Ah, fair.

3x minisforums MS-01

A NAS as bare metal makes sense.
It can then correctly interact with the raw disks.

You could pass an entire HBA card through to a VM, but I feel like it should be horses for courses.
Let a storage device be a storage device, and let a hypervisor be a hypervisor.

especially once a service does fail or needs any amount of customization.

A failed service gets killed and restarted. It should then work correctly.
If it fails to recover after being killed, then it’s not a service that’s fully ready for containerisation.
So, either build your recovery process to account for this… or fix it so it can recover.
It’s often why databases are run separately from the service. Databases can recover from this, and the services are stateless - doesn’t matter how many you run or restart.

As for customisation, if it isn’t exposed via env vars then it can’t be altered.
If you need something beyond the env vars, then you use that container as a starting point and make your customisation a part of your container build processes via a dockerfile (or equivalent)

It’s a bit like saying “chisels are great. But as soon as you need to cut a fillet steak, you need to sharpen a side of the chisel instead of the tip of the chisel”.
It’s using a chisel incorrectly.

I would always run proxmox to set up docker VMs.

I found Talos Linux, which is a dedicated distro for kubernetes. Which aligned with my desire to learn k8s.
It was great. I ran it as bare-metal on a 3 node cluster. I learned a lot, I got my project complete, everything went fine.
I will use Talos Linux again.
However next time, I’m running proxmox with 2 VMs per node - 3 talos control VMs and 3 talos worker VMs.
I imagine running 6 servers with Talos is the way to go. Running them hyperconverged was a massive pain. Separating control plane and data/worker plane (or whatever it is) makes sense - it’s the way k8s is designed.
It wasn’t the hardware that had issues, but various workloads. And being able to restart or wipe a control node or a worker node would’ve made things so much easier.

Also, why wouldn’t I run proxmox?
Overhead is minimal, get nice overview, get a nice UI, and I get snapshots and backups

I’ve never installed a package on proxmox.
I’ve BARELY interacted with CLI on proxmox (I have a script that creates a nice Debian VM template, and occasionally having to really kill a VM).

What would you install on proxmox?!

Edit: never mind

What about liquid particles in the flatulence phase-changing and lowering the temperature? (Like how an evaporative swamp cooler works)

I’d still run k8s inside a proxmox VM. Even if it’s basically all resources dedicated to the VM, proxmox gives you a huge amount of oversight and additional tooling.
Proxmox doesn’t have to do much (or even anything), beyond provide a virtual machine.

I’ve ran Talos OS (dedicated k8s distro) bare metal. It was fine, but I wish I had a hypervisor. I was lucky that my project could be wiped and rebuilt with ease. Having a hypervisor would mean I could’ve just rolled back to a snapshot, and separated worker/master nodes without running additional servers.
This was sorely missed when I was both learning the deployment of k8s, and k8s itself.
For the next project that is similar, I’ll run talos inside proxmox VMs.

As far as “how does cloudflare work in k8s”… However you want?
You could manually deploy the example manifests provided by cloudflare.
Or perhaps there are some helm charts that can make it all a bit easier?

Or you could install an operator, which will look for Custom Resource Definitions or specific metadata on standard resources, then deploy and configure the suitable additional resources in order to make it work.
https://github.com/adyanth/cloudflare-operator seems popular?

I’d look to reduce the amount of yaml you have to write/configure by hand. Which is why I like operators

In his Truth Social website President Donald Trump described the Smithsonian as “OUT OF CONTROL” and said museums across the United States are “WOKE.”

Convicted felon says museums are woke and out of control.

In a statement sent to Newsweek the Smithsonian said: "The Smithsonian’s work is grounded in a deep commitment to scholarly excellence, rigorous research, and the accurate, factual presentation of history.

The world’s largest museum, education and research complex says they are grounded in accurate presentation of history.

It’s pretty clear that the US government is targeting the Smithsonian and other historical archives to rewrite history.

Considering the other articles linked which talk about the removal of trump’s impeachments and other pressures on historical facts and accuracy, I’d be worried about the following quote:

"It’s not about whitewashing it’s about full context, so while slavery is obviously a horrible aspect of our nation’s history you can’t really talk about slavery honestly unless you also talk about hope and progress and I think we need to be focusing on the progress that we’ve made then and we need to stop focusing so much on the lack of progress.

