bigdickdonkey

joined 4 weeks ago
[–] bigdickdonkey@lemmy.ca 2 points 5 days ago

Thanks for sharing this! It also took me a while to understand the difference between the Expose dockerfile command and the --publish cli command

[–] bigdickdonkey@lemmy.ca 1 points 6 days ago

Do you run anything like fail2ban with that compatibility?

[–] bigdickdonkey@lemmy.ca 1 points 6 days ago* (last edited 5 days ago) (1 children)

Can you expand on why you chose uCore? I was considering CoreOS until just now ~~and the idea of setting up ignition config serving seems overkill for running only one server at home.~~ ignition is still required the same way as CoreOS

[–] bigdickdonkey@lemmy.ca 2 points 6 days ago (1 children)

Do you need to set lingering for all container users you set up? Does it restart all services in your compose files without issue?

[–] bigdickdonkey@lemmy.ca 1 points 6 days ago (2 children)

I would love to see your compose file. I already have to run special steps on my nextcloud-aio to use it with a reverse proxy so I'm interested in moving away from it.

[–] bigdickdonkey@lemmy.ca 1 points 6 days ago (1 children)

I make extensive use of compose in my own server so I'm assuming I'll need to transition to systemd confs. Do you run those or do you run everything by podman CLI?

[–] bigdickdonkey@lemmy.ca 2 points 6 days ago (1 children)

I'm thinking about an immutable OS with podman support first and foremost. Would you recommend Fedora CoreOS?

 

I’m moving to a new machine soon and want to re-evaluate some security practices while I’m doing it. My current server is debian with all apps containerized in docker with root. I’d like to harden some stuff, especially vaultwarden but I’m concerned about transitioning to podman while using complex docker setups like nextcloud-aio. Do you have experience hardening your containers by switching? Is it worth it? How long is a piece of string?

[–] bigdickdonkey@lemmy.ca 9 points 1 week ago

Sad to see it. Good reminder to check your back ups though

[–] bigdickdonkey@lemmy.ca 13 points 1 week ago (1 children)

there’s a reason most private trackers dont allow pre-releases. it attracts a lot of negative attention

[–] bigdickdonkey@lemmy.ca 1 points 1 week ago (2 children)

Seems a little old. It should have BlueSky and FChannel

 

Nothing on the vinnie site. IIRC it has one or two sister sites?