I’ve been managing my containers using the older mechanism (systemd-generate) since I started and it’s great. You get the reliable service start of systemd and its management interface. Monitoring is consistent with all your other services and you have your logs in exactly one location.
I really wouldn’t want a separate interface or service manager just because I’m running containers.
Will you protect them from police raids and cover their legal costs for running a Tor node?
And it’s quite likely they only have 10G locally, with way less bandwidth going to the outside.
There aren’t any non big name manufacturers left for harddrives. And if you have the time, consider buying with some separation to reduce the risk of hard drives failing at the same time due to age.
Maybe add Geekbench, but only within the same architecture. Tests between different architectures are not comparable.
You can set up your own CA, sign certs and distribute the root to every one of your devices if you really wanted to.
I haven’t taken the time yet to switch my Ansible playbooks to Quadlet, so can’t comment on that.
I only skimmed the manpages, thanks for the info.
I use podman mainly because it’s very easy to manage using systemd services. Unfortunately, the command for generating these service files, podman-generate, is deprecated and won’t receive new features.
Auto updating is done just using a simple tag and enabling a systemd timer to do it regularly for you.
It’s easiest to start with the rootful mode, you won’t have additional settings to set and no issues with permissions, UIDs and networking.
For networking, I always create a network per service I want to run. For example Nextcloud and its database would go in one network and you’d only forward the port for the webinterface for outside access.
In addition to networks I also use pods, this basically groups the containers together to start/stop them as one. If you use this, you have to set your port forwarding here.
In case you wanted to try other TTS providers, here’s a leaderboard based on user votes.
Even without escaping the container a lot of stuff can be done. Maybe the program includes a cryptominer or acts as a node in a botnet.
There’s no way to be sure unless you verify the source yourself.
Have you thought about trying QubesOS instead, as it’s pretty much built for this purpose?
Maybe you’ve heard of r/place. This is similar, just for the fediverse.
Huh, I guess Ubuntu patched Unattended Upgrades to change the config format.
Try "cloudsmith/caddy/stable:any-version";
You’re right with the origin. codename or n in short form is any-version. ${distro_codename} won’t match that, as it contains the codename for your distro release, like bookworm for Debian 12.
With any-version the repo owner’s basically saying you can install this regardless of your distro version or they handle it on their end somehow.
Try just using the origin instead, like this.
"origin=cloudsmith/caddy/stable";
Unattended Upgrades only checks and updates programs in repos it knows about. As you found out, you’ll need to add the custom repository to the Origins pattern in 50unattended-upgrades.
You can find a list of all repositories and their data using apt policy
Here are the custom repositories I have on one of my servers:
500 https://repo.zabbix.com/zabbix/7.0/debian bookworm/main all Packages
release v=12,o=Zabbix,a=zabbix,n=bookworm,l=zabbix,c=main,b=all
origin repo.zabbix.com
500 https://repo.zabbix.com/zabbix/7.0/debian bookworm/main amd64 Packages
release v=12,o=Zabbix,a=zabbix,n=bookworm,l=zabbix,c=main,b=amd64
origin repo.zabbix.com
500 https://pkgs.tailscale.com/stable/debian bookworm/main all Packages
release o=Tailscale,n=bookworm,l=Tailscale,c=main,b=all
origin pkgs.tailscale.com
500 https://pkgs.tailscale.com/stable/debian bookworm/main amd64 Packages
release o=Tailscale,n=bookworm,l=Tailscale,c=main,b=amd64
origin pkgs.tailscale.com
500 https://deb.nodesource.com/node_20.x nodistro/main amd64 Packages
release o=. nodistro,a=nodistro,n=nodistro,l=. nodistro,c=main,b=amd64
origin deb.nodesource.com
Look at the line starting with release and search for a combination that uniquely identifies the Caddy repository.
The output above is using the short form keywords, while the examples in 50unattended-upgrades use the long form. It’s fine to use either.
One special case is the site keyword. This is the URL coming after origin in the output above and might be confusing.
Keywords
// a,archive,suite (eg, "stable")
// c,component (eg, "main", "contrib", "non-free")
// l,label (eg, "Debian", "Debian-Security")
// o,origin (eg, "Debian", "Unofficial Multimedia Packages")
// n,codename (eg, "jessie", "jessie-updates")
// site (eg, "http.debian.net")
Based on the apt policy output above, here’s what I use to enable automatic updates for these repositories.
Using origin and codename follows the standard Debian repos and I’d recommend using that if possible.
Node doesn’t provide a reasonable repo file, so I had to set site based on the URL behind origin in apt policy
"site=deb.nodesource.com"; //Nodesource repository
"origin=Zabbix,codename=${distro_codename}"; //Zabbix Agent repository
"origin=Tailscale,codename=${distro_codename}"; //Tailscale repository
Without docker you still just copy your files from Windows to Linux, though you have to find the right directories for that. Jellyfin can be installed directly on Debian. Just add their repo and go
Never used Shopify unfortunately, so I can’t help you with that.
The way I tag media is using MediaElch. It requires manually going through each series and identifying it, but with your proper naming it should give decent suggestions already.
If some metadata is missing for single episodes, try changing the metadata provider, sometimes one or the other just has bad/incomplete data.
If you only need file syncing, there are better options than Nextcloud. But Nextcloud is the only real option if you want to create a full suite of replacements for office365 or google thanks to the large plugin ecosystem.
Get a cheap VPS and set up a VPN of your choice.
I don’t know of any project that already supports that AI processor. You’d still be using the CPU and GPU at the moment.
Most VMs only run containers, but I have supporting services on every host as well. Stuff like the mesh VPN, monitoring agent or firewall.
If I want a quick overview, a quick
systemctl statuswill tell me everything I need to know.