someacnt

joined 3 months ago
[–] someacnt@sh.itjust.works 1 points 9 hours ago

Yeah, honestly this sounds like some people are doing mean-spirited jokes with the cover of April fools.

[–] someacnt@sh.itjust.works 1 points 1 day ago* (last edited 1 day ago) (1 children)

Is there no tutorial for mapping docker compose into .container, .network, .volume file at all? That's unbelievable, one would expect there surely is one.

[–] someacnt@sh.itjust.works 2 points 3 days ago (1 children)

Thanks, though Shorewall looks intimidating. Do you have any good resources to go over how to set it up?

[–] someacnt@sh.itjust.works 1 points 3 days ago

It seems permanently unavailable, how did you get an instance?

[–] someacnt@sh.itjust.works 1 points 3 days ago

Thanks, I am running rootful containers so I don't think this applies.

24
submitted 4 days ago* (last edited 3 days ago) by someacnt@sh.itjust.works to c/selfhosted@lemmy.world
 

Note: I am using VPS for services, since I do not want to expose my home network to internet. I am using podman, . But firewall (using UFW frontend) seems to block all the routing and inter-container traffic, so I want to Currently I have UFW rules set as blanket open for all podman networks, like this:

Status: active

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       Anywhere                  
222/tcp                    ALLOW       Anywhere                  
80/tcp                     ALLOW       Anywhere                  
Anywhere on podman1        ALLOW       Anywhere                  
443/tcp                    ALLOW       Anywhere                  
8080/tcp                   ALLOW       Anywhere                  
Anywhere on podman0        ALLOW       Anywhere                  
Anywhere on podman2        ALLOW       Anywhere                  
Anywhere on podman3        ALLOW       Anywhere                  
Anywhere on podman4        ALLOW       Anywhere                  
Anywhere on podman5        ALLOW       Anywhere                  
22/tcp (v6)                ALLOW       Anywhere (v6)             
222/tcp (v6)               ALLOW       Anywhere (v6)             
80/tcp (v6)                ALLOW       Anywhere (v6)             
Anywhere (v6) on podman1   ALLOW       Anywhere (v6)             
443/tcp (v6)               ALLOW       Anywhere (v6)             
8080/tcp (v6)              ALLOW       Anywhere (v6)             
Anywhere (v6) on podman0   ALLOW       Anywhere (v6)             
Anywhere (v6) on podman2   ALLOW       Anywhere (v6)             
Anywhere (v6) on podman3   ALLOW       Anywhere (v6)             
Anywhere (v6) on podman4   ALLOW       Anywhere (v6)             
Anywhere (v6) on podman5   ALLOW       Anywhere (v6)             

Anywhere on podman1        ALLOW FWD   Anywhere on ens3          
Anywhere on podman0        ALLOW FWD   Anywhere on ens3          
Anywhere on podman2        ALLOW FWD   Anywhere on ens3          
Anywhere on podman3        ALLOW FWD   Anywhere on ens3          
Anywhere on podman4        ALLOW FWD   Anywhere on ens3          
Anywhere on podman5        ALLOW FWD   Anywhere on ens3          
Anywhere (v6) on podman1   ALLOW FWD   Anywhere (v6) on ens3     
Anywhere (v6) on podman0   ALLOW FWD   Anywhere (v6) on ens3     
Anywhere (v6) on podman2   ALLOW FWD   Anywhere (v6) on ens3     
Anywhere (v6) on podman3   ALLOW FWD   Anywhere (v6) on ens3     
Anywhere (v6) on podman4   ALLOW FWD   Anywhere (v6) on ens3     
Anywhere (v6) on podman5   ALLOW FWD   Anywhere (v6) on ens3 

This neither seems secure, nor extensible when I add another network. Is there some 'best practices' for firewall setup with podman networks? How do you gurus set up your firewall for containers? Thanks in advance!

EDIT: Sorry for missing an important detail, I am running rootful podman with (userns=auto).

[–] someacnt@sh.itjust.works 3 points 4 days ago* (last edited 4 days ago) (3 children)

Thanks a lot, this seems exactly the thing I want!

