constantokra

constantokra , 4 days ago

But it's the one you deserve.

constantokra , 11 days ago

Second this. Landlords don't want their stuff screwed up by inexperienced tenants' diy projects, and they don't want to pay for something they think it's unnecessary. I'd get an estimate for a pro to do it (could be a guy off Craigslist or whatever, just someone who does this for a living) and then just ask the landlord if they'd be alright with you paying to get it done. They'll probably want to know exactly what they're going to do, and they'll likely say yes, especially since you say they already have coax running through the house.

constantokra , 11 days ago

Landlords are familiar with utility install people and how unpredictable they can be. Even if they get mad, this will put the blame squarely on someone else so it's probably a good option for you. "I dunno why he put it there. You know how utility guys are. It's the only place he'd put my hookup."

constantokra , 10 days ago

There's no forgetting where I have something hosted. If I ssh to service.domain.tld I'm on the right server. My services are all in docker compose. All in a ~/docker/service folder, that contains all the volumes for the service. If there's anything that needed doing, like setting up a docker network or adding a user in the cli, I have a readme file in the service's root directory. If I need to remember literally anything about the server or service, there's an appropriately named text file in the directory I would be in when I need to remember it.

If you just want a diagram or something, there are plenty of services online that will generate one in ASCII for you so you can make yourself a nice "network topology" readme to drop in your servers' home directory.

constantokra , 10 days ago

Yeah, and I assume future me will be even dumber than present day me, so I try to make it really easy for him to find out what he needs to know.

Another good tip is to put timestamps and increase the length of your bash history. That way when I log in half a year from now I'll know what I was up to.

constantokra , 10 days ago

They heard you liked birds, so they put birds on your birds so you can birdwatch while you birdwatch.

constantokra , 10 days ago

I'll have you know my neck beard is thoroughly covered by the rest of my beard.

constantokra , 10 days ago

All of your issues can be solved by a backup. My host went out of business. I set up a new server, pulled my backups, and was up and running in less than an hour.

I'd recommend docker compose. Each service gets its own folder inside your docker folder. All volumes are a folder in the services folder. Each night, run a script that stops all of them, starts duplicati, backs up to a remote server or webdav share or whatever, and then starts them back up again. If you want to be extra safe, back up to two locations. It's not that complicated if it's just your own services.

constantokra , 12 days ago

Unless you need specific functionality that silver bullet doesn't provide, i'd start there. It's very similar to logseq, but doesn't have a bunch of questionable design choices based around a paid sync monetization scheme. Silverbullet is self hosted and has a web app. Logseq is a webapp, packaged for Android and desktop, but only allowed file access for your data so you can't self host sync... Because they charge for that. It's a mess.

constantokra , 12 days ago

I do too. My point is there's already a web app you can self host, but you can't store your data on your server. The web app uses the local file access framework, which is just dumb. There's no reason for this except to be able to monetize sync, and that's also dumb because as you said, sync thing works fine. But they're making a bad choice to explicitly remove functionality, and that doesn't make me feel confident about the future of the project.

constantokra , 11 days ago

I don't disagree. My problem is not with their choice of monetizing sync. My problem is with their choice to package a web app for Android and desktop, provide that same web app for self hosting, but not allow you to store the data in the web app. In the discussions on GitHub they claim it's just something they can't tackle right now, or whatever. No. It's functionality that was specifically stripped because that's how every other self hosted web app works and the local storage framework they use is obviously bolted on and not well supported by browsers. In other words, they're manufacturing problems to sell you a solution.
And again, that's their decision to make. It just doesn't seem like they make good decisions, and we're talking about an app you put a lot of work and data into.

constantokra , 23 days ago

Wireguard with systemd is even better. You set it up and then literally never touch it again.

constantokra , 27 days ago

In fairness, I've had several machines running versions of windows server with lots of uptime and zero stability issues. But the last time I ran a windows server is was advanced server 2003 so....

constantokra , 1 month ago

Nah, he's just rethinking his promise and hoping we forget about it.

constantokra , 1 month ago

11x17 is incredibly common too. Usually it is oriented landscape and z folded to get a large diagram into a document. It's kind of irritating that the most typical large format size is 24x36, which is a different aspect ratio than 11x17, for a variety of reasons. If you're designing something you need to know what aspect ratio to design for. Most copiers can do 11x17, and if the standard large format size was 22x34 it would be exceedingly easy for most offices to produce good working copies of large documents. Best compromise I've seen is when people put a logo or header on the side that can be omitted when you switch aspect ratios.

constantokra , 1 month ago

If you're already running a million docker containers then just get a vps somewhere to host your blog. Cheapest reliable one I found last I looked was vultr. I think mine is $15 a year.

constantokra , 1 month ago

There are also plenty of medical reasons for even sexually inactive women to take hormonal birth control. This isn't only about pregnancy, which as you say can have all sorts of physical consequences.

constantokra , 1 month ago

The real life hack is writing it all over your face.

constantokra , 1 month ago

Yeah, voipms is great and there's a sms app for Android available on fdroid. It really is so cheap you won't need to pause it, and works fine with linphone or whatever sip app you want to use.

constantokra , 1 month ago

If you're worried about ai fingerprinting your writing style, maybe have an ai rewrite your posts?

