I tried Longhorn, and ended up concluding that it would not work reliably with Volsync. Volsync (for automatic volume restore on cluster rebuild) is a must for me.

I plan on installing Rook-Ceph. I’m also on 1Gb/s network, so it won’t be fast, but many fellow K8s home opsers are confident it will work.

Rook-ceph does need SSDs with Power Loss Protection (PLP), or it will get extremelly slow (latency). Bandwidth is not as much of an issue. Find some used Samsung PM or SM models, they aren’t expensive.

Longhorn isn’t fussy about consumer SSDs and has its own built-in backup system. It’s not good at ReadWriteMany volumes, but it sounds like you won’t need ReadWriteMany. I suggest you don’t bother with Rook-Ceph yet, as it’s very complex.

Also, join the Home Operations community if you have a Discord account, it’s full of k8s homelabbers.

Veganism implies consent.

Do I need to spell it out for you how to get a load in a vegan way or can you figure it out?

Obviously random is better, but uniqueness of passwords is IMO even more important. They are effectively spreading around their master password

There’s literally only 4 characters difference between all their passwords, even if those would be completely random, that’s very bad.

They don’t seem to understand that it’s not about how many samples you need to see to be sure what their Amazon password is. The problem is that if one of their passwords ever leaks, some bot can brute-force try thousands of variations on it and find any other password very quickly (they effectively only have to guess 4 characters, plus a bit to find that it’s the first 4 to change).

How can anyone think this is more secure than having completely different and long passwords for every site?

They probably don’t understand that your pw manager’s password is safer because you don’t enter it anywhere, only into your password manager (ideally with 2FA). This person is effectively spreading their master password around by putting it as the core of ALL their passwords, significantly increasing the risk that it leaks.

That’s crazy and genius!

“I don’t do cloud computing, I do solar computing”

The way I understand it, there’s 2 use cases for a VPN, with different concerns and providers:

• having access to your private home network from anywhere, through an encrypted tunnel (Tailscale, Wireguard on the router, etc)
• having your outgoing traffic to the internet go through an anonymized exit node so that your ISP can not watch or sell what you are doing (ProtonVPN, Mullvad VPN, etc)

Is Tailscale fit for the second? I thought not, as the exit node is not an anonymized VPN server but one of your own machines.

https://tailscale.com/kb/1017/install

It really is super simple

Interesting approach but looks like this ultimately ends up:

• being a lot of babysitting / manual work
• blocking a lot of humans
• not being robust against scrapers

Anubis seems like a much better option, for those wanting to block bots without relying on Cloudflare:

https://anubis.techaro.lol/

So $30 is all that you need to delete your Microsoft account? Or is the problem that even if you’d rebuy Minecraft, you’d still need a MS account to play it?

Are you aware of the many Open Source Minecraft-inspired games?

GitOps + Renovate.

Tools that allow you to work GitOps (everything is defined in text files in Git) are:

• Kubernetes
• NixOS
• to a lesser degree, Ansible

Here’s a nice starter template for running your own Kubernetes cluster via GitOps with Renovate pre-configured: https://github.com/onedr0p/cluster-template

Mostly yes, but there are some closed source services which are still good options for this specific threat model.

And I just thought the clear explanation of the why combined with the list, makes this an excellent blog to send to people who don’t get it yet.

The list itself is something most of the people in this community know already, but you might want to send this when someone asks “why?”

Honestly, k8s + GitOps at home is my project that I’m just starting this week. I found a community around it (on Discord 🤮) called Home Operations.

Docker Hub sucks and is VERY strict with rate limits. Try ghcr.io or the aws container registry.

GitOps + Renovate

Gives you:

• automation of updates
• smart notification of updates that are below a certain confidence that it won’t break stuff
• rollback: simply git revert
• the whole shebang

Some stacks that work well with GitOps are:

• k8s + Flux or ArgoCD
• Nix(OS)

Mixing them is a LOT of complexity though. Just pick whichever you are most comfortable with. If you want a declarative immutable OS just for running k8s, check Talos Linux.

If you don’t want to deal with GitOps, Nix or k8s, and you don’t need recent versions, just run Debian and set a cronjob for auto updates. Then only deal with potential breaking changes just once every 5(?) years or thereabouts.

Check the sidebar.

It’s about self-hostable alternatives to closed online software. It doesn’t say anywhere that the hardware has to be in your own home, just that it is about self-hostable software.

Similarly, [email protected] is about self-hosting services, the hardware part is (even with the slrpnk folk) only a prefetence.

So feel free to discuss hosting your own services on a VPS here

I have been planning on migrating to Proton (I know, wrong community) and this could very well be the year. Just 2 gmail and 1 hotmail address/inbox to migrate but would love to follow the tips given here.

I have some questions to specify your case:

• Did you use tags a lot? Did you use them purely as a hierarchy (i.e. could it be mapped to folders) or do you have a lot of crossover between tags?
• Do you have a custom domain or is the original email on the gmail.com domain and the new one a different address?

Why bother setting up a hosted DB server when you can get all of the RDBMS optimizations in an in-process service? DuckDB is pretty cool

https://duckdb.org/

Obviously, I can’t tell you about the privacy implications of every internet routing device on the planet.

I was just trying to provide a more complete and longer TL;DR than the one I was responding to.

Sounds like you know what you are doing as well as anyone could, you don’t need my TLDR

TL;DR: Don’t buy Mesh WiFi, especially if offered at a low price/subscription by your ISP. Use old-fashioned routers and access points.

If you already have or really need Mesh WiFi, consider installing a VPN client on every single device that supports it. A VPN config on your router will not protect your data from the spying WiFi Mesh Pods.