Install a reverse proxy like caddy, but on your server bare metal not container.

Also, expose port 443 not 80, and put a SSL certficate.

Can at least ping <my domain> from server and from home?

Cut damage. They cut the board without some protection and that ruined the hard white layer. Shitty carftmanship.

Nothing stops you to run them all from the same unprivileged user and start them all at once with a single command.

Set once and forget style.

Check my wiki where I tried to detail all the steps

https://wiki.gardiol.org/doku.php?id=services%3Aimmich

I have a 3,2,1 backup strategy with restic+backrest. One full backup local on an external disk. Second backup in the house on a disk mounted to an OpenWRT router in the garden, third backup remote on my vps. Backup is daily at night.

My external access is via a static public IP on a VPS I rent using a double layer of NGINX reverse proxy. Vps is connected to home via wireguard, so nobody has to complain that they require a wireguard VPN on their phones… WAF is critical here.

Firefox.

Immich for photos

Radicale for calendar and contacts

My own mail domain and server, for mail

Lineages on android

The only thing I cannot do without, is google maps.

Maybe one would be sufficient, but for better separation and to have a single startup script for every service I prefer to keep them on different users.

In this way, also the data of each service is created with a different user and cannot be messed up by a rogue service…

And why let that user access root in any way? Even via sudo? No need. No risk.

One service one user. Simple security and separation policy

No, quadlet seems to require systemd and I run OpenRC.

So they can add the always trust (until next full moon) on A16…

A rootless container is good for security.

A lifetime old basic rule is never run anything as root, not even your podman :)

I only ever use rootless podman jn my system and I fond it pretty easy to actually run: zero effort whatsoever.

Why you say it’s complicated?

Yes I always create one unprivileged user (not even in the sudoers or wheel group ofc) for every service I containerize. And create a dedicated network for the service too.

It only takes a few lines in a normal docker compose yaml.

Also I use docker compose on podman, yes docker compose not podman compose.

Edit2: refer to this post of mine on how installed immich on rootless podman https://wiki.gardiol.org/doku.php?id=services%3Aimmich as you can see, the most complex part is… Useradd & mkdir LOL

Edit: also podman play nice with iptables and nft (which should be always preferred nowadays) instead docker can mess your system good, and don’t work with nft tables, unless quirks quirks…

Given the shitty weather forecasts i hope to be able to ride my road bicicle on sunday. Some 80km would be great, but i guess i will be luclky to go for 50km. As for saturday, maybe swimming pool and lots of stuff to fix at home.

Summit user here. Regularly updated and multi-login capable.

Running unbound on my opnSense with the appropriate blacklists for ad filtering.

Me too. Never had to do that.

Its actually not due to the quality itself… But the lack of scale (hope its the right word) in the water.

Gimp or krita are free and can do what you are looking for image editing and transparent background.

Free webapps? And who pay for the hosting? You are looking for the wrong target.

Lots of free PDF editing tools. Even web ones of you self host those (Stirling PDF anyone?).

I would say, it’s more dangerous to visit US than NK. In the US you can be in trouble for many reasons.

I have to say, it’s easier to be in trouble while traveling in the US than in NK.

Go, absolutely. I understand there might be ethical implications, but i can strongly recomend you go, it’s a lifetime experience that will change your view on the world.

I checked, since time fly.

I have been there in 2009.

Here are the photos i took: https://foto.gardiol.org/share/9d-PJ3Tm52P_1EwVTV5eptzDoG8SYPfcQKjvE9XFFaWE5AbjXuNRvIp8_xdSSB0jY7c

feel free to ask. We got in/out by train from China, flying in is less interesting, since you don’t get much opportunity to see the countryside.

I did, some 15 years ago.

Can definitely recommend, it feels like time travel in a parallel universe.

Yes.

While there is no end to paranoia, I would call a VPN over sftp quite useless.

Unless, of course, the seedbox itself needs a VPN to be reached in the first place.

Aaaand I read “your bath math situation”…