You can use docker exec with garage docker image.
I'm on mobile but I think you just need something like: docker exec containerid ./garage stats
Garage is the simplest of the three imo.
I've only used it in a cluster, but it should be even simpler for one instance
What mobile issues do you have? I use it both on desktop and mobile with sync mode turned on in the PWA.
I like it, it seems pretty stable to me. I didn't use it much before the query/template stuff was changed. I think both are fine right now, but don't really know what it looked like before.
There's also "space-script" now which is basically like mini javascript plugins you can write inside your notes. It's what drew me away from trilium in the end.
I don't blame you for taking a break if you ran into breaking changes though. That's one benefit to keeping your notes in regular markdown files too.
Any comparisons to SilverBullet.md? It's my favorite so far
Do you use garage for backups by any chance? I was wanting to deploy it in kubernetes, but one of my uses would be to back up volumes, and.. that doesn't really help me if the kubernetes cluster itself is broken somehow and I have to rebuild it.
I kind of want to avoid a separate cluster for storage or even separate vms. I'm still thinking of deploying garage in k8s, and then just using rclone or something to copy the contents from garage s3 to my nas
I really like mine too, I also have a tube and a pro. Both of them have a weird issue with the TV I use most often though. Both shields won't display anything unless I boot them in safe mode.
They both work on a different tv that is 4k. This one is an older 1080p plasma. But it's weird that it used to work just fine. It might be related to the TV, but no other devices have issues so it's cheaper to replace one of the shields than buy a new tv lol.
I'm still using an Nvidia shield which I guess counts as an android box. I thought they'd release a new version by now, but I'm considering building a htpc instead.
I used to use a raspberry pi 2 or 3 and it worked fine for 1080p content. Not sure if the newer pis support 4k, but it's on my list to look into eventually.
This is an option, my main reason for not wanting to use a hosted k8s service is cost. I already have the hardware, so I'd rather use it first if possible.
Though I have been thinking of converting some sites to be statically-generated and hosted externally.
Network Policies are a good idea, thanks.
I was more worried about escaping the container, but maybe I shouldn't be. I'm using Talos now as the OS and there isn't much on the OS as it is. I can probably also enforce all of my public services to run as non-root users and not allow privileged containers/etc.
Thanks for recommending crowdsec/falco too. I'll look into those
It's mostly working fine for me.
An alternative I tried before was just whitelisting which IPs are allowed to access specific ingresses, but having the ingress listen on both public/private networks. I like having a separate ingress controller better because I know the ingress isn't accessible at all from a public ip. It keeps the logs separated as well.
Another alternative would be an external load balancer or reverse proxy that can access your cluster. It'd act as the "public" ingress, but would need to be configured to allow specific hostnames/services through.
I did actually consider a 3rd cluster for infra stuff like dns/monitoring/etc, but at the moment I have those things in separate vms so that they don't depend on me not breaking kubernetes.
Do you have your actual public services running in the public cluster, or only the load balancer/ingress for those public resources?
Also how are you liking garage so far? I was looking at it (instead of minio) to set up backups for a few things.
Quadlet
I haven't heard of Quadlet before this, thanks I'll take a look at it.
Unraid has this with their cache pools. ZFS can also be configured to have a cache drive for writes.
You can also DIY with something like mergerfs and separate file systems.
What you read online may have been referring to how cloudflare itself can always see the unencrypted traffic?
Cloudflare tunnels are encrypted, but inside of that encrypted tunnel could be a regular http stream.
Do you need to search inside of files for text, or just file names?
If inside of files, something simple like ripgrep/ag/grep like someone else mentioned would be an easy option.
If just file names, why not create an index of filenames and search that instead?
If you need an advanced search, maybe ElasticSearch would work for you? You'd have to upload each file to the elasticsearch server though.
I've been in the process of migrating a lot things back to kubernetes, and I'm debating whether I should have separate private and public clusters.
