I run only one instance of traefik. Or one COTURN for Nextcloud and Synapse.

Need help: accessing all my containers by name

I’m to the point now where my little home device has enough services and such that bookmarking them all as nas-address:port is annoying me. I’ve got 3 docker stacks going on (I think) and 2 networks on my Synology. What’s the best or easiest way to be able to reach them by e.g. pi-hole and such?...

buedi ,

I love Traefik! When I started, I tried NGinx, but could not wrap my head around it. So I tried Caddy. Pretty easy to understand andI used it for a while. Then I had demands Caddy could not do ant stumbled uponTraefik. As you said, a learning curve, butfor me much easier than NGinx. I like that you can put the Traefik config inside the Compose files and that the service only is active in Traefik when the actual Containers are up and running. I added Crowdsec to my external facing Traefik instance and even use a plain Traefik instance for all my internal services also. And it can forward http, https, TCP and UDP.

Anyone knows about calm Windows games with 1-finger touch screen support?

What I am searching for is for games that support touch screens and can be played with 1 finger / one hand. No action games with fake joysticks on the screen, just games that work with a single finger or at least one hand while lying in bed and trying to wind down. One very good example is Civilization V, which has a dedicated...

buedi OP ,

Oh yes, Dorfromantik! I have this on my radar for a while. It looks so lovely. I did not know about Townscaper, but that looks very chill too.

I have Stardew Valley already, never thought about trying it on the tablet, but that´s something I will do. I love this game, but only played it with Mouse & Keyboard so far.

Thank you very much for your suggestions :-)

buedi OP ,

I had a good laugh looking at the Video on Steam. I am not sure if this will help me to wind-down, more something I might rage-quit in the middle of the night and then need a coffee to calm down again :-> But it does look pretty fun. Thanks for the suggestion :-)

buedi OP ,

That´s quite a list! Thank you :-) I even have a few on that list and will try them out. I did not think about The Witness, but it´s worth a try. I did not finis it on PC, but it has some really hard puzzles in it that keep you occupied for a while at the same place without the need to move around a lot.

The Hexcells series is awesome, played through all of them (of course not through all the random ones in Infinite ;-)), but might be worth to try again on the tablet. I tried Tametsi (also a puzzler), but it did not scale with the High DPI screen and was super tiny.

buedi OP ,

Oh yes! That one was fantastic. It´s been a long time. Wasn´t it part of the very first Humble bundle?

buedi OP ,

That looks sweet! I never heard about that, looks like a whole series. That´s on the list :-)

buedi OP ,

That´s a good idea. A Sci-Fi setting is a nice change from the classic Civ theme. I loved Alpha Centauri back then, could not stop playing. This might scratch that itch. Thank you :-)

buedi OP ,

Oh cool. That looks like it might also be a battery saver and not causing too much excess heat in the tablet :-)

buedi OP ,

Thanks for the suggestion. “Unfortunately” I grew up with those and know probably each one of them inside out, as they have been replayed multiple times over the decades. But I did not think about SCUMMVM and reading this I get the urge to Talk to Mr. Tentacle Guy again :-)

buedi OP ,

I played Mini Metro on Android a long time ago… did not remember that I might have it on Windows already too! I think it was in a bundle at one time. Thanks :-)

buedi OP ,

I always miss Demos for games, but totally forgot that on Steam you can refund within the first 2 hours of gameplay. It should not hurt if it´s used rarely. I can not figure out yet if Slay the Spire is for me (for some games it is pretty clear when reading about them), so this one might be a good opportunity to test it out.

buedi OP ,

Oh wow! That looks like a pretty unique experience. I have a pen, indeed! Thank you very much :-)

buedi OP ,

Oh wow, that is a lot more usage than I can think of for all of us here, haha! Thank you very much. That sounds very promising.

