Justin

Interesting.

On the wifi router side, openwrt prefers mediatek cpus because they are the only company with fully open source wifi drivers.

Males sense. Technically, all chipset drivers are required to be open source since Linux is hard-copyleft open source.

I think that boils down to how ARM chipsets don’t support mainline Linux. You need lots of patchsets which break over time.

The article says that all phones in the EU must receive 5 years of software support. 10 would be ideal tbh, but labeling isn’t as important now that we’re getting 5 years.

not to mention there are 48 and 64gb dimms out now too that work with basically all alder lake atoms

Yeah, what you’re talking about is called GitOps. Using git as the single source of truth for your infrastructure. I have this set up for my home servers.

https://codeberg.org/jlh/h5b

nodes has NixOS configuration for my 5 kubernetes servers and a script that builds a flash drive for each of them to use as a boot drive (same setup for porygonz, but that’s my dedicated DHCP/DNS/NTP mini server)

mikrotik has a dump of my Mikrotik router config and a script that deploys the config from the git repo.

applications has all my kubernetes config: containers, proxies, load balancers, config files, certificate renewal, databases, clustered raid, etc. It’s all super automated. A pretty typical “operator” container to run in Kubernetes is ArgoCD, which watches a git repo and automatically deploys any changes or desyncs back to the Kubernetes API so it’s always in sync with git. I don’t use any GUI or console commands to deploy or update a container, I just edit git and commit.

The kubernetes cluster runs about 400 containers, most of them just automatic replicas of services for high-availability. Of course there’s always some manual setup steps outside of git, like partitioning drives, joining the nodes to the cluster, writing hardware-specific config, and bootstrapping Argocd to watch git. But overall, my house could burn down tomorrow and I would have everything I need to redeploy using this git repo, the secrets git repo, and my backups of my databases and container /data dirs.

I think Portainer supports doing GitOps on Docker compose? Never used it.

https://docs.portainer.io/user/docker/stacks/add

Argocd is really the gold standard for GitOps though. I highly recommend trying out k3s on a server and running ArgoCD on it, it’s super easy to use.

https://argo-cd.readthedocs.io/en/stable/getting_started/

Kubernetes is definitely different than Docker Compose, and tutorials are usually written for Docker compose.yml, not Kubernetes Deployments, but It’s super powerful and automated. Very hard to crash once you have it running. I don’t think it’s as scary as a lot of people think, and you definitely don’t need more than one server to run it.

nah you’re probably not going to get any benefits from it. The best way to make your setup more maintainable is to start putting your compose/kubernetes configuration in git, if you’re not already.

Ah, no, Kopia uses a shared bucket.

Seems like a good way to do it.

Keep in mind Kopia has some weirdness when it comes to transferring repos between filesystem and S3, so you’d probably want to only keep one repo.
https://kopia.discourse.group/t/exported-s3-storage-backup/3560

Backblaze B2 is a cheap S3 provider. Hetzner storage box is even cheaper, but it doesn’t support S3 natively, so you’re likely to run into issues with the kopia repo compatibility I mentioned.

Yeah, my main concern is visiting US customs as a US citizen, there they can’t (legally) punish US citizens for not unlocking their phones, aside from a few hours dentention/“enhanced interrogation”.

Not sure what the laws are in Sweden and Denmark, where I usually fly into the EU from, but usually they don’t search phones at borders. Swedish police are more inclined to just look you up in the residence database and get a warrant for a home visit, I believe.

Other countries would risk a diplomatic incident from Sweden if they used force to make me unlock my phone 🤷

Yeah, I have mine set to 12 to be a little less tight. Not so short that it reboots on a regular basis, but I think 12 hours would be pretty short for a thief to get my phone to a cracker in time. (assuming they even have access to tools to crack modern calyxos) I always power off my phone off going through customs.

What hardware do android phones not have making them vulnerable to cellbrite?

CalyxOS has this too. Choose between 1 and 72 hours.

PHP does actually scale better than something like Lemmy which is written in rust

But sure, you can act like you know more than the Nextcloud devs

Isn’t Opencloud just extended Nextcloud? (Still PHP)

https://nextcloud.com/blog/opencloud-the-digitally-sovereign-workspace-from-hkn-univention-and-nextcloud/

Also, nextcloud core components are written in Rust, the PHP just handles incoming requests.

https://nextcloud.com/blog/nextcloud-faster-than-ever-introducing-files-high-performance-back-end/

don’t send your thoughts to google

Buy used Samsung pm983s on ebay. Super cheap, super fast, and they have power-loss protection. Only downside is that they’re M.2 22110, not m.2 2280. There’s also a bunch of cheap Samsung and hgst u.2 drives on eBay, but you’ll need an adapter.

The sqlite database that Jellyfin uses tends to get corrupted easily, especially if the disk gets full.

The main big feature that Jellyfin devs are working right now is a complete overhaul of the internal database system:

https://github.com/jellyfin/jellyfin/issues/13047

Damn, is that even legal to take on a plane?

Yeah, I think you pick up things from all over the place as a consultant. I see lots of different environments and learn from them.

Ah yeah, external-dns operator is great! it’s maybe a bit basic at times but its super convenient to just have A/AAAA records appear for all your loadbalancer svcs and HTTPRoutes. Saves a ton of time.

That’s super unfortunate that the certs are siloed off. Maybe they can give you a NS record for a subdomain for you to use ACME on? I’ve seen that at some customers. Super important that all engineers have access to self-service certs, imo.

Rook is great! It definitely can be quite picky about hardware and balancing, as I’ve learned from trying to set it up with two nodes at home with spare hdds and ssds 😅 Very automated once it’s all set up and you understand its needs, though. NFS provisioner is also a good option for a storageclass as a first step, that’s what I used in my homelab from 2021 to 2023.

Heres my rook config:
https://codeberg.org/jlh/h5b/src/branch/main/argo/external_applications/rook-ceph-helm.yaml
https://codeberg.org/jlh/h5b/src/branch/main/argo/custom_applications/rook-ceph

Up to 3 nodes and 120TiB now and I’m about to add 4 more nodes. I probably would recommend just automatically adding disks instead of manually adding them, I’m just a bit more cautious and manual with my homelab “pets”.

I’m not very far on my RHCE yet tbh 😅 Red hat courses are a bit hard to follow 😅 But hopefully will make some progress before the summer.

The CKA and CKS certs are great! Some really good courses for those on udemy and acloudguru, there’s a good lab environment on killer.sh, and the practice exams are super useful. I definitely recommend those certs, you learn a lot and it’s a good way to demonstrate your expertise.