Some stuff I'll keep out of kubernetes and leave in separate vms, like nextcloud/immich/etc. Basically anything I think would be more likely to have sensitive data in it.
I also have a few public-facing things like public websites, a matrix server, etc.
Right now I'm solving this by having two separate ingress controllers in one cluster - one for private stuff only available over a vpn, and one only available over public ips.
The main concern I'd have is reducing the blast radius if something gets compromised. But I also don't know if I really want to maintain multiple personal clusters. I am using Omni+Talos for kubernetes, so it's not too difficult to maintain two clusters. It would be more inefficient as far as resources go since some of the nodes are baremetal servers and others are only vms. I wouldn't be able to share a large baremetal server anymore, unless I split it into vms.
What are y'all's opinions on whether to keep everything in one cluster or not?
You'll need to include new instructions to follow too!
I have not had any issues with Kopia so far, but I have also only used it for maybe a year? My main reason for trying it was that I wanted to be able to give something to family members to use as a backup client with a reasonable ui. I can also control the default exclude list and default policies for compression/etc pretty easily.
I don't know how many years of restic backups I have, but I still rely on it for my most important data. Anything really important on my desktop/laptop gets backed up via kopia, but also gets copied (usually via nextcloud) to a server that has hourly zfs snapshots and daily restic snapshots. Both the restic and kopia snapshots get stored on a local nas and then synced to rsync.net.
What's everyones recommendations for a self-hosted authentication system?
My requirements are basically something lightweight that can handle logins for both regular users and google. I only have 4-5 total users.
So far, I've looked at and tested:
- Authentik - Seems okay, but also really slow for some reason. I'm also not a fan of the username on one page, password on the next screen flow
- Keycloak - Looks like it might be lighter in resources these days, but definitely complicated to use
- LLDAP - I'd be happy to use it for the ldap backend, but it doesn't solve the whole problem
- Authelia - No web ui, which is fine, but also doesn't support social logins as far as I can tell. I think it would be my choice if it did support oidc
- Zitadel - Sounds promising, but I spent a couple hours troubleshooting it just to get it working. I might go back to it, but I've had the most trouble with it so far and can't even compare the actual config yet
(I’m creating a starting guide post here. Have patience, it will take some time…) Disclaimer: I am new to Lemmy like most of you. Still finding my way. If you see something that isn’t right, let me know. Also additions, please comment! # Welcome! Welcome to Lemmy (on whichever server you’re reading ...
cross-posted from: https://lemmy.world/post/37906
> (I'm creating a starting guide post here. Have patience, it will take some time...)
>
> Disclaimer: I am new to Lemmy like most of you. Still finding my way. If you see something that isn't right, let me know. Also additions, please comment!
>
> # Welcome!
> Welcome to Lemmy (on whichever server you're reading this)
>
> # About Lemmy
> Lemmy is a federated platform for news aggregagtion / discussion. It's being developed by the Lemmy devs: https://github.com/LemmyNet
>
> ## About Federation
> What does this federation mean?
>
> It means Lemmy is using a protocol (Activitypub) which makes it possible for all Lemmy servers to interact.
>
> - You can search and view communities on remote servers from here
> - You can create posts in remote communities
> - You can respond to remote posts
> - You will be notified (if you wish) of comments on your remote posts
> - You can follow Lemmy users/communities on other platforms that also use Activitypub (like Mastodon, Calckey etc) (There's currently a known issue with that, see here
>
> Please note that a server only starts indexing a server/community once it has been interacted with by a user of this server.
>
> A great image describing this, made by @ulu_mulu@lemmy.world : https://imgur.com/a/uyoYySY
>
> !
>
> # About Lemmy.world
> Lemmy.world is one of the many servers hosting the Lemmy software. It was started on June 1st, 2023 by @ruud@lemmy.world , who is also running https://mastodon.world, https://calckey.world and others.