If you're that worried about it you probably shouldn't be posting at all. I noticed reading through reddit and Lemmy that other autistic people write similarly. When I looked into it there's been research done on it, and apparently it's a pretty good predictor or autism. It's not just a matter of identifying you, ai will likely be able to apply various diagnoses.

constantokra , 1 month ago

Unfortunately, I've run into plenty of sites that won't accept subdomain email addresses.

constantokra , 3 months ago

Looks like someone tried to use panorama mode with a camera from the mid 00s.

I know better, but I feel like if I grabbed that fork to use it, my arm might stretch out like that too, and i'd basically become a collection of wet floppy noodles instead of arms and legs.

constantokra , 3 months ago

Just FYI, koofr has a lifetime deal with 1tb costing $120. At about $4 a month for storj, you're looking at a cost savings in just under 3 years. So if you intend to keep the storage, and assume koofr will still be there in 3 years, that's another good way to go.

constantokra , 3 months ago

If it's not true there's no way the story's better. It's also pretty low stakes to be wrong about. I'm going to join you.

constantokra , 4 months ago

Is there a way to embed portions of one page into another page, such that if you edit it on either the change shows up on both, like in logseq?

The documentation is actually pretty good, but i've not been able to find that feature, if it exists. That's probably the last thing keeping me on logseq.

constantokra , 4 months ago

I'm getting a bit concerned with logseq. It's just kind of backwards to have a web app packaged as a desktop/android app that can be hosted on a server, but you can't store your files there. I get that they want to monetize sync, but they're kind of bending over backwards here to not have what's inherently a pretty reasonable feature in a web based app, and it makes me concerned about what they're going to do with the project in the future.

constantokra , 4 months ago

Wow, I asked the right person. Thanks for the info!

constantokra , 4 months ago

I should probably figure out discord one of these days. Thanks for letting me know that's where to go for this project.

constantokra , 4 months ago

Everyone else is telling you to stay local, which is great advice, as far as it goes. But you said you want to host your website publicly available, so i'd recommend getting a cheap vps and starting there. It's not on your network, so if you screw up with security, worst case is you start again from scratch. I'd recommend the cheapest virmach VM you can get, with Debian or Ubuntu, if you like snaps.

First things first, set up ssh with key based logins, with a passphrase on a non standard port (doesn't provide security, but it will keep your logs from getting innundated immediately). Install UFW, and block all incoming traffic, allow all outgoing traffic, and limit traffic to your ssh port. Install docker and add your user to the docker group. Start learning how to use docker, compose, and as your first container, set up duplicati to back up your docker directory (including all your volumes, which I would store as folders inside your docker directory) somewhere else. I'd set it up to run every evening after you go to bed, and i'd also set a cron script to bring down all your containers before you back up, then bring them back up. Just in case.

constantokra , 4 months ago

I've previously had a problem with my server becoming unresponsive when running immich. It's been a while, but I remember there being some kind of memory leak having to do with immich. It was in their GitHub issues and everything. On my system it would take about a day and a half and then ssh, along with everything else, would become unresponsive. Rebooting would fix it for a day and a half. I stopped running immich and it hasn't happened since. I suppose you could try using a cron job to restart immich periodically and see if that resolves your problem.

constantokra , 4 months ago

Is there a specific benefit to that over something like a security key with a keypad, or even just a passphrase?

constantokra , 4 months ago

FYI, if you run vaultwarden using docker compose with your data volume as a folder, all you have to do is bring it down for like 1minute, make a backup of the folders, and bring it back up. I use a cron script to do this nightly. When my vps host went out of business, I restored my docker folder to a new vps and was up and running again in a couple minutes. Also, you could easily restore it to a virtual machine, if you like. Docker with compose is extremely portable.

constantokra , 4 months ago

I've read that best practice is to do a database dump, in addition to backing up all the data files. It's my understanding that there's a slight chance of corrupting something in the database if you don't stop the service first, since something could be changed while you're doing your backup.

