![](/static/253f0d9/assets/icons/icon-96x96.png)
![](https://fry.gs/pictrs/image/c6832070-8625-4688-b9e5-5d519541e092.png)
Tell me you don’t live in Germany without telling me you don’t live in Germany :D
Tell me you don’t live in Germany without telling me you don’t live in Germany :D
I have many friends which are vegan and we live in an area + work in an industry with a comparatively high amount of people with such a diet. We have talked about the topic at lengths, and my understanding is that in order to have a healthy diet you have to do quite a bit of research and spend time planning your meals. And then going out on a dinner is often a pain, although this has improved in the recent years.
We eat much less meat than the general public. But going the next step and eliminating meat and then diary products is not trivial. Unless you have less responsibilities and or more prior knowledge to get you up to speed. I simply do not have the time for that, I have a small kid to take care of. And we often struggle to plan enough meals ahead of time in the short period of time between finishing work and doing groceries.
It might sound like an excuse to you. It feels the same on my end, when my concerns are dismissed with some hand waving by people which usually are in a completely different place in their life than me.
Running ZFS on consumer SSDs is absolute no go, you need datacenter-rated ones for power loss protection. Price goes brrrrt €€€€€
I too had an idea for a ssd-only pool, but I scaled it back and only use it for VMs / DBs. Everything else is on spinning rust, 2 disks in mirror with regular snapshots and off-site backup.
Now if you don’t care about your data, you can just spin up whatever you want in a 120€ 2TB ssd. And then cry once it starts failing under average load.
Edit: having no power loss protection with ZFS has an enormous (negative) impact on performance and tanks your IOPS.
This, just pgdump properly and test the restore against a different container. Bonus points for spinning as new app instance and checking if it gets along with the restored db.
You are completely ignoring the fact, that for many it is too time consuming and involved to go vegan. And then you are imposing your belief that others should invest the same amount of resources, be it time or money, or they are worse human beings not caring about animals. In other words, being able to switch your diet is usually a sign of at least slight financial privilege. I just had some tofu so you don’t have to preach to me. But let others be and do not compare veganism to anti-genocide. It is absolutely ridiculous.
Cheap panels are tanking European competitors, but it’s probably too late to intervene at this point. Can’t compete with work camps and cheap slave labor.
And remember, friends don’t let friends use latest. Pin the versions in your manifests and version control everything.
I know what you mean. Most people mean well, some are a bit too aggressive, but probably also mean well. I honestly sometimes roll my eyes when I start reading about tailscale, cloudflare tunnels etc. The main thing is not to expose anything you don’t absolutely need to expose.
For access from the outside the most you should need is a random high port forwarded for ssh into a dedicated host (can be a VM / container if you don’t have a spare RaspberryPi). And Wireguard on a host which updates the server package regularly. So probably not on your router, unless the vendor is on top of things.
Regarding ansible and documenting, I totally get your point. Ten years ago I was an absolute Linux noob and my flatmate had to set up an IRC bouncer on my RPi. It ran like that for a few years and I dared not touch anything. Then the SD card died and took down the bouncer, dynDNS and a few other things running on it.
It takes me a lot of time to write and test my ansible playbooks and custom roles, but every now and then I have to move services between hosts. And this is an absolute life saver. Whenever I’m really low on time and need to get something up and running, I write down things in a readme in my infra repository and occasionally I would go through my backlog when I have nothing better to do.
One word of advice. Document the steps you do to deploy things. If your hardware fails or you make a simple mistake, it will cost you weeks of work to recover. This is a bit extreme, but I take my time when setting things up and automate as good as possible using ansible. You don’t have to do this, but the ability to just scrap things and redeploy gives great peace of mind.
And right now you are reluctant to do this because it’s gonna cost you too much time. This should not be the case. I mean, just imagine things going wrong in a year or two and you can’t remember most things you know now. Document your setup and write a few scripts. It’s a good start.
Same. I buy all my domains there. And in case someone needs a proper API and support for the dns challenge, host your DNS at DeSEC.
You don’t need 8 drives when they are 8 times larger than your current ones. I went from planning for 5+ drives to just downsizing to two drives in mirror. Then I can expand with another mirror.
Unless you need uptime and want to guarantee an SLA for your own services, you are much better off with a mirror or raidz1. Do regular backups (off-site, incremental) and don’t fear the disk failure.
Same, I have a bunch of “inbox” folders and drop files into my server or desktop from my phone with 3 clicks.
I’m using FF tab groups and Sideberry, other than the occasional link getting opened in the wrong group I haven’t had issues. I really need to test Chrome and it’s profiles to see what the fuss is all about :D
Just in case you missed this, you can issue valid HTTPS Certificates with the DNS challenge. I use LetsEncrypt, DeSEC and Traefik, but any other supported provider with Lego (CLI) would work.
I am seeding 70 torrents on a private tracker, most of it some niche stuff. It’s getting downloaded, but I have 0.00 seeded across all 70 torrents. I have no port forwarding. 1 + 1 = you need proton / airvpn.
Symfonium is great, it supports a bunch of sources and works really well. Absolutely worth supporting the dev (check his ko-fi too)!
Oh okay that’s a lot of power. For reference, I just set up an old Haswell PC as a NAS, idling at 25W (can’t get to low Package C states) and usually at 28-30 running light workloads on an SSD pool. My plan was to add a 5 disk cage and at least 3 HDDs, with Raidz2 and 5 disks being the mid term goal. Absolutely unnecessary and a huge waste. I settled on less but larger disks, and in mirror I can get 12-18 TB usable space for under 500€. Less noise and power draw too.
Look for 5W idle consumption boards + CPU combos which go down to package C6+ state. HardwareLuxx has a spreadsheet with various builds focusing on low power. Sell half your disks, go mirror or Raidz1. Invest the difference in off-site vps and or backup. Storage on any SBC is a big pain and you will hit the sata connector / IO limits very soon.
The small NUC form factors are also fine, but if your problem is power you can go very low with a good approach and the right parts. And you’ll make up for any new investments within the first year.
The problem is, the libraries and SDK used to build the app will have had vulnerabilities for sure. Same for the underlying image (unless scratch / distroless). We run extensive vulnerability scanning in our pipelines, and Go libs occasionally pop up. The Go SDK also had multiple security fixes in the last year.
This, letsencrypt with dns challenge, https://desec.io/ to manage the dns records https://github.com/go-acme/lego or traefik to manage the certificates and do the dns challenges for you.