Isn’t kagi’s point that they store very little about you to the point there no search history and you have to pay for the service provided?

That’s not exactly true, synology doesn’t do anything you can’t access from an off the shelf linux (it’s your usual mdraid and btrfs). But you better know what you’re doing if you go that route.

What’s going to pay for the search part, then?

Conduit is in no way compact either. I tuned its caches because two gigs of ram seemed ridiculous for a single-user instance but I only got the mobile client sync lag as a result.

XMPP used to be so much nicer…

I think the point here is moving away from long-lived ssh keys and using whatever IdP you have (enterprise cloud or local oidc) to provide short-term ssh keys. It generally improves the security posture as it’s similar to ssh with certs but less painful to set up.

This is the best answer. Your router protects you from the outside, but a local firewall can protect you from someone prodding your lan from a hacked camera or some other IoT device. By having a firewall locally you just minimize the attack surface further.

Unfortunately, matrix doesn’t have a viable plan for federation, meaning that you’d better onboard on matrix.org or else.

People saying self-hosting mastodon is hard never had to touch matrix. It’s not hard, the protocol is literally broken to the point where starting again is not an option.

I’m all in for ditching discord, but matrix is at most mediocre in almost every aspect. It’s wild how much easier it used to be with xmpp.

First party app, yes. Thanks for the recommendation, I’ll give swiftfin a try.

Jellyfin looks pretty bad on an iPad. Subtitles setting keep getting reset on their own, it doesn’t understand basic keyboard controls (spacebar to pause), the UI is overall tiny. Oftentimes it will forget to save the spot where I finished watching and on the next launch will happily play the movie from beginning.

Matrix is spectacularly cursed to the point of being unusable if you self-host it. The protocol is dumb enough to lock you out of rooms hosted on another server forever if anything goes wrong with the key rotation.

I just made a mirror out of two NVMes―they got cheap enough not to bother too much with the loss of capacity. Of course, that limits what I can put there, so I use a bit of a tiered storage between my NVMe and HDD pools.

Just think in terms of data loss: are you going to be ok if you lost the data between backups? If the answer is yes, one NVMe is enough.

Another alternative: https://pushover.net/

You don’t need -it because you don’t run an interactive session in docker. It might be failing because you ask for a pseudoterminal in an environment where it doesn’t make sense.

Seq is expecting structured logs which yours aren’t. So you want to either convert your app’s logs into a structured format (which is generally hard for a random third-party application) or use a log collector that’s fine with non-structured logs (e.g. Loki+grafana don’t care about the shape is your logs and you can format the output while querying).

How does it compare to archivebox in regards to specifically saving content that’s a mix of websites and YT videos?

I’ve been using FreshRSS and Reeder (now Reeder Classic) since google reader stopped being a thing. It’s pretty great.

I have a dedicated vm for things that are crucial to the home network, either latency-critical or network related.

That’d be my dns resolver (I enforce it over VLANs by hijacking anyone trying to do DNS to other resolvers, like random IoT devices), homebridge for less important home automaton and my own matter controller for most important home automaton (controlling the lights).

My router of choice is RouterOS in another VM. I tried opnsense, pfsense, vyatta, and a bunch of others (even a containerized Cisco route), and I settled on ROS, because it was the only one who could do IPv6 properly (apart from Cisco, but that has other issues).

For the less important things I run them on k8s and really, there are only two bits worth mentioning as essential: ArgoCD and nixhelm. Together, they provide effortless and mostly automated software updates with very easy rollbacks. I don’t have to go and manually update every single bit of software and that saves huge amounts of time.

I wonder if NixOS is a vacuum coffee maker for how confusing nix looks when you see it for the first time or instant coffee for how reproducible it is…

That’s just Slackware.

That’s a good point. Mind that in most production environments you’d be firewalled rather hard (especailly when it comes to logs processing which oftentimes ends up having PII). I wouldn’t trust any service that tries to use DoT or DoH in there that I couldn’t snoop on. Many deployments nowadays allow you to “punch” firewall holes based on the outgoing dns requests to an allowlisted domain, so chances are you actually want to use the glibc resolver and not try to be fancy.

That said, smaller images are always good in my book!