Thank you! I’ll give this another try this weekend!

What lists do you have? They pretty much all came up for me. I tried it again with ublock origin to compare, but none showed up with ublock origin.

This is one of the ones I used

I set up pihole a few months ago. I added a few dozen of the highest recommended block lists, but I wasn’t impressed at all. It didn’t seem very effective at blocking ads in both real world tests and tests that I found online specifically for testing your adblocker.

I own a raspberry pi 4. Every time I try to use it, I spend half my time trying to fix the stuttery/non responsive UI by fucking with the compistor and such. And then I give up.

I eventually got a new gaming PC and turned my old one into a Linux server, and haven’t really touched my Raspberry Pi since.

I never said I was relying on it alone. Not sure why you think that.

That’s a great link. Thank you for sharing. It’s good that docker supports this functionality now.

Don’t let perfection be the enemy of good. Security is not all or nothing. Reducing the attack surface is still important.

Can you elaborate on running docker daemon as rootless? It’s my understanding that you can add your account to a group to access the docker daemon rootless, but the containers are still running as root, as the daemon itself raises the access to root.

I use podman because it’s more secure. I’m willing to put in the extra effort so that all my services aren’t running as root. If it turns out a vulnerability is discovered in lemmy tomorrow that allows people to access my server through my lemmy container, the attacker will only have access to a dummy account that hosts my containers. Yes, they could stop all my containers, but they can’t delete the volumes or any other data on my server.

I have a Synology pre built. Self hosting on it is doable, but I found it very limiting because of all of the packages that don’t exist for its custom distro. Eventually I got a new gaming PC and converted my old one to a most standard Linux distro because of this.

This was back before I knew anything about docker. You could probably get around some of the package limitations by using docker. In fact, I have done this. I am using rsnapshot in a container to backup my server because rsnapshot is not available on Synology.

Cries in rural

My “server” is just my old gaming PC that I slapped Ubuntu on.

I have solar panels and a backup battery for the whole house. I live in a rural area that is currently under heavy construction, as they are trying to make this area into a small city, so power outages are unfortunately extremely common.

True. I did that for one of my domains, but it was really quite annoying to do with certbot, as you needed some sort of plugin.

Seconding a reverse proxy. Once you have it set up, it’s trivial to add a subdomain, forward it to your internal port that your container is exposing, then use certbot or whatever to get a new certificate for that subdomain.

I just use apache because I heavily use it for work, so I already know it well. But lots of people swear by nginx as well. There are lots of other options as well.

Interesting. This might be a different between podman and docker. I was using podman in my setup. Unfortunately we might need two different sets of instructions for podman and docker.

Would it be too much for you to ask to test that out and update the documentation? I don’t have docker, and installing it would mess up my podman-docker setup, which would impact some things I have running. podman-docker simulates docker with podman so I can use docker-compose with podman.

Thanks for the shout out!

Full disclosure, I use podman, not docker. If anyone has any issues with this using docker, let me know and I’ll get it fixed ASAP. I’m not 100% sure the --device option works the same way with docker.

I added instructions on how to add the nvidia-container-toolkit repo on the two distros I have (one rpm based, one deb based). If adding the repo is different on your distro, please consider adding it to the instructions. The instructions on the nvidia-container-toolkit web page are… subpar in my opinion.

This is a good start, but I think there also needs to be a way to browse all the images stored and shred them.

I despise Docker Desktop. Before I knew anything about docker or containers, all I knew was that it was in the required software list for my work for building our software. All I knew was that if it wasn’t open, my build would fail and if it was open, my laptop would slow down to a crawl.

Eventually I took classes on Docker for work and learned quite a bit about it. I learned that I could use docker from command line with no UI, and I wouldn’t take anywhere near the performance hit. I eventually linked my IDE docker runtime to podman running on WSL2. Now I take pretty much no noticable performance hit.

TL;DR: you can replace Docker Desktop with WSL2 command line commands and have no UI.

I put a hours of research into this, and I felt like documentation was difficult to understand, so I wanted to pass along what I’ve learned! I hope it works for you.