I guess C-suite of United healthcare knew that people bleed…

I guess I will try with a k3s on my workstation, but for a single NAS, I am not sure any kubernetes distribution is useful for now :)

What kind of annoying things are you dealing with?

Troubleshooting with a machinectl session, switching between services, backing up… It is small annoyances but if I can avoid them i’d like it.

You don’t have to put the user home in /var/lib either if that helps at all.

I half regret doing it.

If you’re already running rootless, I’d keep doing that unless there’s a really good reason not to.

The plan is about switching to a single user, I will stick to rootless podman this is for sure. It is more about dedicated users or a single one.

I guess I should define my threat model first. Your answer pulls me towards a single user though

I am already running rootless podman. My question is more about dedicated service users vs single user to run everything, still in rootless podman. I like podman and its integration with systemd to manage the life cycle of the container compared to docker.

I don’t think so. Our gendarmerie is running a Linux distro since 10ish years, but the National Police is planning to change all the computers for windows 11. They are doing almost the same thing but there is a painful difference in Microsoft’s ass licking

Saddly, Macron is fucking everyone and helping far right to grow. Also, look for nestlé and Élysée. They are fucking corrupt too

I am no dev of lemmy, but traditionally, to connect remotely to a computer it was user@computer.name. The mail addresses simply use this pattern. It’s nice for Lemmy to use it, and I’d say ot would have been nicer for matrix to use it (not that I really care)

I guess sending tar bombs can be fun

Can’t even respect their own anthem

I really need to make my write-up about my nextcloud install. It feature :

• nextcloud fpm
• postgresql
• nginx
• redis
• elastic search for full text search (still needs a bit of work¹)
• notify_push
• collabora (still needs a bit of work ¹)

All of it running in rootless podman pod with a dedicated user for the stack. It is all with podman units, and a systemd timer for nextcloud’s cronjobs.

¹ means that there is trouble with usermapping. Instead of having my user properly mapped inside the container to run the apps, they use a dedicated one and I dont know hot to correct it and I have been a bit lazy to change it.

I totally disagree with the quote from hackernews. Having the option to use sqlite is nice to test it, but going with postgresql or mariadb allows you to have better performance if you use rdbms. Also, packaging with containers allows to have one standardized image for support if some third party packaging (from a distro repo) is bugging to test it further. To me, a good gui really depends on what service is provided. For kanidm (IAM), I don’t care this much of a web admin panel, the cli is really intuitive and if you need some graph views of your users, you can generate some diagram files. Considering OIDC/LDAP, I’d rather have OIDC implemented for two reasons : I can point my users to the (really minimalist) kanidm ui where they have a button for each app allowed. Also, the login informations are only stored in kanidm, no spreading of login password.

I saw a comment about not needing to rely on many third services but I partly disagree with it. Using nextcloud as a mixed example, using elastic search for full text search is better than reimplementing it, but the notify_push should not be as separated as it is (it is here because I understood, apache-php and websockets does not mix well).

All in all, the main criterias for me are :

• SSO with OIDC, but ldap is good enough
• Good documentation
• easy deployment to test, prod deployment can be more advanced
• Not reimplement the weel eg if you need full text search, meilisearch or elastic can do it better than you will, so don’t try to much (a simple grep for a test instance is enough)
• If you need to store files, having remote stores is nice to have (webdav or s3)

Technitium is really nice too

For now my NAS it not really running anything (I want to have proper DNS/IDM before starting any other service and for storage I think I may go with owncloud ocis or nextcloud)

I am still using my ISP’s router, so the firewall rule is on the NAS (for now it is almost a do it all server), otherwise I would run the pihole on the router I think

Do you have any idea on how to do it ? Knowing that I am on opensuse

Thank you for the reply. It is exactly this

So, for nextcloud and automatic torrenting it should not be too bad to protect windows users ?

I don’t selfhost mail but I heard of stalwart

I recently found a video talkkng about privacy. One of the topic was that privacy does not ring any bell in people’s mind. Contrary to intimacy. Maybe we should all replace privacy by intimacy so we can tell what is really implied to non software people