Kind of a vague question, but I take it you mean OS-level hardening, which should be fine with CIS hardening.

In a virtualized environment, there are many security layers to take care of: network access, storage, api control, identity access, cluster config, backups, etc.

*potatoes, Mr. Quayle.

And to think people hailed Facebook and other online services so much in the Arab Spring of 2010 that someone in Egypt named their kid Facebook.

“Power corrupts” seems to be universal with humans.

Don’t be flippant.

This is like going to a car enthusiast forum and asking “any potential problems with driving a car that may or may not be stolen?”

You have indicated that you’re aware of the potential repercussions of running a personal project in a publicly-funded environment.You’ve already been told that this is unethical everywhere and illegal in many places.

I would tend to agree with the process part of accelerationism, but I don’t think there is a goal.

The “crazy like a fox” theory is contradicted by several pretty dumb tells that suggest the administration is headed and staffed by actual idiots.

I love the two professors going back and forth adjusting the Chandelier-mo-stat.

If you are so sure of your indemnity because it’s “your device”, why are you asking on Lemmy?

Docker isn’t required for automatic ripping machine. Theres a bare metal install.

It can manage KVM, so I don’t see why not .

Side question, but where are you hearing this about incus?

I’m wrapping up 9 years of using proxmox and I have very specific reasons for switching to incus, but I this is the third time I’m fielding questions in the last month about incus.

I think so.

It is LXD + KVM, so way more and finer tune control on lxc instances. It can run OCI images as well, so for docker instances with only a few configs and no persistent storage, it is actually quite handy. For docker instances that need pretty complicated compose files, I just run docker inside an lxc for now, until I figure that out.

Bash variable manipulation is really, really fun.

More incus:

• mounting persistent storage into containers (cheating by exporting NFS from my proxmox zfs into the incus host.
• wrote a pruning backup script for containers, runs daily, keeps last 7 days and the first of the month
• passed through hardware (quicksync) into jellyfin container (it works!)
• launched an OCI container (docker home assistant) natively in incus (this is a game-changer!)

Next:

• build 2nd incus node
• move all containers from proxmox to incus
• decom proxmox
• setup Debian with NFS export

I was just joking around, I hope you didn’t take it too personally. I’ve been hearing a lot of KDE enthusiasm lately.

And xfce is great, but it has its pitfalls.

I also get excited about projects, I’m no different.

I use eleventy. Similar to other static site generators.

I have a surface pro 6 and I love it.

You should, however, mention that the cameras do not work (yet), which makes this a no-go as a full laptop replacement.

Good stuff!

I just vi the systemd/system/fancyname.service files father than use systemd edit, but I think the result is the same.

There are two configs you can add to the [service] directive:

user=someuser

This should allow you to run the service under the credentials of your choosing.

Remember to systemctl daemon-reload after making changes to unit files.

That is not normal. I have much the same setup, sabnzbd, Plex, jellyfin, sonar, radar. They all run under a particular user and their /opt and /var/lib folders don’t ‘revert’ to their old ownership and permissions.

Either something is watching those folders and setting permissions, or some kind of immutability is in play, but permissions normally don’t revert like that.