7-8k is fine. There are many towns in the U.S. at or above that elevation.

Yeah I posted my comment just before everything broke all over again lol. Got it working again but yeah always have to spend so much time fixing this shit thanks to Google.

It works, but requires a shit ton of time to constantly stay on top of fixing Play Integrity.

You can connect Jellyfin to an SSO provider. It still needs work, and client support is lacking. Ideally I think it maybe should be built in rather than a plug-in (would definitely encourage more client support). But it exists.

https://github.com/9p4/jellyfin-plugin-sso

Feature request for oidc/sso:

https://features.jellyfin.org/posts/230/support-for-oidc-oauth-sso

As it stands, you could enable both the SSO and LDAP plugins, and let users do password resets entirely through your auth provider.

Basically, this is all stuff that comes with Plex out-of-the-box, but you sort of have to glue it together yourself with Jellyfin, and it’s not yet in an ideal state. Plex is much much easier to configure. I wouldn’t allow yourself to believe that Plex doing all this for you will make you totally secure through – there’s been multiple incidents with their auth, and IIRC the LastPass attacker pivoted from a weak Plex install. Just food for thought.

https://github.com/VR-25/acc

Yes, what you’re saying is the idea, and why I went with this setup.

I am running raidz2 on all my arrays, so I can pull any 2 disks from an array and my data is still there.

Currently I have 3 arrays of 8 disks each, organized into a single pool.

You can set similar up with any raid system, but so far Truenas has been rock solid and intuitive to me. My gripes are mostly around the (long) journey to “just Docker” for services. The parts of the UI / system that deals with storage seems to have a high focus on reliability / durability.

Latest version of Truenas supports Docker as “apps” where you can input all config through the UI. I prefer editing the config as yaml, so the only “app” I installed is Dockge. It lets me add Docker compose stacks, so I edit the compose files and run everything through Dockge. Useful as most arrs have example Docker compose files.

For hardware I went with just an off-the-shelf desktop motherboard, and a case with 8 hot swap bays. I also have an HBA expansion card connected via PCI, with two additional 8 bay enclosures on the backplane. You can start with what you need now (just the single case/drive bays), and expand later (raidz expansion makes this easier, since it’s now possible to add disks to an existing array).

If I was going to start over, I might consider a proper rack with a disk tray enclosure.

You do want a good amount of RAM for zfs.

For boot, I recommend a mirror at least two of the cheapest SSD you can find each in an enclosure connected via USB. Boot doesn’t need to be that fast. Do not use thumb drives unless you’re fine with replacing them every few months.

For docker services, I recommend a mirror of two reasonable size SSDs. Jellyfin/Plex in particular benefit from an SSD for loading metadata. And back up the entire services partition (dataset) to your pool regularly. If you don’t splurge for a mirror, at least do the backups. (Can you tell who previously had the single SSD running all of his services fail on him?)

For torrents I am considering a cache SSD that will simply exist for incoming, incomplete torrents. They will get moved to the pool upon completion. This reduces fragmentation in the pool, since ZFS cannot defragment. Currently I’m using the services mirror SSDs for that purpose. This is really a long-term concern. I’ve run my pool for almost 10 years now, and most of the time wrote incomplete torrents directly to the pool. Performance still seems fine.

Now that Truenas Scale supports just plain Docker (and it’s running on Debian) I think it’s a great option for an all-in-one media box. I’ve had my complaints with Truenas over the years, but it’s done a really great job at preventing me from shooting myself in the foot when it comes to my data.

I believe raidz expansion is also now in stable (though still better to do a bit of planning for your pool before pulling the trigger).

I really enjoyed all 4 seasons.

It’s very character driven, which I know isn’t everyone’s cup of tea. I enjoyed seeing characters grow and change through the seasons and loved the way the show moved through different eras of technology.

Even with a free forum host, it’s difficult to keep things running for a long time.

Awhile back I was unsatisfied with how quickly my (new) furniture was degrading, and found a furniture forum run by a guy in the biz. So much knowledge on there about different furniture and how to actually find quality stuff that will last decades.