buedi OP ,

One reason is because I can. And because of that, I tend to host things myself which I can. This generates cost and work to maintain it on my side and not for others. A few less users from our household on a public instance means more room for others who are just not as tech-savvy and have no other choice as to rely on public instances. So it is a mix of respecting other peoples time, effort and money and a part is just the nerd that wants to find out how it works and how it´s done :-)

buedi OP ,

Thank you for your feedback! I get the impression that it might work if used on a small scale when it´s not public. I guess I will have a new container soon :-)

buedi ,

Key Performance Indicator

buedi ,

Is Revolt an option, maybe?

buedi ,

What in Spaghettis name!

buedi ,

I was just looking for cheap backup space recently and Hetzners Storage Box BX21 is 13€ per month for 5 TB, 20 Snapshots and unlimited traffic. I did not compare the service with backblaze yet, though.

buedi ,

Is there a way around the stealth / hiding from the black fog thingy or does it get less as you progress? This is the only thing that held me back playing further. And I was so impressed by everything else in the game. It is a bit sad, I really want to continue playing.

buedi ,

Thank you very much. I guess I just have to pick it up and get through this. I loved everything else of it, so I am sure it is worth it :-)

buedi ,

Thank you. Knowing that I am able to deal with them other than trying so sneak around them will make things easier :-)

buedi ,

Awesome, Thank you very much for all your tips! It is smoking hot outside at the moment, so I try to prevent heating up my room even more with the GPU fans spinning, but when autumn / winter comes I will welcome a nice warm breeze under the desk and reinstall it again. I am really looking forward to it now after your comment :-)

buedi ,

Yeah, they had the better technology (Google Video was very bad) and Google had the money.

buedi ,

The thing that stuck with me was that I always had the impression that the Video quality was much worse than on Youtube. IIRC when there was content that was available on both platforms, Youtube had the much better picture and sound. But maybe that was just specific to the content I watched back then. There was not THAT much to see in the beginning, not like today where you can spend 24h straight and always see new stuff :-)

buedi ,

Diablo 4 allows that. Let’s you choose to get the 4K Textures or not and which languages for Voiceover / Cutscenes. The textures alone decide if you game is 40 or 80 GB.

buedi ,

As others mentioned, you probably do not need VMs. If you thought about VMs because of isolation, then yes. that might be a good idea.

In an ideal world, if I had the budget / hardware, I would have a Server with multiple NICs (Network Interface Cards) connected to different ports on my Firewall for LAN and DMZ. Then I would create VMs for LAN and DMZ and on those the Docker Containers needed for that zone. Everything that is accessible from the Internet gets into the DMZ, the rest in the LAN. I could further lock it down by creating 2 DMZ zones and only put let´s say NGINX or Traefik into the Zone that gets exposed and the services behind the Reverse Proxy in the 2nd DMZ zone, which will still be isolated from LAN.

But since I only have a small box with 1 NIC, instead I created VLANs on my Router and created a Docker Network for each VLAN. Every single service I run is a docker container and in one of the VLANs, appropriate to their level of exposure. I have one VLAN called LAN that obviously is connected to my LAN and 2 other VLANs where I basically do what I described above. One holds Traefik and has exposed ports to the Internet and the other VLAN hosts the Services which are accissible through traefik. With that setup you at least isolate network traffic and it is something I would look into if you plan to expose any of your services to the internet. Usually when you start with Docker, you probably would just expose Ports from the Containers, which get mapped to the IP of your host… and so all those Containers will have access to your LAN. At least try to separate that.

The next thing I wanted to do, is run my Containers rootless, which means that no container has root permissions if in case something within the container decides to let the docker service do something malicious on the host, it should not be able to run as root. The caveat here is, that docker does not support VLANs in rootless mode. I spend half a day converting everything to Podman, because people where praising podman left and right if you want to run rootless, but then I found out that Podman does not support VLANs in rootless mode either :->

Using VMs as described above would make the “I can not use docker rootless” problem less of a problem, but I decided against VMs because of Resources / Budget.

What I can recommend when you start, do not try to make things too complicated until you are familiar with Docker and understand what you are doing. As you get better, you might want more and learn more stuff as you go.

You could just install a Linux Distribution you are familiar with (I use Ubuntu Server LTS 22), install Docker and just play around with it a bit to see how everyting works. Only start exposing Services to the Internet if you know what you are doing.

