Check my wiki where I tried to detail all the steps

https://wiki.gardiol.org/doku.php?id=services%3Aimmich

I have a 3,2,1 backup strategy with restic+backrest. One full backup local on an external disk. Second backup in the house on a disk mounted to an OpenWRT router in the garden, third backup remote on my vps. Backup is daily at night.

My external access is via a static public IP on a VPS I rent using a double layer of NGINX reverse proxy. Vps is connected to home via wireguard, so nobody has to complain that they require a wireguard VPN on their phones… WAF is critical here.

Firefox.

Immich for photos

Radicale for calendar and contacts

My own mail domain and server, for mail

Lineages on android

The only thing I cannot do without, is google maps.

Maybe one would be sufficient, but for better separation and to have a single startup script for every service I prefer to keep them on different users.

In this way, also the data of each service is created with a different user and cannot be messed up by a rogue service…

And why let that user access root in any way? Even via sudo? No need. No risk.

One service one user. Simple security and separation policy

No, quadlet seems to require systemd and I run OpenRC.

A rootless container is good for security.

A lifetime old basic rule is never run anything as root, not even your podman :)

I only ever use rootless podman jn my system and I fond it pretty easy to actually run: zero effort whatsoever.

Why you say it’s complicated?

Yes I always create one unprivileged user (not even in the sudoers or wheel group ofc) for every service I containerize. And create a dedicated network for the service too.

It only takes a few lines in a normal docker compose yaml.

Also I use docker compose on podman, yes docker compose not podman compose.

Edit2: refer to this post of mine on how installed immich on rootless podman https://wiki.gardiol.org/doku.php?id=services%3Aimmich as you can see, the most complex part is… Useradd & mkdir LOL

Edit: also podman play nice with iptables and nft (which should be always preferred nowadays) instead docker can mess your system good, and don’t work with nft tables, unless quirks quirks…

Running unbound on my opnSense with the appropriate blacklists for ad filtering.

I would say, it’s more dangerous to visit US than NK. In the US you can be in trouble for many reasons.

I have to say, it’s easier to be in trouble while traveling in the US than in NK.

Go, absolutely. I understand there might be ethical implications, but i can strongly recomend you go, it’s a lifetime experience that will change your view on the world.

I checked, since time fly.

I have been there in 2009.

Here are the photos i took: https://foto.gardiol.org/share/9d-PJ3Tm52P_1EwVTV5eptzDoG8SYPfcQKjvE9XFFaWE5AbjXuNRvIp8_xdSSB0jY7c

feel free to ask. We got in/out by train from China, flying in is less interesting, since you don’t get much opportunity to see the countryside.

I did, some 15 years ago.

Can definitely recommend, it feels like time travel in a parallel universe.

I do at whatever time, but the only (non wild) living creature that I would wake up are cows and farm dogs.

… Who by the way keep me awake in warm summer nights…

Summit! And love it.

On windows, how do you install Minecraft? I got into a loop of fucking MS bullshit that want me to pay $$€ just for installing it and it feels… scammy…

Well, it’s Microsoft after all… But I cannot believe now Minecraft is pay to run…

Hi, ended up using your suggestion, super smooth and easy.

Yes, but I don’t play myself and the players I am setting up for are Minecraft players, so not my choice.

deleted by creator

Xbox and PlayStation and windows would be the clients platforms…

That means bedrock or I can go java edition as well?

I can fully relate. Don’t go cheap and keep it cool. For the last few years I used a JBOD enclosure for 3.5in disks with four 2.5in SSDs, I removed the cover and had no needs for fans. Super quiet, and the only viable way to get 4x4Gb added to my laptop-server.

Now I moved to a mid size desktop pc-server, and relocated the four ssds inside the case on sata cables. Cabt really see the speed difference for the workload of the server.

I don’t mean there is no speed difference (before somebody freaks out), but that is not noticeable because I only access the data via network for all my use cases.

I used external USB drives for decades. Provided you buy better quality enclosures, external powered ones, they are fine.

Still going internal is better for tidyness, speed and that accidental cable pull that might always happen with external dangling cables LOL. (Happened).

That’s what mastodon is for