• 0 Posts
  • 24 Comments
Joined 1 year ago
cake
Cake day: June 5th, 2023

help-circle
  • oranki@sopuli.xyztoSelfhosted@lemmy.worldWhy docker
    link
    fedilink
    English
    arrow-up
    7
    ·
    10 months ago

    Portability is the key for me, because I tend to switch things around a lot. Containers generally isolate the persistent data from the runtime really well.

    Docker is not the only, or even the best way IMO to run containers. If I was providing services for customers, I would definetly build most container images daily in some automated way. Well, I do it already for quite a few.

    The mess is only a mess if you don’t really understand what you’re doing, same goes for traditional services.



  • There was a good blog post about the real cost of storage, but I can’t find it now.

    The gist was that to store 1TB of data somewhat reliably, you probably need at least:

    • mirrored main storage 2TB
    • frequent/local backup space, also at least mirrored disks 2TB + more if using a versioned backup system
    • remote / cold storage backup space about the same as the frequent backups

    Which amounts to something like 6TB of disk for 1TB of actual data. In real life you’d probably use some other level of RAID, at least for larger amounts so it’s perhaps not as harsh, and compression can reduce the required backup space too.

    I have around 130G of data in Nextcloud, and the off-site borg repo for it is about 180G. Then there’s local backups on a mirrored HDD, with the ZFS snapshots that are not yet pruned that’s maybe 200G of raw disk space. So 130G becomes 510G in my setup.



  • They could explain things better, you are right. I actually think I remember having almost the exact same confusion a few years back when I started. I still have two keys stored in my pw manager, no idea what the other one is for…

    The decryption has gotten much more reliable in the past year or two, I also try out new clients a lot and have had no issues in a long time. Perhaps you could give it a new go, with the info that you use the same key for all sessions.


  • I have a feeling you are overthinking the Matrix key system.

    • create account
    • create password you store somewhere safe
    • copy the key and store somewhere safe
    • when signing on a new device, copy-paste the key

    Basically it’s just another password, just one you probably can’t remember.

    Most of the client apps support verifying a new session by scanning a QR code or by comparing emoji. The UX of these could be better (I can never find the emoji option on Element, but it’s there…). So if you have your phone signed in, just verify the sessions with that. And it’s not like most people sign in on new devices all the time.

    I’d give Matrix a new look if I were you.


  • Wireguard runs over UDP, the port is undistinguishable from closed ports for most common port scanning bots. Changing the port will obfuscate the traffic a bit. Even if someone manages to guess the port, they’ll still need to use the right key, otherwise the response is like from a wrong port - no response. Your ISP can still see that it’s Wireguard traffic if they happen to be looking, but can’t decipher the contents.

    I would drop containers from the equation and just run Wireguard on the host. When issues arise, you’ll have a hard time identifying the problem when container networking is in the mix.


  • oranki@sopuli.xyztoLinux@lemmy.mlDNS help needed on Fedora 38
    link
    fedilink
    arrow-up
    1
    arrow-down
    1
    ·
    1 year ago
    • Open the GUI network settings
    • Set DNS to the IP of the PiHole, make sure the “automatic” switch is off.
    • Do the above for each active interface (ethernet, wlan) and for both IPv4 and IPv6
    • Save/apply settings
    • Turn the interface(s) off, then back on
    • resolvectl flush-caches just in case

    Look at resolvectl dns to check there’s no DHCP-acquired DNS servers set anymore

    If you use a VPN, those often set their own DNS servers too, remember to check it as well.


  • I used to run everything with Pis, but then got a x86 USFF to improve Nextcloud performance.

    With the energy price madness last year in Europe, I moved most things to cloud VPSs.

    One Pi is still running Home Assistant, hooked to my heating/ventilation unit via RS485/modbus.

    I had a ZFS backup server with 2 HDDs hooked up over USB to a Pi 8GB. That is just way too unreliable for anything serious, I think I now have a lot of corrupted files in the backups. Looking into getting some Synology unit for that.

    For anything serious that requires file storage, I’d steer clear from USB or SD cards. After getting used to SATA performance, it’s hard to go back anyways. I’d really like to use the Pis, but family photo backups turning gray due to bitflips is unacceptable.

    They are a great entrypoint to self-hosting and the Linux world though!




  • In my limited experience, when Podman seems more complicated than Docker, it’s because the Docker daemon runs as root and can by default do stuff Podman can’t without explicitly giving it permission to do so.

    99% of the stuff self-hosters run on regular rootful Docker can run with no issues using rootless Podman.

    Rootless Docker is an option, but my understanding is most people don’t bother with it. Whereas with Podman it’s the default.

    Docker is good, Podman is good. It’s like comparing distros, different tools for roughly the same job.

    Pods are a really powerful feature though.



  • Even though you said “isn’t Nextcloud”, I’d still say it’s perhaps the simplest solution.

    You can disable most the other apps and set calendar as the landing page. If you don’t use the other features, the resource usage is very low, just a cron job that does basically nothing. I don’t think disabling the default apps has much effect on the footprint, by the way.

    Calendar, contacts and notes are why I still self host nextcloud. Just remember to pay/donate to Davx5, they’re one of the projects that need to keep running!






  • For a bit enhanced log file viewing, you could use something like lnav, I think it’s packaged for most distributions.

    Cockpit can be useful for journald, but personally I think GUI stuff is a bit clunky for logs.

    Grep, awk and sed are powerful tools, even with only basic knowledge of them. Vim in readonly mode is actually quite effective for single files too.

    For aggregating multiple servers’ logs good ol’ rsyslog is good, but not simple to set up. There are tutorials online.


  • Devuan is more stable

    So Devuan has even older versions of packages than Debian? Stability in the distro context means that features, APIs, UIs don’t change. Please don’t mix software bugs with stability.

    It may be I’ve entirely misunderstood how systemd works, but I think your description of it is off by a mile too.

    but a different init starts a new process ID for each separate program

    Of course there are PIDs with systemd too! First of all, systemd itself has a PID (1).

    For systemd, which runs system wide to handle everything, if one program locks, systemd has to make adjusts for the whole system to fix the problem.

    This is just wrong… Sure, if the service in question is dependent on a lot of other services, or vice versa. If your programs tend to lock, that’s the application’s fault and should be handled at the application level.

    I found Artix to run smoother or lighter than Arch.

    This is most definetly a difference in what else is running on the system. Systemd doesn’t really use that much resources. Unless you are measuring RAM usage in the megabytes. Which is of course valid on constrained systems, but on a regular desktop one browser tab will need orders of magnitude more resources than any init system.

    I want Firefox running an isolated process from the one that Plasama desktop is running

    This just shows you have absolutely no clue on Linux processes, I really really doubt anyone is running Firefox under systemd. And neither have you.

    There are valid reasons for choosing a different init system, but you have not provided a single one that is really true. It seems like you are only repeating things heard from some one else.

    The difference is systemd is one thing to handle everything

    This is true, but it refers to systemd handling a lot more than process management. Systemd has the problem that nowadays it does log management, memory management, login management, user management etc. This goes against the UNIX philosophy of one tool for one job, and THAT is why people frown on systemd.