Skip Navigation

InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)H

herrfrutti

@ herrfrutti @lemmy.world

Posts
3
Comments
105
Joined
2 yr. ago

  • ich😍iel

    Jump

  • So hart link auch nicht. o7

  • Podman or rootless docker?

    Jump

  • Yes all users that have containers running, that should keep running need lingering.

    The Services do not restart themself. I have cronjob that executes podman start --all at reboot for my "podman user".

  • Podman or rootless docker?

    Jump

  • I'm running podman and podman-compose with no problem. And I'm happy. At first I was confused by the uid and gid mapping the containers have, but you'll get used to it.

    This are some notes I took, please don't take all of it for the right choice.

    Podman-Stuff

    https://github.com/containers/podman/blob/main/docs/tutorials/rootless_tutorial.md

    storage.conf

    To use the fuse-overlay driver, the storage must be configured:

    .config/containers/storage.conf

     
        
[storage]
  driver = "overlay"
  runroot = "/run/user/1000"
  graphroot = "/home/<user>/.local/share/containers/storage"
  [storage.options]
    mount_program = "/usr/bin/fuse-overlayfs"

    Lingering (running services without login / after logout)

    https://github.com/containers/podman/issues/12001

    https://unix.stackexchange.com/questions/462845/how-to-apply-lingering-immedeately#462867

     
        
sudo loginctl enable-linger <user>

  • Veritasium - Exposing the flaws in the SS7 phone system.

    Jump

  • Yeah, I did not know it is that bad....

  • Deleted

    Permanently Deleted

    Jump

  • You don't want the nextcloud to be public for everyone, then I'd go the tailscale route without a vps. Just connect your Server and phone.

    If you want it to be public, then I'd still use tailscale and do it like the other comment suggested.

    Reverse Proxy on vps connected to tailscale, proxzies the traffic through the tailnet to your server. That's what I'm doing btw.

  • Ich🎉🎂🎉iel

    Jump

  • Alles gute!🔥

    Danke für 🥗🍵, sehr lecker.

  • HTTPS on homelab (just locally)

    Jump

  • how to set up jellyfin with podman and selinux and an intel gpu (a380) for transcoding?

    Jump

  • Secure portal between Internet and internal services

    Jump

  • But does this matter if you just want this to be locally accessible and you're running your own dns?

  • Secure portal between Internet and internal services

    Jump

  • You need a wildcard cert for ypur subdoman:

     
        
*.legal.example.com

    Then point that record to 127.0.0.0. This will not resolve for anyone. But you'll have an internal dns enty (useig pihole/adguard/unbound) that redirects to your reverse proxy.

    You could also point to your revers proxy internal address instead of 127.0.0.0.

    This video could help you: https://www.youtube.com/watch?v=qlcVx-k-02E

  • Deleted

    Permanently Deleted

    Jump

  • How do you guys handle reverse proxies in rootless containers?

    Jump

  • Yes... That is also my understanding.

  • How do you guys handle reverse proxies in rootless containers?

    Jump

  • I do. If you run caddy with network_mode: hostor better with network_mode: "slirp4netns:port_handler=slirp4netns" it should work.

    also adding:

     
        
cap_add:
      - net_admin
      - net_raw

  • How do you guys handle reverse proxies in rootless containers?

    Jump

  • Podman + Caddy does it for me.

    You need to adjust the "minimum" port a user can bind. Podman tells you how to do it (or a quick google search).

  • Podman rootless Jellyfin/Plex container with hardware acceleration

    Jump

  • I played with this problem too. In my case I wanted a zigbee usb to be passed through. I'm not sure if this procedure works with gpu though...

    This was also needed to make it work: https://www.zigbee2mqtt.io/guide/installation/20_zigbee2mqtt-fails-to-start.html#method-1-give-your-user-permissions-on-every-reboot

     
        
devices:
      # Make sure this matched your adapter location
      - "/dev/ttyUSB.zigbee-usb:/dev/ttyACM0:rwm"

    Also I passed my gpu to immich. But not 100% sure it is working. I've added my user to the render group and passed the gpu like the usb zigbee stick:

     
        
devices:
      - "/dev/dri:/dev/dri:rwm"  # If using Intel QuickSync

    The immich image main user is root if imI remember correctly and all permissions that my podman user 1000 has are granted to the root user inside the container (at least this is how I understand it...)

    For testing I used this: https://www.zigbee2mqtt.io/guide/installation/20_zigbee2mqtt-fails-to-start.html#verify-that-the-user-you-run-zigbee2mqtt-as-has-write-access-to-the-port It should be working with gpu too.

    I can test stuff later on my server, if you need more help!

    Hope this all makes sense 😅 please correct me if anything is wrong!

  • Too many issues with Lychee. Any alternative ?

    Jump

  • I'm sorry to hear that. But the dev points that out very clear on the docs etc.

    From what we self hosters are used to, this does not happen often, but it can.

    Hope you can recover!

  • Too many issues with Lychee. Any alternative ?

    Jump

  • Immich is very cool. Be carefull to read every release note and do not auto update. There are can be breaking changes! In total im happy with immich!

  • Best firefox build for android?

    Jump

  • You can take a look at FFUpdater on F-Droid. There you can see different browsers for android and information about the features they have.

    I'm useing mull.

  • Ente - Open sourcing our server

    Jump

  • I understand this, but that way you always read the update notes and you control what version you install. This can be a good practice.

    That stuff breaks is not so nice though.