So, yeh the Nazis killed a bunch of people. But they also developed the Volkswagen, Porsche and Hugo Boss. And we have all come to appreciate fancy cars and fly shirts. So, let’s not focus on what the Nazis did, but instead let’s concentrate on the hope that cars bring!

And even if you argue that “things are better now”. Sure, somewhat. But, imo, it’s not really something to celebrate. Black people can vote, but shitty racist people in power still suppress the fuck out of them.

Germany recognises it’s history. It teaches it in school, it’s made memorials & museums of historically abhorrent places, and it’s outlawed everything related.

US still celebrates Thanksgiving.
https://www.forbes.com/sites/maiahoskin/2022/11/24/the-real-history-behind-thanksgiving/

So yeh, here is the directive:
https://www.whitehouse.gov/fact-sheets/2025/03/fact-sheet-president-donald-j-trump-restores-truth-and-sanity-to-american-history/

to work to eliminate improper, divisive, or anti-American ideology from the Smithsonian and its museums, education and research centers, and the National Zoo.

So, eliminate some history.
But - depending on how carefully that scalpel is wielded - it could cut away the bad parts and leave the “good” parts. Cherry picking, if you will.
Leaves a generally positive vibe of slavery.
Divisive and anti-american to whip/hang/rape slaves. So, leave that part out.
But provide the American dream for a slave by impregnating them and giving them a less crowded room and easier slave labour, or elevating them to a house position, or whatever… THATS the American dream!
Slaves that behaved were treated well.
But, just leave out the thousands of slaves that were beaten for sensless reasons because they were considered barbaric and sub-human.
Just… Ignore the fact that they were kidnapped from their home, transported for weeks in horrendous conditions, then auctioned off to rich white men.

He will get his caddy to drop a ball into the hole, and call it a hole-in-one

If a God were to appear and demonstrate all kinds of supernatural activity and capability, I think I’d have to renounce my atheism.

I would also renounce my atheism and become fully anti-theism.
The god is clearly not benevolent, not kind, not caring. The god can go fuck themselves.

Trumps track record over the past decades cannot be forgiven

Why do we even have that lever?

Not if you use wildcard dns records.

Servers: one. No need to make the log a distributed system, CT itself is a distributed system.

The uptime target is 99%3 over three months, which allows for nearly 22h of downtime. That’s more than three motherboard failures per month.

CPU and memory: whatever, as long as it’s ECC memory. Four cores and 2 GB will do.

Bandwidth: 2 – 3 Gbps outbound.
Storage:
3 – 5 TB of usable redundant filesystem space on SSD or.
3 – 5 TB of S3-compatible object storage, and 200 GB of cache on SSD.
People: at least two. The Google policy requires two contacts, and generally who wants to carry a pager alone.

Seems beyond you typical homelab self hoster, except for the countries that have 5gbps symmetric home broadband.
If anyone can sneak 2-3gbps outbound pass their employer, I imagine the rest is trivial.
Altho… “At least 2 [people]” isn’t the typical self hosting

Edit:
Tried to fix the copy/paste.

Also will add:

https://crt.sh/
Has a list of all certificates issued.
If you are using LE for every subdomain of your homelab (including internal), maybe think about a wildcard cert?
One of those “obscurity isn’t security”, but why advertise your endpoints? Also increases privacy (IE not advertising porn(dot)example(dot)com)

If I was responsible for the safety and wellbeing of a flying tube with 200 people in it, I would absolutely be pissed about not being able to get a proper rest.

You really think they know regex?
They probably got grok to generate it and didn’t understand what it does

Granted. 100k. Or 900k. Both are lethal, tbh

Yeh it is.
Proving that a scientific theory is wrong means we don’t understand enough about the thing. And we know we need to look at other theories about the thing.
Proving things wrong as well as failed hypothesis is as important (even if it is disappointing) as proving things correct and successful hypothesis. It rules the theory out, and guides further scientific study.
With published papers, other scientists can hopefully see what the publishing scientists missed.
Scientists can also repeat experiments of successful papers to confirm the papers conclusion, and perhaps even make further observations that can support further studies.

He is. But the people around him and controlling/handling him aren’t idiots.
It’s either in project 2025, or some other republican playbook. Scattershot out a bunch of crazy news to swamp the news cycle and overwhelm everyone, then get to work doing the dirty stuff