Ansible is an automation tool to setup systems to a known desirable end state.
TBH, for a single device, it's overkill, but you seem like someone who keeps good notes and has some custom files to copy across.... you could convert your setup note into an Ansible file, and it will also copy over your custom config files.
For Ansible you define the desired outcome and it does "all" (kinda) the work for you... so... say you want Apache, MariaDB and PHP, it doesn't matter if half are installed already, or not, or their dependencies - you just say:
Do an update
Install packages:
A
B
C
Copy my config files over
Start the services
Relax
Yep, it'll take 10 times as long to get it working up front, but the day you want to duplicate it / start on a fresh Pi / VM, it's all there for you.
I use it to setup all my Pi Zeros thr same way (they're doing BLE presence detection) and for their regular updates
I've also got some VMs setup that way
But... I tried it on a laptop and as it's a single device I just ended up setting it up manually and now the ansible script is woefully out of date... just some balanced feedback.
Thanks. No need for the setup notes (but thanks for the kind offer), it was more about the experience, but I think you've already answered my question with less surface area (I do have 1 Pi that's internet facing for Radicale)
Have you looked at Ansible? That might also cover what you're trying to do.
If you're just looking for something to chew up CPU cycles and don't know what to host, consider something like BOINC where you're "self-hosting" (extremely loose term) scientific research, like cancer, new drugs, etc.
If they're sharing it with me, then sure, I'll add it to the folder for that party, holiday, event
Immich would scan it and faces are taken care of and if there's metadata in there, great, if not, dunno if I could be bothered to edit it... maybe date stamp if that was wildly off.
I commented elsewhere here, but E2E encryption is just between the server and the end user (ie a VPN)
You're thinking about encryption at rest, on the storage.
Immich would have to setup a whole new design to be able to store all the metadata on a per-user basis... but... you could have multiple Immich instances if you were to host it for your friends, but I think we're drifting into "why bother" now...
The scalability problem with FOSS is monetary and motivation.
The successful products need longterm financial security in order to plan and support their peoduct(s) - so, do we start seeing more subscriptions as corp. sponsorship fades away?
And, just like XKCD 2347, FOSS needs to step up and support the components they rely on
That's going to need some more maturity from the developers too: it's a great feeling doing something new and interesting, but - like having a pet - you can't just abandon something when you're bored of it, or too busy, without rehoming your project(s)...
That's where I see the industry needs to improve before they're really ready for the big time.
As far as mitigation is concerned, the only thing you need to do is to confirm that your system's sudo version is at least version 1.9.17p1 or later, which can be done with the command sudo -V. If your version is older than 1.9.17p1, update immediately.
Ah, Ok, yeah Arch on ARM is struggling at the moment
I have / had some Ras Pis on it, but they wrapped up .. Pi0? a while back, so had to look at Raspbian (or whatever it's called now)... I'd not considered Gentoo for them... hmmm
Not sure why you've been down voted - I think the fossify apps are really good.
I even contribute towards their app development