glizzyguzzler @ glizzyguzzler @lemmy.blahaj.zone

Posts

223

Comments

510

Joined

2 yr. ago

So you're saying you dump on a sched to a

<place>

Holy shot thanks for droppin this spell, that's awesome

That’s wild and cool - don’t have that architecture now but… next time

Love the detail, thanks!!

As far as I know (unless smarter people know), you need a “long ass backup script” to make your own fun on a set schedule. Autorestic and borgmatic are smooth but don’t seem to have the granularity to deal with it. (Unless smarter people know how to make them do, which I may be fishing for lol)

That’s ok for a database that’s running?

Do you use a ZFS backup manager?

Ah gotchya, well docker compose plus the image is pretty necessary for me to easily manage big ass/complicated database-based storage services like paperless or Immich - so I’m locked in!

And I’d still have to specially handle the database for backup even if it wasn’t in a container…

;.; I don’t know what this means

(Took me a bit to get to comp to make this one, but no one escapes the long arm of the love - not even the Grey Fox!)

Yea I likely don’t have a full understanding, just getting into this and all. That’s why I decided a hard req was to force the images to run in a non-root context. (I did succeed, prolly)

But the macvlan does have its own IP with the associated ports free and that will let the adguard home image bind 53 while the host can squat on it with dns listener stub or whatever the fuck it does by default. The macvlans is a recommended thing by the Docker adguard home guides to bypass the host or other processes already binding 53, I didn’t cook it up myself.

Anyway, this is the first I’m hearing of traffic or caddy in this context - googling those is not ez pz so it’ll take me a bit to know what you’re implying I should do!

Edit: I’m not gonna understand traffic or caddy beyond the surface level, the main pages are enterprise-focused so I’m not sure how they apply. I’ll have to wait to run into an organic use case (with wordy guide) to truly understand them, I think. (Other than traffic could redirect but it’s called a reverse proxy but I think, at least in this context, that’s a fancy word for redirect. So use it somehow instead of forwarding specific ports?)

Oo adorb

Thank you for the in-depth explanation!! I’ll keep this in mind as I try to club my way through podman!

I have tried pre-making the network in podman directly beforehand, but because I want a second docker image binding to port 53 I was under the impression that I had to use macvlans

Huh you’d think macvlans would have an error telling me to kick rocks for trying to use it in a rootless state. I guess that’s why it can’t see anything?

Weird though, like why can’t I make the macvlans network interface as root and then let rootless containers connect to it? If I sudo make the macvlans network thing it lives in the sudo podman zone. Hm

Love the idea, but theoretically with this “macvlan” it will have its own IP address and thus have free reign of all of its ports and not have any conflicts

I’ve made it so the host OS doesn’t require root, are you saying I’d need to make the image also do that?

I see, I’ll check that out and also check out how to ascertain that lol

Does that “similar security” still count if the image is hacked? Since the capability for “real” root is there.

Praise be! And it’s cool af you grew up in Crete; quite jealous. I’d bear them breasts if it was my heritage! (My heritage is scrapple, it’s not quite as sexy - and definitely more greasy)