The owner retired this week, and he had been paying for an IT contract to do basic maintenance / upgrades on the forum (I think he started on a free host, but as it got bigger he eventually had to move it). He needed IT help basically to apply security patches and do upgrades. He’s stated that he no longer plans to pay for the maintenance contract. I’m guessing the forum will disappear soon.

Extension library for Tachiyomi forks. No idea if it works with Aniyomi.

https://github.com/keiyoushi/extensions

At least they didn’t hit keiyoushi.

LineageOS has been doing this for a year or so already.

Just going to address your first paragraph: I sincerely doubt that the devs are receiving money from a fascist government. I simply don’t think Lemmy is big enough yet to be on the radar of e.g., the Chinese government. Yes, maybe there are some Wumaos on here. My understanding is they get better training and autonomy these days, so it’s certainly possible. But most of the comments look more homegrown. I just doubt the Chinese government (or any similar government) would care to the point of trying to pay off devs, and it’s not their MO anyways.

The sad part is that this situation was entirely predictable a year ago.

The Lemmy devs (who also run lemmy.ml) made no secret of who they are and what they believe. Especially dessalines.

I do think they have made a very good piece of software. And I think we’re better off here than on Reddit. At least it is more difficult for one asshole to ruin everything. We have tools to block people and instances, so it doesn’t matter as much even if they’re in charge.

I worry that if lemmy.ml continues to be run the way that it is, then it will bleed over into the software side, and we would be forced to fork Lemmy. So far though, despite running lemmy.ml like assholes, the actual development seems fine – not too different from any other open source project (I only remember that one issue where dessalines completely failed to understand why a user would want to block an instance).

The irony is that, despite creating a tool with what seems like very socialist principles (it gives users & communities a lot of power, and doesn’t centralize that power with one person), those principles are often lost on the devs in favor of authoritarianism. Hence the term: “tankie”.

AUR tends to work really well for me. There are binary packages for almost every software that I use. Things do go wrong occasionally, but when they do it’s almost always solvable. AUR packages are just scripts, so you can go and fix the problem yourself and then tell the maintainer how you did it.

Yeah I got permabanned too.

I still post there occasionally. I made 4 new Reddit accounts from behind 7 proxies, but they all got banned due to browser fingerprinting. But I wised up and now the 5th one’s still not banned even though I access it from my home IP. I really try my best not to give such a hostile company more content, but there’s still a few local subs and specific content that isn’t big enough yet on Lemmy.

VPN drains my phone battery like crazy, plus eventually I’d like to be able to share my services with some less technical people, and want to keep the barrier to entry low for them, so I’ve been looking at what I’d want in order to be comfortable exposing services publicly.

Services are running on Truenas Scale (k3s).

What I’ve been thinking is:

1. Isolate services’ network access to each other and to my local network.
2. Reverse proxy in front of all services (probably Caddy)
3. Coraza as a WAF
4. Crowdsec Caddy module
5. Some sort of auth layer in the proxy, like oauth2-proxy (kind of tricky because not every service would work well with this, especially without client support). Probably would start with a 3rd party identity provider rather than rolling my own, especially since 3rd party will probably do a lot more monitoring around logins, patterns, etc.

Thinking of hosting the reverse proxy piece on a VPS. Probably not completely necessary because I don’t think hiding my home IP really buys me much security, but Caddy might be easier to configure on the VPS compared to Truenas (though I guess I could run it in a VM on Truenas).

Each app could run a wireguard sidecar to connect it to the VPS.

Curious what others think about this setup, or if the recommendation is still to keep things behind a VPN.

Wow, I was wondering why those were 404ing, saw the repo was deleted and a new one was just created, and saw this post from 15mins ago:

https://old.reddit.com/r/Tachiyomi/comments/192157x/2024_there_is_the_end/

TLDR: they purging all extensions.

They were too busy getting shit to just work.

I’ve been using zsh with oh-my-zsh for almost a decade, but sounds like I might want to try Fish + Starship.