Maybe a few tips or keywords for you of stuff I went through step by step for later usage.

  • If you expose Services to the Internet, use a Reverse Proxy you think you will understand (NGINX, Traefik, Caddy…)
  • Try to segment your network if your Hard- / Software allows it to separate LAN Services from Services exposed in the Internet
  • Start documenting your setup from the beginning! If you are like me, everything is clear as you do it… but when I come back a month later I wonder how I set up the VLANs or what each Environment Setting does for a specific container etc ;-)
  • Instead of using Docker Volumes, think about redirecting Container directories to directories on the host instead. All my containers have their data under /opt/<container> and all my docker-compose files are in another, separate directory.
  • Implement a Backup solution early on (I use kopia, which backs up my compose directory and /opt, which should be everything I need to set up everything again on a new host)
  • Once you have a few containers up and running and think you are familiar how they work, start use docker-compose. Having a compose file for each container makes updating and maintaining them super easy. There is an updated image for a container? Just run docker-compose up -d and you are done. You need a variation of a container for testing? Copy the compose file, make adjustments and run it.
  • I use watchtower to automatically check if new docker images are available. I use it in monitoring mode. It will check and download for new images, but will not restart the containers. Instead I receive an E-Mail from watchtower. I can then check if the update is for a container exposed to the internet and then will let kopia do another backup run and just do a docker-compose up -d to restart / update the respective container, check if it still does what it does and am done.
  • Did I mention that you should document everything you do? If you are like me and have a memory like an earthworm, you should document your setup from the beginning ;-)

All in all: Do not rush it, do not feel the pressure to do everything I wrote. You might even come up with other, much better fitting solutions for you than what I or others here are doing. The most important things? Have fun and think twice what and how you expose a service to the public :-)

buedi ,

Maybe Tandoor for recipes and Groceries from David Shay for shopping lists of all kind. So far the best multi User shopping list / app I ever had.

buedi ,

Hmm, what do docker logs -f <container> tell? I made myself a compose file and use traefik. Not on my PC atm, but when I had problems getting it running, I made mistakes with the secrets. But that should show in the logs.

buedi ,

Setup of the HMAC Key for the CouchDB was indeed the step I struggled with too. I think the first time I either made a mistake or used a broken Website to generate a Base64 value. The 2nd time my mistake was that I put in the Base64 value for the HMAC Key into the jwt.ini AND in the docker-compose.yml. But in the docker-compose.yml COUCHDB_HMAC_KEY, I had to put it unencoded and in the jwt.ini hmac:_default it has to be Base64 encoded. Maybe this is the thing you did wrong too?

I bet you are close!

On the other hand, if you are the only person using the shopping list and your current setup offers you what you need, maybe it is not worth it for you. For me it was (and updating when it runs is super easy, I promise!). The instant sync over all devices is great + it keeps working when I lose reception in a shop and syncs again instantly when I have internet again. But what makes Groceries for me are:

  • The ability to have an item on multiple shopping lists if needed and if it is checked off from one list, it is checked of from the other lists too. I stopped forgetting buying stuff that was not available in the 1st shop to get in the 2nd.
  • The ability to add items to aisles and move the aisles in different order for each list (every shop I visit has a bit of a different layout). This made shopping super quick for me, because I enter the shop and walk through it exactly once and have everything I need, because it is all in the correct order on the respective list.

Oh, and adding a photo to an item is super useful if you are like me and need very close instructions what to get for your partner if you stand in front of a shelf with 100 different types of cheese which look all exactly the same to you… having a photo is sometimes a life saver for me :-)

buedi ,

Oh yes! SMG was the game we bought the day we bought our Wii back then and it is a masterpiece. It is also the only Mario Game I ever “finished” (all Stars with Mario, not Luigi tough). We loved everything in this game. The Music, Level Design, Controls… and whenever we thought that we have seen all, they came up with a new game mechanic that surprised us and was super fun. It was truly a fantastic and memorable experience.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • lifeLocal
  • goranko
  • All magazines
    •