DeltaTangoLima

DeltaTangoLima, 8 months ago (edited 1 month ago)

Nah - don’t make excuses for them. Here in Australia, we call entitled people like this cunts. With a hard ‘c’. Not the nice one, with a soft ‘c’.

DeltaTangoLima, 8 months ago

Yeah, I had the same experience with the devs of Pushbullet, after constructively suggesting a few ways they might be able to work with proxy servers, and all I got back was “Proxies are bad, mmmmk?”.

Fucken Peter Pan-level mentality.

DeltaTangoLima, 8 months ago

If you have the means, you could self-host a Piped server? Otherwise, try out piped.video.

DeltaTangoLima, 8 months ago

I’d avoid Google, they don’t have a stable offering

What you you mean by not stable?

I’ve been (stuck with) Google Workspace for many, many years - I was grandfathered out from the old G-Suite plans. The biggest issue for me is that all my Play store purchases for my Android are tied to my Workspace’s identity, and there’s no way to unhook that if I move.

I want to move. I have serious trust issues with Google. But I can’t stop paying for Workspaces, as it means I’d lose all my Android purchases. It’s Hotel fucking California.

But I’ve always found the email to be stable, reliable, and the spam filtering is top notch (after they acquired and rolled Postini into the service).

DeltaTangoLima, 8 months ago

Yeah, that’s the other thing that shits me. Paying for my wife and I on Workspaces, and we don’t have family sharing rights. We’re literally paying to be treated like second-class citizens!

DeltaTangoLima, 8 months ago

At the time of my move I went through my list of apps I bought and tallied the ones up, that I still used. It was less than $50 of repurchases.

Yeah, I know this what I should do too. As someone else said in this comment thread, gotta tear that bandaid off at some point. Just shits me that I should have to. But the freedom after doing it… <chef’s kiss>

DeltaTangoLima, 8 months ago

Yeah, still got my ancient free Gmail account going. Will probably revert to that.

DeltaTangoLima, 7 months ago

Really? I run several Chromecasts, and I block their access to all DNS services except my internal Pi-holes. They work just fine.

DeltaTangoLima, 7 months ago

Ah - I only have the Chromecast GTVs. Good to know I don’t need to pay for an upgrade then!

DeltaTangoLima, 7 months ago

Lol - not my first rodeo. I’m blocking dns.google as well, and I’m 99.999% certain Google won’t have coded Chromecasts to use anyone else’s DNS servers.

DeltaTangoLima, 8 months ago

Yep, all true. I was oversimplifying in my explanation, but you’re right. There’s a lot more to it than what I wrote - I was more relating docker to what we used to do with chroot jails.

DeltaTangoLima, 8 months ago

To answer each question:

• You can run rootless containers but, importantly, you don’t need to run Docker as root. Should the unthinkable happen, and someone “breaks out” of docker jail, they’ll only be running in the context of the user running the docker daemon on the physical host.
• True but, in my experience, most docker images are open source and have git repos - you can freely download the repo, inspect the build files, and build your own. I do this for some images I feel I want 100% control of, and have my own local Docker repo server to hold them.
• It’s the opposite - you don’t really need to care about docker networks, unless you have an explicit need to contain a given container’s traffic to it’s own local net, and bind mounts are just maps to physical folders/files on the host system, with the added benefit of mounting read-only where required.

I run containers on top of containers - Proxmox cluster, with a Linux container (CT) for each service. Most of those CTs are simply a Debian image I’ve created, running Docker and a couple of other bits. The services then sit inside Docker (usually) on each CT.

It’s not messy at all. I use Portainer to manage all my Docker services, and Proxmox to manage the hosts themselves.

Why? I like to play.

Proxmox gives me full separation of each service - each one has its own CT. Think of that as me running dozens of Raspberry Pis, without the headache of managing all that hardware. Docker gives me complete portability and recoverability. I can move services around quite easily, and can update/rollback with ease.

Finally, the combination of the two gives me a huge advantage over bare metal for rapid prototyping.

Let’s say there’s a new contender that competes with Immich. I have Immich hosted on a CT, using Docker, and hiding behind Nginx Proxy Manager (also on a CT).

I can spin up a Proxmox CT from my own template, use my Ansible playbook to provision Docker and all the other bits, load it in my Portainer management platform, and spin up the latest and greatest Immich competitor, all within mere minutes. Like, literally 10 minutes max.

I have a play with the competitor for a bit. If I don’t like it, I just delete the CT and move on. If I do, I can point my photos… hostname (via Nginx Proxy Manager) to the new service and start using it full-time. Importantly, I can still keep my original Immich CT in place - maybe shutdown, maybe not - just in case I discover something I don’t like about the new kid on the block.

DeltaTangoLima, 8 months ago

No worries mate. Sing out if you get stuck - happy to provide more details about my setup if you think it’ll help.

DeltaTangoLima, 8 months ago (edited 2 months ago)

Nope - Proxmox lets you create VLAN trunks, just like a physical switch.

Edit: here’s one of my Proxmox server network configs.

DeltaTangoLima, 8 months ago (edited 2 months ago)

I have two Proxmox hosts and two NASes. All are connected at 1Gbps.

The Proxmox hosts maintain the real network mounts - nfs in my case - for the NAS shares. Inside each CT that requires them, these are mapped to mount points with identical paths in each, eg. /storage/nas1 and /storage/nas2.

All my *arr (and downloader) CTs are configured to use the exact same paths.

