Shimitar @ Shimitar @feddit.it

Me

---

Read more

Posts

35

Comments

563

Joined

2 yr. ago

Here https://wiki.gardiol.org/doku.php?id=router:ssh_tunnel

I put my 2.5 ssds with adapters into 3.5 bays

Using USB3 / USBC external storage for years.

Buy a good, non cheap, USB jbod or raid enclosure and put SSDs in it!

I have a 4 bay USB3 jbod plus a 2 bay USB-C box, inside the disks are all RAID.

Indeed internal disks / ssds / nvme are better, but consider that speed wise even USB3 is faster than any WiFi.

Just don't but they cheap and use good cables. And if you use spinning disks, ensure they stay cool.

Yes it counts indeed... But in that case the service is down while its migrated so the fact the database is also down does it count?

I mean, it's a self hosted home service, not your bank ATM network...

Absolutely! If that feels easier and more consistent go ahead and use the container.

But its really one single executable with zero dependencies. Manual setup is really as fast as podman pull & up -d.

Yes exactly, you can switch as fast as your DNS entry gets updated and you have zero dependency to a specific provider.

No, I mean, do host on your own hardware then rent a vps and use it as public IP by ssh-tunneling and forward ports 80/443 back to your own hardware.

The idea is: https://wiki.gardiol.org/doku.php?id=selfhost:architecture

I have rented a cheap vps and use ssh encrypted port fotwarding to it instead of cloudflare. Its an option in alternative.

Why would that have blocked all my databases at once? That would affect the same database I was migrating, not the others.

I fully agree with you that devs should not release debs&rpms&etc, that's distro responsibility to create and manage from the binaries that the devs should release. No Dev should have to create those distro-bases formats, it's evil and useless.

Let me be more clear: devs are not required to release binaries at all. Bit they should, if they want their work to be widely used. And in this case, providing also a binary release alongside images solves all freedom of choice issues in my opinion. Here you show me my lack of preparedness as I didn't considered docker files as actual build instructions, I will do in the future.

I also fully agree with you that curl+pipe+bash random stuff should be banned as awful practice and that is much worse than containers in general. But posting instructions on forums and websites is not per se dangerous or a bad practice. Following them blindly is, but there is still people not wearing seatbelts in cars or helmets on bikes, so..

I was not single containers out, I was replying to a post about containers. If you read my wiki, every time a curl/pipe/bash approach is proposed, I decompose it and suggest against doing that.

Chmod 777 should be banned in any case, but that steams from containers usage (due to wrongly built images) more than anything else, so I guess you are biting your own cookie here.

Having docker files and composer file is perfectly acceptable. What is not acceptable is having only those and no binary releases. Usually sources are available (in FOSS apps at least) but that can be useless if there are no building instructions provided or the app uses some less common build stack.

On Immich, which is a perfect example of an amazing piece of software fast growing and very polished, I did try to build from sources but I couldn't manage the ML part properly. This is indeed due to my lack of experience with the peculiar stack they are using, but some build instructions would have been appreciated greatly (now I realize I should have started from the docker files). I gave up and pulled the images. No harm done, but little extra fun for me, and while I do understand the devs position, they too keep talking about making a living out of it and that's a totally different point to discuss on a different thread. I would suggest them that public relations and user support is more important than actually releasing an amazing product for making a living out of it. But that's just my real world experience as product manager.

In a world where containers are the only proposed solution, I believe something will be taken from us all. Somebody else explained that concept better then me in this thread. That's all.

Why?

Radicale is a single executable, do you really need docker to set it up?

Basically takes the same time to set it up and run on bare metal...

Sometimes feels like docker is getting out of hand.

Now that you have an UPS, put reminders on changing the batteries. My experience with both high end professional units and low cost home units is that batteries last two years more or less and can be expensive to replace.

Having an ups is great, having it fail unexpectedly because the battery packs go from 100% to 1% instantaneously as soon as a load is applied, not so much

I might have been unlucky, but I had mine fail always at the worst possible moment and without the slightest warning.

