Can’t believe noone mentioned this yet:
Any good password manager encrypts and decrypts your password file client side. The server should not even have the ability to read your passwords.
Even in the case of a leak of all of the server’s data, as long as your password for the manager was good, you’ve got nothing to worry about.
I’d say pick a PW manager where both client and server are open source. Pick a strong passphrase. Enjoy.
Yeah, but no dark magic involved.
The only “magic” parts are two nix modules for handling proper networking and hardware setup, and exposing required attributes to the script.
Works really well, zero manual config (beyond the services you want to run…) required on nix or proxmox side.
Nothing. People fearmonger
Funny - same thing here. Got 3 proxmox hosts running, all virtual machines are NixOS though.
I’d love to go full Nix, but between my GF and I, we kinda split the responsibilities: hardware is hers, applications are mine. And there’s not a chance she’ll give up her Proxmox hosts 😄
Got it automated to a single “provision” command though that will spin up any of my nix VMS unanttended, so I’m happy with that.
Better open a package request (or pull request :D) then 😄
I host it publicly accessible behind a proper firewall and reverse proxy setup.
If you are only ever using Jellyfin from your own, wireguard configured phone, then that’s great; but there’s nothing wrong with hosting Jellyfin publicly.
I think one of these days I need to make a “myth-busting” post about this topic.
Consider this me asking
Fair, maybe remove the question altogether, and have dedicated GOV endpoints for specific attestations?
While that’s true from a technical perspective…
How/where do you keep the certificate? If you either need an app for it, or need to manually install it on your device, most users would probably be out. The benefit of my suggestion is that you need absolutely nothing except a way to authenticate with GOV.
I fjnt get the part about the info service tbh
As long as your browser saves an auth token or something for GOV somewhere, all of that can happen without user interaction.
I think that at the bare minumum, the PORN<->GOV connection must not occur. How about this (simplified):
There’s probably glaring issues with this, this is just from the top of my head to solve the problem of “GOV should know nothing”.
Not sure. How about this (simplified):
There’s probably glaring issues with this, this is just from the top of my head to solve the problem of “GOV should know nothing”.
I mean, yea. But it is also easy to buy them, they’re everywhere and fairly cheap. The Galbani one is also just 1€ or so more expensive.
To be clear, making your own is fantastic, it’s just not anything I’d want to do 2x/week
Mozzarella (talking about the balls of fresh mozzarella you get sealed in with their brine).
Can’t do store brand anymore after having tried Galbani.
I dream of a pure information protocol. Kinda like RSS, but… More.
Essentially: I want “the feed” from universes like The Expanse
On many trackers, you get “paid” for time seeded. Usually in the forms of bonus points or the like. You can then exchange these for improving your ratio (or a freeleech token, or an invite,…).
It’s a system that also rewards keeping media available even if you are not uploading to anyone.
Also, keep in mind that often, a large part of the available content is freeleech (meaning leeching it doesn’t affect your ratio), but seeding those torrents usually still does improve your ratio.
Containers != services.
I don’t think I am better than anyone. I jumped into these comments because docker was pushed as superior, unprompted.
Installing and configuring does not an expert make, agreed; but that’s not what I said.
I would say I’m pretty knowledgeable about the things I host though, seeing as I am a contributor and / or package maintainer for a number of them…
They are using a hosting provider - their dad.
“The cloud” is also just a bunch of machines in a basement. Lots of machines in lots of “basements”, but still.
OK, but I’d rather be the expert.
And I have no troubling spinning up new services, fast. Currently sitting at around ~30 Internet-facing services, 0 docker containers, and reproducing those installs from scratch + restoring backups would be a single command plus waiting 5 minutes.
Btw, nice read OP. Always great to see more Nix “in the wild”.