The easiest solution for me, as well as for being able to just restore my files and start the service again somewhere else, is to stop, backup, and restart. It's down for less than 5 minutes while i'm asleep. If I expected better uptime than that I wouldn't be trying to self host.

constantokra , 4 months ago

Try pop. It's basically Ubuntu without canonical's nonsense.

constantokra , 4 months ago

Download a wireguard client file and run it as a systemd service. It'll come up on boot and you won't ever have to think about it. The only reason to bother with the GUI is if you want to have graphical control of what server you connect to. Their wireguard config generator on their website gives you the ability to set a geographic area for your wireguard client file, so it's not like you have to select only one server if you go that route either.

constantokra , 4 months ago

Sorry, I've not used a redhat based distro in at least 20 years, so you're going to have to get that info from someone else. I'd assume that's the one though, and I doubt you need to go looking for something better. It is what it is.

constantokra , 4 months ago

Can you explain why you use onion repos? I've never heard of that, and I've heard of kind of a lot of things.

constantokra , 4 months ago

Now that's the kind of paranoid I was hoping to see in here. High five, pal.

constantokra , 4 months ago

That's pretty neat. I might start doing that, just for kicks.

constantokra , 4 months ago

If you have the option to host physical hardware from your friend's house, I'd go that route for the whole thing. Set it up so they can access your media server locally, maybe even immich, and VPN in for everything yourself, that way you don't have to expose ports, except the wireguard port. Don't acquire new content from their network unless you do it behind a good VPN with a killswitch and they know and are OK with what you're doing.

I would personally rather have my documents, photos and media collection on a computer a friend has physical custody of than in the cloud, but that's on you and your friend. I prefer to host vaultwarden and a notification server, in my case, gotify, on the cheapest vps I could find, which was about 12 bucks a year last I checked.

I'd also set up a tor hidden service for ssh, just so you have another way in, in case something comes up. Or you could get a cheap cellular modem and a yearly Sim card. In the US, red pocket is a good choice, with a limited option available for less than 50 bucks a year. You never know when their ISP is going to do something weird, and you'll be able to figure it out a lot easier if you have a reliable way into your server.

You should probably think about backups too. You can obviously do a backup before you go, but you're going to want to back up at least your new photos while you're gone. I'd suggest looking at koofr lifetime storage plans, as they're pretty cheap for the size.

constantokra , 5 months ago

Encrypt the boot drive, and use dropbear ssh in initramfs to be able to unlock it over ssh during boot. Then set up your data drives however you want, and use a key file on your boot drive to unlock them, once you've unlocked it. All drives are encrypted when your machine is off, and you only need one password you can enter remotely to unlock the whole thing.

Here's a good resource on how to do the initramfs part https://www.arminpech.de/2019/12/23/debian-unlock-luks-root-partition-remotely-by-ssh-using-dropbear/

Also, when you update the kernel you have to rebuild the initramfs with sudo update-initramfs -k all -u, or it won't be able to boot to the new kernel.

I've found it to be a super reliable setup.

constantokra , 5 months ago

I was a bit surprised at it as well, but it doesn't for me running Debian headless. If I reboot after a kernel update it'll try to boot into the new kernel and fail waiting for the initramfs, but it'll boot just fine into the previous kernel. Once I update the initramfs it works fine.

If you know what resources you used to set it up, I'd be curious to take a look and see if I missed something.

constantokra , 4 months ago

That's basically the same as my writeup from when I did it. Except I also had a -k all on update-initramfs. Not sure about the switches, so I'll look into them. Thanks.

constantokra , 5 months ago

I'm not sure how it will work, but if you're worried, just move the download folder before you remove it from within the application. Better yet, if you have the space, just copy the folder somewhere else.

Hopefully someone else has a better answer for you.

This is one of the reasons docker is so great. If you were running the application in docker, you would have mounted that folder as a volume, so if you wanted to move it you'd just stop the container, move the folder, edit your compose file to point to the new location, restart, and from the application's point of view nothing will have changed.

constantokra , 5 months ago

Switching to porkbun would make things a lot easier for you. DNS challenge is why I switched from Namecheap, and it's less expensive and considerably easier to administrate.

constantokra , 5 months ago

People are shitting on them because the price point for arm sbcs has risen, while the price point for small x86 computers has come down. Also, x86 availability is high and arm sbc availability has become unreliable. They also aren't generally supported nearly as well. If you don't need more power and you already have them on hand there's no reason not to use them.

constantokra , 5 months ago

You'd be looking at used mini PCs. I've heard really good things about lenovo. It's not necessarily exactly comparable in price, but the reason people are souring on arm SBCs, and especially PiS, is that it's only a little more for a more powerful lenovo, and there are never any supply issues.

constantokra , 5 months ago

A, great. Overly complicated.
B, wireguard lets you set your allowed IPS to your networks's subnet so you only tunnel that traffic.
C, that's ideal. Use nginx proxy manager. It's super simple. Buy a domain and you can use letsencrypt for SSL so you don't get http nag messages from your browser. Old suggest something with cheap renewals like '.rodeo' or '.top'.
D, there are many right ways. Personally, i'd set up your services in a docker compose file, all behind gluetun as a VPN for your torrent service. I'd set up a wireguard VPN on a pi zero elsewhere on your network so you can access everything from outside, and on your wireguard clients i'd only tunnel the traffic to your network's subnet. Unless you want everything behind the same VPN you use for torrenting. In that case i'd run a wireguard service in the same docker network as gluetun, so you can tunnel all your client traffic through that. You could even out a dns server in there as well, and manually set a domain name to your server's ip so you don't have to buy a domain name. Course, then you can't use letsenceypt SSL.