It’s seamless. nzbget or deluge download to the same parent folders that my *arr CTs work with, which means atomic renames/moves are pretty much instant. The only real network traffic is from the download CTs to the NASes.

Edit: my downloader CTs download directly to the NAS paths - no intermediate disk at all.

DeltaTangoLima, 8 months ago

This is exactly my setup on one of my Proxmox servers - a second NIC connected as my WAN adapter to my fibre internet. OPNsense firewall/router uses it.

DeltaTangoLima, 8 months ago

You still need to do that, but you need the Linux bridge interface to have VLANs defined as well, as the physical switch port that trunks the traffic is going to tag the respective VLANs to/from the Proxmox server and virtual guests.

So, vmbr1 maps to physical interface enp2s0f0. On vmbr1, I have two VLAN interfaces defined - vmbr1.100 (Proxmox guest VLAN) and vmbr1.60 (Phsyical infrastructure VLAN).

My Proxmox server has its own address in vlan60, and my Proxmox guests have addresses (and vlan tag) for vlan100.

The added headfuck (especially at setup) is that I also run an OPNsense VM on Proxmox, and it has its own vlan interfaces defined - essentially virtual interfaces on top of a virtual interface. So, I have:

• switch trunk port
  • enp2s0f0 (physical)
    • vmbr1 (Linux bridge)
      • vmbr1.60 (Proxmox server interface)
      • vmbr1.100 (Proxmox VLAN interface)
        • virtual guest nic (w/ vlan tag and IP address)
      • vtnet1 (OPNsense “physical” nic, but actually virtual)
        • vtnet1_vlan[xxx] (OPNsense virtual nic per vlan)

All virtual guests default route via OPNsense’s IP address in vlan100, which maps to OPNsense virtual interface vtnet1_vlan100.

Like I said, it’s a headfuck when you first set it up. Interface-ception.

The only unnecessary bit in my setup is that my Proxmox server also has an IP address in vlan100 (via vmbr1.100). I had it there when I originally thought I’d use Proxmox firewalling as well, to effectively create a zero trust network for my Proxmox cluster. But, for me, that would’ve been overkill.

DeltaTangoLima, 8 months ago

You can also self-host a Joplin sync server, which works exceedingly well too.

DeltaTangoLima, 8 months ago

Is there a particular reason you used the wall plate? Was there a larger hole to cover up?

DeltaTangoLima, 8 months ago

I feel your pain. That stuff really shits me.

DeltaTangoLima, 8 months ago

Yeah, this is the answer. I don’t have a Reolink doorbell, but I have their PoE cameras with Frigate and HA, and they work perfectly.

DeltaTangoLima, 8 months ago

Wouldn’t this just be the Google alternative to what OP already has, and wants to drop?

DeltaTangoLima, 8 months ago (edited 5 months ago)

I have a 2N+C backup strategy. I have two NASes, and I use rclone to backup my data from one NAS to the other, and then backup (with encryption) my data to Amazon S3. I have a policy on that bucket in S3 that shoves all files into Glacier Deep Archive at day 0, so I pay the cheapest rate possible.

For example, I’m storing just shy of 400GB of personal photos and videos in one particular bucket, and that’s costing me about $0.77USD per month. Pennies.

Yes, it’ll cost me a lot more to pull it out and, yes, it’ll take a day or two to get it back. But it’s an insurance policy I can rely on and a (future) price I’m willing to pay should the dire day (lost both NASes, or worse) ever arrive when I need it.

Why Amazon S3? I’m in Australia, and that means local access is important to me. We’re pretty far from most other places around the world. It means I can target my nearest AWS region with my rclone jobs and there’s less latency. Backblaze is a great alternative, but I’m not in the US or Europe. Admittedly, I haven’t tested this theory, but I’m willing to bet that in-country speeds are still a lot quicker than any CDN that might help get me into B2.

Also, something others haven’t yet mentioned is, per Immich’s guidance on their repo (Disclaimer right at the top) is not NOT rely on Immich as your sole backup. Immich is under very active development, and breaking changes are a real possibility all the time right now.

So, I use SyncThing to also backup all my photos and videos to my NAS, and that’s also backed up to the other NAS and S3. That’s why I have nearly 400GB of photos and videos - it’s effectively double my actual library size. But, again, at less than a buck a month to store all that, I don’t really mind double-handling all that data, for the peace of mind I get.

DeltaTangoLima, 8 months ago (edited 2 months ago)

Using CloudFlare and using the cloudflared tunnel service aren’t necessarily the same thing.

For instance, I used cloudflared to proxy my Pihole servers’ requests to CF’s DNSoHTTPS servers, for maximum DNS privacy. Yes, I’m trusting CF’s DNS servers, but I need to trust an upstream DNS somewhere, and it’s not going to be Google’s or my ISP’s.

I used CloudFlare to proxy access to my private li’l Lemmy instance, as I don’t want to expose the IP address I host it on. That’s more about privacy than security.

For the few self-hosted services I expose on the internet (Home Assistant being a good example), I don’t even both with CF at all. use Nginx Proxy Manager and Authelia, providing SSL I control, enforcing a 2FA policy I administer.

DeltaTangoLima, 8 months ago (edited 2 months ago)

The magnifying glass next to each season header will automatically search for season packs and pick a download for you. The person icon will do it interactively, where you see the results and select which one(s) you want to download.

This is the case across Sonarr. Magnifying glass at the top of a series will auto search for all missing, monitored episodes. Same applies at individual episode level, but the the person icon does it interactively, in case you want to select the specific release you want to download.

Edit: here’s a screenshot showing what I mean