Huh, Authentik was what I used before Kanidm. Wasn’t anything wrong with it per se, but there where a lot of moving parts and complexity rhat didn’t really serve a purpose for me.

I thought about kubernetes or proxmox, but I don’t really see any reason to. All my containers are controlled via podman quadlets, and either run on a single machine locally, or on a VPS.

On how you want to slice up the hardware - I feel like there isn’t one right answer, and I’d do whatever feels most comfortable to admin for you. I feel like for homelab workloads, any half-reasonable setup should work fine, just make sure you have good backups.

On SSO - I have never tried Authelia, but am personally very enamoured with Kanidm. It’s very lightweight, and has pretty good default settings.

On reverse proxy - I personally use Caddy, but Traefik is good too, and can do more stuff out of the box. I just mount the certs I need readonly in the container of the service that needs them. Clunky, but works well enough for me.

If the people you want to have access have static, exclusive ip addresses. Which is pretty unusual, these days.

I mean, you can have a look at recent merged PRs. With proprietary engines, you just don’t know.

That article also kinda reads like it was generated by an LLM.

Which I would appreciate … if I had the least idea about Christian sects in the US.

Meh, I actively use it. I get why it might be unintuitive to someone newly switching.

… I actually like being able to copy a website and middle clicking to open it. I don’t think it’s a problem, it just needs to be telegraphed to the user better, and togleable.

… sure. Nothing here is wrong, but there’s ways to try and mitigate that. And then it’s kinda an arms race, and vigilance.

Good as a general recommendation.

I also feel like the risk levels are very different. If it’s something that performs a function but doesn’t save/serve any custom data (e.g. bentopdf), that’s a lot easier to decide to do than something complicate like Jellyfin.

I do have public addresses for Matrix, overleaf, AppFlowy, immich because they would be much less useful otherwise. Haven’t had any problems yet, but wouldn’t necessarily recommend it to others.

I’d never host any stuff with “Linux ISOs” on a public adress, that seems like it’d be looking for trouble.

You just have to Flash coreboot, I have three chromebooks deployed with family, one with mint and two with Endeavour. Even Touch and audio drivers work for those specific models (Acer Santa and Asus Babytiger).

I seem to remember that steam depends on the official nvidia drivers, so that might still be fumbly if you use their platform.

At some point, your SSD will fail. If you’re lucky, that is quite a while away. If you’re unlucky, that’s tomorrow. If your data is truly critical, at least copy it to a second drive, even if you don’t do a proper/full 3-2-1 backup.

Also, if you’re asking whether you can move data from one drive from an old file system to a new file system that replaces the old one on the same drive without copying data to a different drive - no.

If I’m not mistaken, illustrator is vector based, krita is pixel based. So drawing-wise, krita is closer to Photoshop than illustrator.

cloudflarestatus.com, seems to be hosted on AWS. Probably just got hammered because there was suddenly a lot of people caring about CFs status.

Hey, that was made at my former uni. And now I’m wondering whether other unis adopted it. It always seemed like a neat solution.

On my desktop, I have about 200GB free, which is about 10%, which feels like the bare minimum, and the only reason I haven’t upgraded yet is that there’s some large directories I can archive should it be necessary.

On my server, I recently was down to about 500GB free, also about 10%, which made me add more drives.

So it’s all relative.

Like Fedora Silverblue or OpenSuSE Aeon/Kalpa?

I’m in Germany, and it works pretty fine. They’ve got several datacenters around here, never had an issue with speed or latency.

I don’t like that they got that evil megacorp vibe, but what big Internet firm doesn’t?

Well, I need to run two separate tunnels to not run into hairpinning issue, so, some weirdness, I guess. More down to my services, though.

Interesting. As I said, I never tried yunohost. I usually work with podman, and just assign local ports to pods, then route traffic to those ports internally, which seems to work fine.

Anyway, I feel like we won’t be solving OPs issue here. Still, interesting to see some of the problems people with different setups have to deal with.