Fuck this loser. We have enough issues to deal with on a daily basis. We don’t need to subsidize your fear of having wasted ungodly amounts of money and becoming irrelevant.

That’s a YOU problem, fool.

If they require root at start, it’s more than likely they need to access devices or sockets on the host on startup. If it’s then transitioning to another uid/gid for the actual runtime in the container - which looks to be happening - its not quite rootLESS because it obviously requires root.

I’m unfamiliar with the linuxserver images, so don’t understand the need for root here.

1. No, you can’t “remove” your local networking interfaces from a container and expect it to use networking, anymore than you can remove the engine from a car, and expect it to drive. Set the default route of that container to some VPN tunnel interface, and you should be fine.
2. I’m not seeing a link to any config
3. 1000:1000 is usually the default user that is created for you when you setup a Linux system, so yes it’s reasonable for them to run as your user. It is NOT reasonable to run them as root, which is 0:0. Don’t do that.

$24/mo for 6 users and 3TB storage. All the other stuff as well.

Pricing here: https://proton.me/family

Need more details about how you’re running this test.

Proton is $15/mo for 2 users and gets you mail, 2TB drive, VPN, and Pass. Pretty worth it I’d say.

Oh no…anyway

I call BS.

You can get a WiFi or LTE trail cam that essentially to works the same. If you get LTE though, you’ll almost certainly need a VPN setup on your network as well to work around CGNAT issues.

I get that you’re aiming this at a user base of new folks and all, but I’m super confused to see Nix on there.

This is kind of…Nix’s entire identity, no?

One could also make the argument that this supercedes bootstrap tools that each distro has. Kickstart for example.

I would maybe focus on making helper scripts that do specific things for groups of users, like installing all the steam-* packages for Steam installs and not just steam itself since this is pretty opinionated on how you’re choosing to install things re: native package manager vs Flatpak and such.

Wuh oh

3 times.

You always do it 3 times.

Just change the port Headscale is running on.

You also don’t want a reverse proxy out in front of Headscale. It doesn’t serve a purpose, and does nothing but introduce added complexity and performance degradation.

Just make an A record in your DNS that points to ‘vpn.whatever.com’ if you just want to treat it as a named host.

They have Open Source versions of their stack. Just run it yourself at no cost.

Am I missing something?

Also, use any other similar service which all have open source counterparts: Head scale/Tailscale, or ZeroTier.

deleted by creator

I think you’re asking the wrong question here. You should be asking “Is my tech stack doing what I need and working for me?”.

If yes, then just keep doing what you’re doing.

If not, then figure out what’s wrong, and take steps to fix it.

Trying to “compete” - as it sounds like you may be trying to do - IS futile. But what are you competing over? Why would you feel the need to compete with the things you hate? That’s not where your battle is, it sounds like.

Sorry, ma dude. This is 100% incorrect. Been doing this a long time, and have managed massive numbers of desktop sessions for enterprise end users.

Lookup dconf. It’s the tool that manages the underlying configuration engine for Gnome specifically.

Outside of the granularity there, you could also just lock everything to a group and exclude logged in users from that group. That’s a very simplistic way of explaining it, but achieves the exact same thing. You build a base image with only the apps the user needs, set execution to an inclusive group that user belongs to, and everything else to some other groups, and there you go. Dead simple.

Of course that’s not how you’d do it for an org with thousands of users, but you get the point.

Uhhhh yeah there is? You can customize any user profile and centrally control it just as you can on Windows. You can even PXE boot all workstations with new images whenever you want instead of relying on individual machines to issue updates, something that Windows isn’t capable of.

Not sure where you got this idea, but you’re misinformed.

For starters: Rails, PHP, and passthrough routing stacks like message handlers and anything that expects socket handling. It’s just not built for that, OR session management for such things if whatever it’s talking to isn’t doing so.

It seems like you think I’m talking smack about HAProxy, but you don’t understand it’s real origin or strengths and assume it can do anything.

It can’t. Neither can any of the other services I mentioned.

Chill out, kid.

HAProxy is not meant for complex routing or handling of endpoints. It’s a simple service for Load Balancing or proxying alone. All the others have better features otherwise.