There have been multiple accounts created with the sole purpose of posting advertisement posts or replies containing unsolicited advertising.

Accounts which solely post advertisements, or persistently post them may be terminated.

oranki

@[email protected]

This profile is from a federated server and may be incomplete. Browse more on the original instance.

oranki ,

Portability is the key for me, because I tend to switch things around a lot. Containers generally isolate the persistent data from the runtime really well.

Docker is not the only, or even the best way IMO to run containers. If I was providing services for customers, I would definetly build most container images daily in some automated way. Well, I do it already for quite a few.

The mess is only a mess if you don’t really understand what you’re doing, same goes for traditional services.

oranki ,

Most likely, a Hetzner storage box is going to be so slow you will regret it. I would just bite the bullet and upgrade the storage on Contabo.

Storage in the cloud is expensive, there’s just no way around it.

oranki ,

Imagine if all the people who prefer systemd would write posts like this as often as the opposition. Just use what you like, there are plenty of distros to choose from.

oranki ,

There was a good blog post about the real cost of storage, but I can’t find it now.

The gist was that to store 1TB of data somewhat reliably, you probably need at least:

  • mirrored main storage 2TB
  • frequent/local backup space, also at least mirrored disks 2TB + more if using a versioned backup system
  • remote / cold storage backup space about the same as the frequent backups

Which amounts to something like 6TB of disk for 1TB of actual data. In real life you’d probably use some other level of RAID, at least for larger amounts so it’s perhaps not as harsh, and compression can reduce the required backup space too.

I have around 130G of data in Nextcloud, and the off-site borg repo for it is about 180G. Then there’s local backups on a mirrored HDD, with the ZFS snapshots that are not yet pruned that’s maybe 200G of raw disk space. So 130G becomes 510G in my setup.

oranki ,

Wireguard runs over UDP, the port is undistinguishable from closed ports for most common port scanning bots. Changing the port will obfuscate the traffic a bit. Even if someone manages to guess the port, they’ll still need to use the right key, otherwise the response is like from a wrong port - no response. Your ISP can still see that it’s Wireguard traffic if they happen to be looking, but can’t decipher the contents.

I would drop containers from the equation and just run Wireguard on the host. When issues arise, you’ll have a hard time identifying the problem when container networking is in the mix.

oranki ,
  • Open the GUI network settings
  • Set DNS to the IP of the PiHole, make sure the “automatic” switch is off.
  • Do the above for each active interface (ethernet, wlan) and for both IPv4 and IPv6
  • Save/apply settings
  • Turn the interface(s) off, then back on
  • resolvectl flush-caches just in case

Look at resolvectl dns to check there’s no DHCP-acquired DNS servers set anymore

If you use a VPN, those often set their own DNS servers too, remember to check it as well.

oranki ,

I used to run everything with Pis, but then got a x86 USFF to improve Nextcloud performance.

With the energy price madness last year in Europe, I moved most things to cloud VPSs.

One Pi is still running Home Assistant, hooked to my heating/ventilation unit via RS485/modbus.

I had a ZFS backup server with 2 HDDs hooked up over USB to a Pi 8GB. That is just way too unreliable for anything serious, I think I now have a lot of corrupted files in the backups. Looking into getting some Synology unit for that.

For anything serious that requires file storage, I’d steer clear from USB or SD cards. After getting used to SATA performance, it’s hard to go back anyways. I’d really like to use the Pis, but family photo backups turning gray due to bitflips is unacceptable.

They are a great entrypoint to self-hosting and the Linux world though!

oranki ,

In my limited experience, when Podman seems more complicated than Docker, it’s because the Docker daemon runs as root and can by default do stuff Podman can’t without explicitly giving it permission to do so.

99% of the stuff self-hosters run on regular rootful Docker can run with no issues using rootless Podman.

Rootless Docker is an option, but my understanding is most people don’t bother with it. Whereas with Podman it’s the default.

Docker is good, Podman is good. It’s like comparing distros, different tools for roughly the same job.

Pods are a really powerful feature though.

oranki ,

on surface they may look like they are overlapping solutions to the untrained eye.