>
> A list of Lemmy servers and their statistics can be found at FediDB
>
>
> # Quick start guide
>
> ## Account
>
> You can use your account you created to log in to the server on which you created it. Not on other servers. Content is federated to other servers, users/accounts are not.
>
> ## Searching
> In the top menu, you'll see the search icon. There, you can search for posts, communities etc.
>
> !
>
> You can just enter a search-word and it will find the Post-titles, post-content, communities etc containing that word that the server knows of. So any content any user of this server ever interacted with.
>
> You can also search for a community by it's link, e.g. !Netherlands@lemmy.nl. Even if the server hasn't ever seen that community, it will look it up remotely. Sometimes it takes some time for it to fetch the info (and displays 'No results' meanwhile..) so just be patient and search a second time after a few seconds.
>
> ## Creating communities
> First, make sure the community doesn't already exist. Use search (see above). Also try https://browse.feddit.de/ to see if there are remote communities on other Lemmy instances that aren't known to Lemmy.world yet.
>
> If you're sure it doesn't exist yet, go to the homepage and click 'Create a Community'.
>
> !
>
> It will open up the following page:
>
> !
>
> Here you can fill out:
>
> - Name: should be all lowercase letters. This will be the /c/
> - Display name: As to be expected, this will be the displayed name.
> - You can upload an icon and banner image. Looks pretty.
> - The sidebar should contain things like description, rules, links etc. You can use Markdown (yey!)
> - If the community will contain mainly NSFW content, check the NSFW mark. NSFW is allowed as long as it doesn't break the rules
> - If you only want moderators to be able to post, check that checkbox.
> - Select any language you want people to be able to post in. Apparently you shouldn't de-select 'Undetermined'. I was told some apps use 'Undetermined' as default language so don't work if you don't have it selected
>
> ## Reading
>
> I think the reading is obvious. Just click the post and you can read it. SOmetimes when there are many comments, they will partly be collapsed.
>
> ## Posting
>
> When viewing a community, you can create a new post in it. First of all make sure to check the community's rules, probably stated in the sidebar.
>
> !
>
> In the Create Post page these are the fields:
>
> - URL: Here you can paste a link which will be shown at the top of the post. Also the thumbnail of the post will link there. Alternatively you can upload an image using the image icon to the right of the field. That image will also be displayed as thumbnail for the post.
> - Title: The title of the post.
> - Body: Here you can type your post. You can use Markdown if you want.
> - Community: select the community where you want this post created, defaults to the community you were in when you clicked 'create post'
> - NSFW: Select this if you post any NSFW material, this blurs the thumbnail and displays 'NSFW' behind the post title.
> - Language: Specify in which language your post is.
>
> Also see the Lemmy documentation on formatting etc.
>
> ## Commenting
>
> ## Moderating / Reporting
>
> ## Client apps
>
> There are some apps available or in testing. See this post for a list!
>
> # Issues
> When you find any issue, please report so here: https://lemmy.world/post/15786 if you think it's server related (or not sure).
>
> Report any issues or improvement requests for the Lemmy software itself here: https://github.com/LemmyNet
> ## Known issues
> Known issues can be found in the beforementioned post, one of the most annoying ones is the fact that post/reply in a somewhat larger community can take up to 10 seconds. It seems like that's related to the number of subscribers of the community.
>
> I'll be looking into that one, and hope the devs are too.
Does anyone have recommendations for centralized backup servers that use the server/client model?
My backups are relatively simple in that I use rsync to pull everything from remote machines to a single server and then run restic on that server to back them up and also copy that backup to cloud storage.
I've been looking at some other software again like Bacula/Bareos/UrBackup and wondering if anyone's currently using one of them or something like it that they like?
Ideally I'm looking for a more user-friendly polished interface for managing backups across multiple servers and desktops/laptops. I'm testing Bareos now, but it'll probably not work out since the web ui doesn't allow adding new jobs/volumes/etc.