I guess I will try with a k3s on my workstation, but for a single NAS, I am not sure any kubernetes distribution is useful for now :)

What kind of annoying things are you dealing with?

Troubleshooting with a machinectl session, switching between services, backing up… It is small annoyances but if I can avoid them i’d like it.

You don’t have to put the user home in /var/lib either if that helps at all.

I half regret doing it.

If you’re already running rootless, I’d keep doing that unless there’s a really good reason not to.

The plan is about switching to a single user, I will stick to rootless podman this is for sure. It is more about dedicated users or a single one.

I guess I should define my threat model first. Your answer pulls me towards a single user though

I am already running rootless podman. My question is more about dedicated service users vs single user to run everything, still in rootless podman. I like podman and its integration with systemd to manage the life cycle of the container compared to docker.

I should have put it inside the post text but I used a wrong value inside a test

shutil.remove_tree(BASE_DIR) instead of shutil.remove_tree(TEMP_DIR) inside of tear down code

To push daily and to not write test :P

also removed .git

I don’t think so. Our gendarmerie is running a Linux distro since 10ish years, but the National Police is planning to change all the computers for windows 11. They are doing almost the same thing but there is a painful difference in Microsoft’s ass licking

Saddly, Macron is fucking everyone and helping far right to grow. Also, look for nestlé and Élysée. They are fucking corrupt too

One more proof that everyone should rely on US techs as less as possible (we are still dependant on hardware, but it is coming (ARM, RISCV). For a fucking mail server it is doable, and such organization should have their own infrastructure.

Company’s gitlab to have notifications pipeline (that I usually monitor when I push)

I guess sending tar bombs can be fun

Android keyboard, set up in french and I care less about random comments on Lemmy than in my configs. Also, this kind of typo would results in error, not unsafety

That’s why I am not rellying on them for my slefhosting needs

I really need to make my write-up about my nextcloud install. It feature :

• nextcloud fpm
• postgresql
• nginx
• redis
• elastic search for full text search (still needs a bit of work¹)
• notify_push
• collabora (still needs a bit of work ¹)

All of it running in rootless podman pod with a dedicated user for the stack. It is all with podman units, and a systemd timer for nextcloud’s cronjobs.

¹ means that there is trouble with usermapping. Instead of having my user properly mapped inside the container to run the apps, they use a dedicated one and I dont know hot to correct it and I have been a bit lazy to change it.

I totally disagree with the quote from hackernews. Having the option to use sqlite is nice to test it, but going with postgresql or mariadb allows you to have better performance if you use rdbms. Also, packaging with containers allows to have one standardized image for support if some third party packaging (from a distro repo) is bugging to test it further. To me, a good gui really depends on what service is provided. For kanidm (IAM), I don’t care this much of a web admin panel, the cli is really intuitive and if you need some graph views of your users, you can generate some diagram files. Considering OIDC/LDAP, I’d rather have OIDC implemented for two reasons : I can point my users to the (really minimalist) kanidm ui where they have a button for each app allowed. Also, the login informations are only stored in kanidm, no spreading of login password.

I saw a comment about not needing to rely on many third services but I partly disagree with it. Using nextcloud as a mixed example, using elastic search for full text search is better than reimplementing it, but the notify_push should not be as separated as it is (it is here because I understood, apache-php and websockets does not mix well).

All in all, the main criterias for me are :

• SSO with OIDC, but ldap is good enough
• Good documentation
• easy deployment to test, prod deployment can be more advanced
• Not reimplement the weel eg if you need full text search, meilisearch or elastic can do it better than you will, so don’t try to much (a simple grep for a test instance is enough)
• If you need to store files, having remote stores is nice to have (webdav or s3)

Technitium is really nice too

For now my NAS it not really running anything (I want to have proper DNS/IDM before starting any other service and for storage I think I may go with owncloud ocis or nextcloud)

I am still using my ISP’s router, so the firewall rule is on the NAS (for now it is almost a do it all server), otherwise I would run the pihole on the router I think