My current solution is a laptop (but look out for bulging batteries!) And ups backed USB (not cheapo ones!) Jbod or raid enclosures. In this cas e a 50€ battery pack is enough for a brief power outage.

My database instances downtime is only when the server itself is rebooting. Never had a single downtime in 20+ years beside that.

This is one of the annoying issues with docker, or better, on how docker is abused in production.

The single instance/multiple databases is the correct way to go, docker approach mess up with that.

Rewriting docker files is always a possibility but honestly defies the reason why docker is used by self hosters.

Also beware that some devs will shunt you out of support if you do, specially the apps that ships docker files by default.

Go bare metal if possible, that way you have full control. Do docker for testing up stuff quickly and be flexible at cost of accepting how stuff is packaged by upstream

Two or more ssds, the biggest you can afford, on a j-bod USB3 or USB-C enclosure. Raid them together on Linux software raid. As hardware, I use a power horse laptop, its more practical, but I had it spare. Buy a nice compromise between CPU power and power comsumpion, that depends on your feelings.

And use Gentoo :)

I have documented most of my steps here https://wiki.gardiol.org

Immich is awesome but has flaws. My workflow has improved with syncthing instead.

Main flaw of immich is being container's deployable only which hurts for various reasons, and devs priority are different from mine (that's unacceptable/irony).

Jokes aside, immich is the best app out there to replace google photos.

But immich require containers and some basic features like sub-path support and in general folder/albums recognition is not there and not really planned clearly for the future.

There is a lot of truth in your words.

Unfortunately, things will not change.

At least let's use podman and I will keep fighting for containers being at least optional.

Here goes my experience.

When I started the self hosted trip, I was against containers and tried to avoid them at all costs. Then I learned about containers, and now I still am against containers but less vividly so. I have used them and still use them.

Containers are good for the self hoster because they deliver fast deploy and easy testing of lots of services quickly. They are good for developers because they can provide one common installation approach that reduces greatly user issues and support requests.

But containers also have downsides as well. First of all they make the user dumber. Instead of learning something new, you blindly "compose pull & up" your way. Easy, but it's dumbifier and that's not a good thing. Second, there is a dangerous trend where projects only release containers, and that's bad for freedom of choice (bare metal install, as complex as it might be, need to always be possible) and while I am aware that you can download an image and extract the files inside, that's more an hack than a solution. Third, with containers you are forced to use whatever deployment the devs have chosen for you. Maybe I don't want 10 postgres instances one for each service, or maybe I already have my nginx reverse proxy or so. I have seen projects release different composer files for different scenarios, but at that point I would prefer to deploy on bare metal.

Said so, containers are not avoidable today, so study and embrace them, you will not be disappointed as its a cool piece of tech. But please stay clear of docker and go podman instead. Podman doesn't rely on a potentially insecure socket and does not require an always running daemon. Podman also by default doesn't force you to run services as root which you should never do. Also, networking feels clearer on podman and podman feels more .modern by using nft instead of iptables. Yes most of this can be fixed on docker, but since podman is a drop in replacement, why bother? Also, podman is truly open source while docker, shockingly, its not.

Here is my wiki page on the subject: https://wiki.gardiol.org/doku.php?id=gentoo:containers feel free to read it.

One last thought: updating containers should not be taken lightly. Its so easy and fast that you might be tempted to setup cron jobs or install watchtower, but you will end sooner or later with a broken service and lost data. So backup, always backup, and keep updating with rationale.

Tldr: containers are unavoidable today and are a cool piece of tech worth investigating. Don't blindly use them as there are security issues involved, and I hope the trend of making containers the only way doesn't take hold, because containers also make self hosters dumber and that's not good.

Atmosferic pressure doesn't change as much as air density with temperature, because its not a closed system.

Actually easier to ride faster in summertime due to less dense air in which the cycler will have to move trough...