• 2 Posts
  • 18 Comments
Joined 2 years ago
cake
Cake day: June 11th, 2023

help-circle
  • F04118F@feddit.nltoSelfhosted@lemmy.worldKubernetes storage backends
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    14 days ago

    I tried Longhorn, and ended up concluding that it would not work reliably with Volsync. Volsync (for automatic volume restore on cluster rebuild) is a must for me.

    I plan on installing Rook-Ceph. I’m also on 1Gb/s network, so it won’t be fast, but many fellow K8s home opsers are confident it will work.

    Rook-ceph does need SSDs with Power Loss Protection (PLP), or it will get extremelly slow (latency). Bandwidth is not as much of an issue. Find some used Samsung PM or SM models, they aren’t expensive.

    Longhorn isn’t fussy about consumer SSDs and has its own built-in backup system. It’s not good at ReadWriteMany volumes, but it sounds like you won’t need ReadWriteMany. I suggest you don’t bother with Rook-Ceph yet, as it’s very complex.

    Also, join the Home Operations community if you have a Discord account, it’s full of k8s homelabbers.




  • There’s literally only 4 characters difference between all their passwords, even if those would be completely random, that’s very bad.

    They don’t seem to understand that it’s not about how many samples you need to see to be sure what their Amazon password is. The problem is that if one of their passwords ever leaks, some bot can brute-force try thousands of variations on it and find any other password very quickly (they effectively only have to guess 4 characters, plus a bit to find that it’s the first 4 to change).

    How can anyone think this is more secure than having completely different and long passwords for every site?

    They probably don’t understand that your pw manager’s password is safer because you don’t enter it anywhere, only into your password manager (ideally with 2FA). This person is effectively spreading their master password around by putting it as the core of ALL their passwords, significantly increasing the risk that it leaks.



  • The way I understand it, there’s 2 use cases for a VPN, with different concerns and providers:

    • having access to your private home network from anywhere, through an encrypted tunnel (Tailscale, Wireguard on the router, etc)
    • having your outgoing traffic to the internet go through an anonymized exit node so that your ISP can not watch or sell what you are doing (ProtonVPN, Mullvad VPN, etc)

    Is Tailscale fit for the second? I thought not, as the exit node is not an anonymized VPN server but one of your own machines.










  • GitOps + Renovate

    Gives you:

    • automation of updates
    • smart notification of updates that are below a certain confidence that it won’t break stuff
    • rollback: simply git revert
    • the whole shebang

    Some stacks that work well with GitOps are:

    • k8s + Flux or ArgoCD
    • Nix(OS)

    Mixing them is a LOT of complexity though. Just pick whichever you are most comfortable with. If you want a declarative immutable OS just for running k8s, check Talos Linux.

    If you don’t want to deal with GitOps, Nix or k8s, and you don’t need recent versions, just run Debian and set a cronjob for auto updates. Then only deal with potential breaking changes just once every 5(?) years or thereabouts.