vojel @ vojel @feddit.de

Posts

2

Comments

69

Joined

2 yr. ago

I don’t but lots of people stick anyways to a single network with some kind of crappy router and from OPs post I assumed that OP doesn’t really care about security, see SELinux

SELinux should not be an issue if you stick to common directories and use :Z flag after the mount path with docker, afaik podman uses the same mechanism. There’s even a tool for selinux container policies: https://github.com/containers/udica

Regarding firewall stuff, disable it on your machine and you are fine. Port forwarding in containers is necessary to connect to services, now way around.

Ah and read this: https://stopdisablingselinux.com/

It has a reason why it exists.

Yes this works with powerlevel10k theme for oh my zsh.

I got different colors for Kubernetes clusters. Like green for testing cluster, yellow for development and red for production. Always taking a Quick Look before I do something

Only thing I miss is proper support for some services I use. Minikube is afaik still a pain with podman, at least rootless. Gitlab runner still doesn’t support podman completely imho. But a plus to docker is that they still build packages for EL 7 while the podman version in EL 7 is pretty damn old. Besides from that I went podman all the way.

Postfix! I worked at an E-commerce company that sent newsletters(spam) through shitty Windows SMTP servers. Looking for speed and some other neat things (DKIM and modify headers) I setup postfix on Debian and I guess this system is still running. Quickly after that I explored NGINX as a reverse proxy for yet again shitty Windows IIS webservers. This was my entry to open source and Linux in general.

Ah I see, ragica is right. krunner bin is part of plasma-workspace, kinda misleading that there's an own package.

    
paru -Fy krunner                                                                                             
:: Synchronizing package databases...
 core                                          1014.4 KiB   956 KiB/s 00:01 [-------------------------------------------] 100%
 extra                                           38.2 MiB  1133 KiB/s 00:34 [-------------------------------------------] 100%
 multilib                                       215.2 KiB   391 KiB/s 00:01 [-------------------------------------------] 100%
extra/plasma-workspace 5.27.7-2 (plasma)
    usr/bin/krunner

  

I dont't see plasma-workspace as a dependecy. Output from paru:

    
paru -S krunner                                                                                      ✔  41s   
resolving dependencies...
looking for conflicting packages...

Packages (41) kactivities-5.109.0-1  kauth-5.109.0-1  kbookmarks-5.109.0-1  kcodecs-5.109.0-1  kcompletion-5.109.0-1
              kconfig-5.109.0-1  kconfigwidgets-5.109.0-1  kcoreaddons-5.109.0-1  kcrash-5.109.0-1  kdbusaddons-5.109.0-1
              kdeclarative-5.109.0-1  kded-5.109.0-1  kglobalaccel-5.109.0-1  kguiaddons-5.109.0-1  ki18n-5.109.0-1
              kiconthemes-5.109.0-1  kio-5.109.0-2  kirigami2-5.109.0-1  kitemviews-5.109.0-1  kjobwidgets-5.109.0-1
              knotifications-5.109.0-1  kpackage-5.109.0-1  kservice-5.109.0-1  ktextwidgets-5.109.0-1  kwallet-5.109.0-1
              kwayland-5.109.0-1  kwidgetsaddons-5.109.0-1  kwindowsystem-5.109.0-1  kxmlgui-5.109.0-1
              libdbusmenu-qt5-0.9.3+16.04.20160218-6  media-player-info-24-2  plasma-framework-5.109.0-1
              polkit-qt5-0.114.0-1  qca-qt5-2.3.7-1  qt5-multimedia-5.15.10+kde+r3-1  qt5-speech-5.15.10+kde+r1-1
              qt5-wayland-5.15.10+kde+r57-1  solid-5.109.0-1  sonnet-5.109.0-1  threadweaver-5.109.0-1  krunner-5.109.0-1

Total Download Size:    41.58 MiB
Total Installed Size:  133.02 MiB

  

This is still alot for one tool, but as far as I can see it will not install the whole plasma desktop again. I am running GNOME, so not sure if GNOME already brings some dependencies not mentioned in my output.

Did you try a simple pacman -S krunner?

Surprised that nobody yelled Proton yet? Lots of Windows games running pretty good, some close to native, some even better on Linux through Proton. But here is the thing you mentioned which could be a problem: anti cheat. It works on Linux but depends on the developer to enable it. Some major games simply does not support it. You can check them here: https://areweanticheatyet.com/ , for general compability check https://protondb.com , even non Steam games can run through Lutris with little to no hassle. Proxmox with GPU passthrough seems like a big clunky overhead in terms of gaming but maybe you got that game that will never run on Linux.

Maybe it is too late because of your filesystem choice but btrfs snapshots delievers enough security if something goes wrong. Rsync seems like a little bit overhead for updating only There is even a pacman hook that makes pre and post snapshots of your filesystem with snapper. Tldr: most of your steps can be automated with pacman hooks. But if you like it this way its fine

Thanks for clarification. I think I heard about Trisquel but to be tbh most Linux beginners do not surf the FSF website at first, they just google stuff and find a ton of blogs and articles and dive into the pretty standard distros like Mint and Ubuntu.

Oh it is not that much, I run adguard DNS with adblocking, searxng as my search engine, vaultwarden as my password manager. All combined with Argo CD as GitOps engine, nginx ingress with cert-manager for lets encrypt certificates, longhorn as storage layer and metallb as loadbalancer solution. I am planning to completely replace my current setup (which is an old sandy bridge powered HP microserver) with a turing pi 2 clusterboard with 4 RPi4 CMs as soon as they get cheaper.

I run k3s and all my stuff runs in it no need to deal with docker anymore.

I never heard of this distros lol. I think distrochooser is a tool for newbies. If you know your mentioned distros it is not the tool for you I guess.

You got a point with NVD but this case shows how one could damage the reputation of a product - this really looks like Bagder didnt care about security, even the 2020 prefix is a bad sign looking from the outside. I am not sure how the NVD define CVE scores but as bagder openly explains this isnt a flaw in security, just a bug he already fixed years ago.

I wont spoiler you if you didnt play RDR2 yet

Arthur Morgan voice (while running through Proton): Thank you.

This looks awesome. Maybe I will adapt some things to my Arch install. This Distrobox thing looks great.