My process for project identification has been:

1. Be annoyed at ads/payment structure/whatever in some app or service
2. Search https://alternativeto.net/ for alternatives to the thing I’m annoyed with (filtering by Open Source and my devices)
3. Try out 1-2 of the top alternatives
4. Settle on what service I want to run
5. Install, route the subdomain, etc. if necessary (otherwise just access via my tailnet)

As for how to deploy, docker / podman are great! With podman I’d recommend looking into their systemd integrations too. Incus is a neat LXC option too, meant more for longer term services (less micro service focused, good and bad).

Hope this helps!

I’m sure the teacher of the high school debate team you’re on would be very proud ❤️

ooh getting aggressive now are we?

I owe nothing to you. Enjoy your time being a sad person trying to bring others down on the internet :) I hope this little outlet makes you feel better

Sure, buy an inverter and burn up 10% of your energy in the conversion if you’re lucky. That inverter will cost roughly as much as the contents of a standard fridge + freezer, by the way :)

At that point just buy a well insulated cooler and always have some ice on hand. It’ll last much longer.

Congratulations, this is the worst attempt at ridicule I’ve ever seen

Now I don’t know enough about electronics to know how wrong this is

Very, assuming the refrigerator in question typically runs on a typical power grid you’d find in the US or Europe (source: am electrical engineer)

Mainly because most compressors I’m aware of use alternating current (AC) motors, or at a minimum accept AC power. Batteries alone produce direct current (DC). The simplest way to make this work would involve an inverter (converts DC to AC). Cheap ones probably have at least a 10% conversion loss, so you’re looking at an hour or two at most.

Edit: should also mention that discharging a typical lead-acid battery until it’s all the way flat (realistically below ~11V) does irreparable damage. Might be cheaper to replace the contents of your fridge :)

deleted by creator

Real men use Incus NixOS containers for reproducible builds instead of wimpy dockerfiles 😤😤

/s – for real though, I hope someday you finally remove the stick from where the sun doesn’t shine ;)

What no love for Incus round these parts?

I see a lot of love for proxmox in this thread.

Word of warning from my experience, sometimes PfSense seems to get confused with virtual interfaces. It works flawlessly once it’s up and running, but every time I reboot I have to assign interfaces. It will hang until I do so and will not completely come back online until I manually intervene.

Oh cool! I didn’t realize pandoc was extensible enough to deal with this kind of conversion. I’ll give it a look!

With the rise of these .md based personal knowledge database applications it would be amazing to see some conversion software.

I understand that each has their special sauce. Does anyone know what would be the most difficult part about building a tool like that to copy in Logseq data to SB for example?

Right!! Just like anything there’s a trade-off.

Glad you phrased the well-intentioned (and fair) critique in a kind way! I love it when there’s good discourse around these topics

You make a great point. I really shouldn’t contribute to the boogeyman-ification of port forwarding.

I certainly agree there is nothing inherently wrong or dangerous with port forwarding in and of itself. It’s like saying a hammer is bad. Not true in the slightest! A newbie swinging it around like there’s no tomorrow might smack their fingers a few times, but that’s no fault of hammer :)

Port forwarding is a tool, and is great/necessary for many jobs. For my use case I love that Wireguard offers a great alternative that: completes my goal, forces the use of keys, and makes it easy to do so.

Couldn’t agree more! Tailscale also lets you use Mullvad (up to 5 devices per Mullvad account, across all clients) as an exit node.

I’ll assume you mean what I mean when I say I want to be safe with my self hosting – that is, “safe” but also easily accessible enough that my friends/family don’t balk the first time they try to log in or reset their password. There are all kinds of strategies you can use to protect your data, but I’ll cover the few that I find to be reasonable.

1. Port Forwarding – as someone mentioned already, port forwarding raw internet traffic to a server is probably a bad idea based on the information given. Especially since it isn’t strictly necessary.

2. Consumer Grade Tunnel Services – I’m sure there are others, but cloudflare tunnels can be a safer option of exposing a service to the public internet.

3. Personal VPN (my pick) – if your number of users is small, it may be easiest to set up a private VPN. This has the added benefit of making things like PiHole available to all of your devices wherever you go. Popular options include Tailscale (easiest, but relies on trusting Tailscale) or Wireguard/OpenVPN (bare bones with excellent documentation). I think there are similar options to tailscale through NordVPN (and probably others), where it “magically” handles connecting your devices but then you face a ~5 device limit.

With Wireguard or OpenVPN you may ask: “How do I do that without opening a port? You just said that was a bad idea!” Well, the best way that I have come up with is to use a VPS (providers include Digital Ocean, Linode to name a few) where you typically get a public IP address for free (as in free beer). You still have a public port open in your virtual private network, but it’s an acceptable risk (in my mind, for my threat model) given it’s on a machine that you don’t own or care about. You can wipe that VPS machine any time you want, the cost is time.

It’s all a trade-off. You can go to much further lengths than I’ve described here to be “safer” but this is the threshold that I’ve found to be easy and Good Enough for Me™.

If I were starting over I would start with Tailscale and work up from there. There are many many good options and only you can decide which one is best for your situation!

Right? TPUs make more sense at scale (especially for LLMs & similar). The consumer market is more about hype and being a household name than it is about revenue.

Couldn’t agree more! Abstracting to a general economic case – those hundreds of dollars are a double digit percentage of the overall cost! Double digit % cost increase for single digit % performance doesn’t quite add up @nvidia :)

Especially with Google going with TPUs for their AI monstrosities it makes less and less sense at large scale for a consumers to pay the Nvidia tax just for CUDA compatibility. Especially with the entrance of things like SYCL that help programmers avoid vendor lock.

Ah! I think I see the confusion.

# /etc/subuid
privatenoob:100000:65536

This denotes the range of subuids that are available to your user.

-u 100000:65536

This part specifies two things ([UID]:[GID]) even though it’s the same syntax as the earlier part that specifies one range :)

I suspect what you will want to do is use the following:

# change ownership of the directory to the UID:GID that matches something in your subuid:subgid range, in this case 10000:10000
podman unshare chown -R 100000:10000 /home/privatenoob/media/storage1/Filmek/

Then we can specify that the user in the container can match the user (UID) we specified above:

ExecStart=podman run --name=radarr -u 10000:10000 -p 7878:7878 -v radarr-config:/config -v /home/privatenoob/media/storage1/Filmek:/data --restart unless-stopped lscr.io/linuxserver/radarr:latest

As a note, if you copy/pasted that ExecStart line, you might have gotten the invalid argument error because you entered 100000 (outside of your subuid range, i.e. >65536) instead of 10000.

There’s a nice guide that gives a great walkthrough. I’ll dig through my bookmarks and add it here when I get some time.

Hope this helps!

There are a few ways around it. The simplest is to add the --privileged option.

The more secure method with podman is by specifying a user (ex -u 10001:10001) from your extended subuid:subgid range after your full and proper setup of rootless podman :-)

Then instead of chown you’ll want to use the oddly named podman unshare tool to automatically set the permissions of the host directory. You would then want to start your service with systemctl --user instead of sudo systemctl