solariplex
@solariplex@slrpnk.net
- Comment on Selfhosting Sunday - slrpnk edition 1 week ago:
Cool, I haven’t tried either of those.
I’m the type of person who likes to upgrade my systems via the terminal because I like to know the detailed processes, but I’ve also burned myself numerous times; hence my preference for declarative and immutable/atomic solutions.
It’s (quite) a bit more of a hassle, but I’ve lost trust in GUIs.
k3s is fairly simple (as far as k8s distros go). Helm is good to start with but for the long run I recommend using kubernetes manifests directly (i.e.
kubectl apply -f pvc.yaml, deployment.yaml, etc) rather than helm, because there are quite a few gotchas with helm which can cause trouble. Besides that, it’s good practice to use the–secrets-encryptionflag on the server node(s), and if you’re deploying agent nodes it’s good to use bootstrap tokens (k3s token create) - Comment on Selfhosting Sunday - slrpnk edition 1 week ago:
Working on a split staging/prod hybrid-cloud k3s setup using nixos, tailscale, systemd-nspawn and fluxcd. If someone has advice for running k3s in unprivileged (mounts idmapped) nspawn containers, I’m all👂.
This will run
- (openwisp)[openwisp.org] to make it feasible to provide lots of less tech-savvy people in the local community with secure, simple, privacy-respecting wifi using free software and recycled routers.
- Various libre software I’m helping community, unions and political orgs adopt. Notably Discourse and Peertube.
- Comment on Where to begin? 3 weeks ago:
Jerboa crashed mid-comment so i’ll be brief.
Save yourself pain and increase your happiness by
- using btrfs or zfs (snapshots, checksum and self-healing is great)
- using declarative approach rather than imperative, and keep a copy of configs elsewhere (I accidentally nuked my system multiple times, you should expect to do the same)
- keeping backups. If zfs, github.com/jimsalterjrs/sanoid and syncoid are great discourse.practicalzfs.com/t/…/1611
- have an extra tiny machine running the same system and workloads, where you test potentially risky stuff before doing so on the prod server
- metrics solutions like prometheus and grafana are your friend
- Comment on Microsoft says U.S. law takes precedence over Canadian data sovereignty 3 weeks ago:
Norway has pretty draconic surveillance laws regarding digital cross-border communication, allowing all comms (encrypted or not) to be stored in the servers of the intelligence service for years, with the vague hope of combatting organized crime and terrorism.
If you use post-quantum encryption you should be fine though.
- Comment on Train your replacement on your way out. 1 year ago:
Wooo friend was that a good read!
To others who may be intimidated by the number of pages; regain composure, as only 17 of those pages belong to this specific story
- Comment on Train your replacement on your way out. 1 year ago:
…it’s gone. Was it short enough to recite in a comment?
- Comment on OOOOO - HOT - HOT - HOT - HOT! 1 year ago:
I watched the Sam O’Nella vid just now, and… I’m sorry he had that experience? I guess SM might be more shite abroad?
- Comment on OOOOO - HOT - HOT - HOT - HOT! 1 year ago:
What’s up? In my household (in Norway) we’ve specifically sought out Swiss Miss for the past seven(?) years, because everything else (apart from home-made goodies!) tastes shite.
If I’ve lost out on something, lmk!
- Comment on What did you thought about Castlevania Nocturne? 1 year ago:
Yup yup yup, would not recommend. I still binged it though, which is something I’ve got trouble with when it comes to ZeroCalcare’s latest series; which I love. I guess I’m in a ‘braindead entertainment’ kinda mood these weeks