Conduit is in no way compact either. I tuned its caches because two gigs of ram seemed ridiculous for a single-user instance but I only got the mobile client sync lag as a result.
I think the point here is moving away from long-lived ssh keys and using whatever IdP you have (enterprise cloud or local oidc) to provide short-term ssh keys. It generally improves the security posture as it's similar to ssh with certs but less painful to set up.
This is the best answer. Your router protects you from the outside, but a local firewall can protect you from someone prodding your lan from a hacked camera or some other IoT device. By having a firewall locally you just minimize the attack surface further.
Unfortunately, matrix doesn’t have a viable plan for federation, meaning that you'd better onboard on matrix.org or else.
People saying self-hosting mastodon is hard never had to touch matrix. It's not hard, the protocol is literally broken to the point where starting again is not an option.
I’m all in for ditching discord, but matrix is at most mediocre in almost every aspect. It's wild how much easier it used to be with xmpp.
Jellyfin looks pretty bad on an iPad. Subtitles setting keep getting reset on their own, it doesn’t understand basic keyboard controls (spacebar to pause), the UI is overall tiny. Oftentimes it will forget to save the spot where I finished watching and on the next launch will happily play the movie from beginning.
Matrix is spectacularly cursed to the point of being unusable if you self-host it. The protocol is dumb enough to lock you out of rooms hosted on another server forever if anything goes wrong with the key rotation.
I just made a mirror out of two NVMes―they got cheap enough not to bother too much with the loss of capacity. Of course, that limits what I can put there, so I use a bit of a tiered storage between my NVMe and HDD pools.
Just think in terms of data loss: are you going to be ok if you lost the data between backups? If the answer is yes, one NVMe is enough.
You don’t need -it because you don’t run an interactive session in docker. It might be failing because you ask for a pseudoterminal in an environment where it doesn’t make sense.
Seq is expecting structured logs which yours aren’t. So you want to either convert your app's logs into a structured format (which is generally hard for a random third-party application) or use a log collector that's fine with non-structured logs (e.g. Loki+grafana don’t care about the shape is your logs and you can format the output while querying).
There were quite a few games using the same formula (and improving on it), to the point where I feel Desperados would be my favorite in that genre, not Commandos itself.
I still remember having to reparation my drive and reinstall windows, upgrading from fat16, because commandos wouldn’t fit on either partition.
I have a dedicated vm for things that are crucial to the home network, either latency-critical or network related.
That'd be my dns resolver (I enforce it over VLANs by hijacking anyone trying to do DNS to other resolvers, like random IoT devices), homebridge for less important home automaton and my own matter controller for most important home automaton (controlling the lights).
My router of choice is RouterOS in another VM. I tried opnsense, pfsense, vyatta, and a bunch of others (even a containerized Cisco route), and I settled on ROS, because it was the only one who could do IPv6 properly (apart from Cisco, but that has other issues).
For the less important things I run them on k8s and really, there are only two bits worth mentioning as essential: ArgoCD and nixhelm. Together, they provide effortless and mostly automated software updates with very easy rollbacks. I don’t have to go and manually update every single bit of software and that saves huge amounts of time.
I wonder if NixOS is a vacuum coffee maker for how confusing nix looks when you see it for the first time or instant coffee for how reproducible it is...
Voyager pulls /.well-known/nodeinfo now, if you don’t proxy that to your backend (I didn’t), it will fail.