You’ll need to elaborate on this, since AFAIK Podman is literally meant as a replacement for Docker. My untrained eye can’t see what your trained eye can see under the surface.

oranki ,

Perhaps I misunderstand the words “overlapping” and “hot-swappable” in this case, I’m not a native english speaker. To my knowledge they’re not the same thing.

In my opinion wanting to run an extra service as root to be able to e.g. serve a webapp on an unprivileged port is just strange. But I’ve been using Podman for quite some time. Using Docker after Podman is a real pain, I’ll give you that.

oranki ,

This is true, with a couple gigs of RAM and SATA storage Nextcloud is not at all bad. Assuming an instance with not that much simultaneous users.

It feels like slow sometimes, then after an hour with M365 at work it doesn’t feel slow at all.

oranki ,

Even though you said “isn’t Nextcloud”, I’d still say it’s perhaps the simplest solution.

You can disable most the other apps and set calendar as the landing page. If you don’t use the other features, the resource usage is very low, just a cron job that does basically nothing. I don’t think disabling the default apps has much effect on the footprint, by the way.

Calendar, contacts and notes are why I still self host nextcloud. Just remember to pay/donate to Davx5, they’re one of the projects that need to keep running!

oranki ,

In Finland synchronization in gearboxes is starting to become a thing nowadays. Double clutching for 20 years now (38).

Just kidding, got my first automatic two years ago, so yes.

oranki ,

I recently put the nvidia variant of ublue-os on my work laptop, which has Optimus graphics. Couldn’t be happier.

It’s great to see these variants popping up! I really think ostree may be the future for desktop Linux, and not even very far away.

oranki ,

There’s a base image of ublue, which is Silverblue without a DE. I’d suppose you can mostly just layer e.g. Sway or i3 on top.

Traditional package model will still have it’s usage, of course, I agree. But if Silverblue works for a developer like me, I’d say a for more “regular” users immutable distros seem like a very viable option.

oranki ,

Thank you!

oranki ,

I started using gestures, and haven’t been able to transition away since.

Both have their pros and cons.

How do you deal with the logs on your servers?

I’m pretty new to selfhosting, but one thing that I know to take seriously is log collection. Since there are a lot of different type of logs (kernel log, application logs, etc) and logs come in many different formats (binary, json, strings) - it’s no easy task to collect them centrally and look through them whenever...

oranki ,

For a bit enhanced log file viewing, you could use something like lnav, I think it’s packaged for most distributions.

Cockpit can be useful for journald, but personally I think GUI stuff is a bit clunky for logs.

Grep, awk and sed are powerful tools, even with only basic knowledge of them. Vim in readonly mode is actually quite effective for single files too.

For aggregating multiple servers’ logs good ol’ rsyslog is good, but not simple to set up. There are tutorials online.

oranki ,

Rsyslog to collect logs to a single server, then lnav for viewing them on that server is a good combo. Oldschool but very effective for self-host scale.

Glad the tip was useful!

What is this pin called? Lost my LED lamp’s charging cable (i.imgur.com)

I know it’s the old round pin we used for phones back in the day but can someone send me a link to the exact one because I’m seeing too many round pin charges of different sizes. Also where do I go for tech help related questions like these? Is this the right community?

oranki ,

Remember to check the polarity of the plug too. Some have + in the center pin, others have -

oranki ,

This must be related to people in their 20’s not knowing how to read a traditional clock anymore.

Looking for a way to give certain trusted users the ability to execute certain admin actions on my server (such as stopping containers, shutting down, rebooting, etc...)

I want to allow certain trusted users the ability to take down my lemmy instance or reboot it or x, y, z actions in case things go wrong or there is a security incident....

oranki ,

I’d go the SSH + sudo way.

Sudo can be quite finely tuned to only allow specific commands. If you want to lock the SSH session further, look into rbash.

oranki ,

I’d second this. Fedora is great, don’t get me wrong, but it’s not rolling or stable.

I think stable was referring to not crashing here.

oranki ,

Most Debian based distros, actually.

oranki ,

Plain NGINX has served me well.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • lifeLocal
  • goranko
  • All magazines
    •