I have a registered domain name already, but I am behind CGNAT and I don’t really have a public IP.

I want to allow access to my services remotely only through Tailscale.

Nice, thanks for sharing. How did you solve the file permission issue?

Also I see you put all your services as a single pod quadlet what I am trying to achieve is to have every service as a separate systemd unit file, that I can control separately. In this case you also have a complication with the network setup.

You can actually set your user to linger with

sudo loginctl enable-linger $USER

I will test your setup and report back if it works.

By the way what was the reason to switch back to Docker Compose?

There are no logs in journalctl, just when I check the status of the systemd services I see that the container service has crashed and after 5-6 restarts it gave up.

I was thinking of installing the latest podman 5.7.0 and try with it, as there are quite a few updates between that one and 5.4.2 that comes as standard on Rocky.

Elasticsearch should work too

Why don’t you do some bash scripting and route files to different buckets depending on their extensions or mime types? You can easily do that with rclone for example.

To be honest I don’t really know, but I know that what you want can easily be solved with SOCKS5 proxy. I think Wireguard and other VPNs are added to encrypt the traffic. There are also other alternatives to SOCKS5 proxy adding encryption.

In Wireguard you have those Allowed IPs, you can allow only those IPs to be reachable from outside and you can configure them per client if I am not wrong. I think the easiest way would be for you to run those services over Docker, that way each server will have an IP from your docker network and you can isolate the traffic. https://www.procustodibus.com/blog/2021/03/wireguard-allowedips-calculator/

My personal suggestion is to spin up a VM, install Debian, Ubuntu, or whatever your poison is, run docker compose or podman compose, spring up a Docker or two and Wireguard and try to achieve what you want. Heck you can even run Wireguard from a container. Once confident with your setup you can migrate it to Nix.

Check this project https://github.com/whyvl/wireproxy

I am probably going to install an arr stack on the docker containers, but they will write to the HDD. What file systems shall I use for the drives? This topic seems to be quite the rabbit hole and I simply want to properly build this system, as I am planning to leave it running in a remote location so reliability is a very important factor.

I am patiently waiting for Kingdom deliverance to get released and a couple of weeks or months to see what the reviews say about the state of the game. Then I will decide whether to buy it or not.

Another two games on my radar are RDR 1 and Indiana Jones, Pentiment and Slay the Princes but waiting for better discounts on those.

ELI5 how is Trump any better than Putin? Both seem to be following the same playbook of intimidation and unlawful invasions, showing utter disrespect to international law.

I am really looking forward to having a viable alternative to NVIDIA. I would love buying Intel or AMD and being able to enable CUDA support on the GPU out of the box.

Crazy amount of people. 230.000 is an insane number of casualties.

To be honest, VW EVs are extremely boring and overpriced. I would rather buy Volvo, Polestar, KIA or Hyundai. The fully specced ID.3 is something like 53K which is insane for such a small car. Their cars are simply uninspiring.

That’s finally some good news in the dGPU department. This GPU would have been terrific if it was released 1-2 years ago. I really hope they succeed and continue developing GPUs. We need so much a good competition to NVIDIA.

I was hoping for Eskel or Letho to be honest. Ciri is a safe choice but a bit on the boring side. Eskel would have been a lot more multi-layered protagonist and dialogues would have been funnier.

Dumb and dumber

Obsidian is amazing, though it isn’t FOSS but your notes are saved in Markdown, so even if something happens with the app, they will remain yours.

Another alternative may be Joplin and AnyType, but I think AnyType is also not 100% FOSS.

You are increasing the attack vector immensely, and it is up to you to ensure that it is well protected and up to date. The attack effort won’t be high though and most of the attacks would be pretty basic, still I wouldn’t risk something so personal, like your image library.

I would suggest for you to look into Wireguard or Tailscale for accessing your personal Immich instance.

Or simply they used an AI and set the tone in the prompt.