[–] someacnt@sh.itjust.works 3 points 4 days ago* (last edited 4 days ago) (2 children)

Thanks, but I am worried about relying on small repo like this. EDIT: But it did made me realize Goodnotes support WebDAV, thanks!

[–] someacnt@sh.itjust.works 1 points 4 days ago (1 children)

Thanks, I realized what I really want is database with "redirection" to resource. That is, it is organized as a database, but I can also open the target file in usual file browser.

What is a good GUI application for this purpose? Options in both GUI and TUI would be great!

 

I have separate directories for uni courses, which are grouped in semester directory. I also TA some classes, which is stored in separate folder named 'TA'. That is, it is grouped like this:

University
| - ...
| - 2024.2
| | - Lie algebra
| | - Operator algebra
| - 2025.1
| | - Mathematical Algorithms
| | - Diophantine equations
| - TA
| | - ...
| | - 2024.2
| | - 2025.1

Oftentimes, I focus on the current semester, so I want to view courses on a same semester grouped together. On other times, I want to group TA activities across semesters together to . I may also do the same with grouping similar subjects.

Basically, I want to view directories with different grouping for each use case, as in the title. I hope this makes sense.. Is there any kind of directory structure or application-based solutions for this cases?

EDIT: I want both GUI and TUI solution for browsing files like this, it's great if linux filesystem supports this natively but fine if it doesn't. Database with redirection capability would be even better.

Thanks in advance!

7
submitted 4 days ago* (last edited 4 days ago) by someacnt@sh.itjust.works to c/selfhosted@lemmy.world
 

My uni lab has ~~subsidized~~ provided* an iPad for study, so I am using it primarily for handwritten note-taking.

After a while, I figured I cannot easily transcript all of it into notes on laptop. Especially, the hand-drawn diagrams take way too much effort to translate into TeX diagrams. Since these notes are quite important to me, I want a proper backup solution.

I am using Goodnotes for note-taking. How would I go with backups of the Goodnotes files? Of course I could use iCloud, but I want to avoid it for privacy reasons. Preferably, I want self-hosted backup options. What are the good backup solutions in this case?

Thanks in advance!

EDIT: Why so many downvotes? Is it bad to get an iPad? Basically my uni lab (forcefully) bought me an iPad, should I have rejected it?

[–] someacnt@sh.itjust.works 1 points 5 days ago

Ah, this explains why linux kernel grew to be quite large. Thanks!

[–] someacnt@sh.itjust.works 2 points 5 days ago

Great explanation! Though I prefer to regard monads as semicolon simulators. Monads combine actions separated by semicolons together. The combination can be exceptional, logging, multi-output, or whatever.

[–] someacnt@sh.itjust.works 1 points 1 week ago (1 children)

Same, I wonder how the economics work out.

[–] someacnt@sh.itjust.works 1 points 1 week ago

I got

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
...
tcp       51      0 0.0.0.0:11000           0.0.0.0:*               LISTEN      155359/conmon

It is listening at the right port. But Recv-Q is nonzero, which seems quite strange.

 

I am setting up nextcloud AIO in a podman container on my VPS. After some struggle, I got to the installation page, but domain checking is simply not working out.

After looking up, I decided to check the port from host machine. Strangely, curl localhost:11000 hangs indefinitely. nextcloud-aio-domaincheck container is running, and it mapped port as 0.0.0.0:11000->11000/tcp. The domaincheck server should be reachable, and I don't think firewall would be preventing localhost access.. The single line log from domaincheck container is:

2025-03-20 13:47:43: (../src/server.c.1939) server started (lighttpd/1.4.76)

I am utterly lost here. Does anyone know what would be possible reasons, and how to troubleshoot the issue? Any pointers would be greatly appreciated. Thank you in advance!

EDIT: Just ran sudo podman exec nextcloud-aio-mastercontainer curl nextcloud-aio-domaincheck:11000, it seems to work in the internal network. At a loss how this does not get exposedd to the host..

EDIT2: Solved it, podman is misbehaving when the port is set to 0.0.0.0. Darn it, podman is such a pain..

 

Disclaimer: I am running personal website on cloud, since it feels iffy to expose local IP to internet. Sorry for posting this on selfhosting, I don't know anywhere else to ask.

I am planning to multiplex forgejo, nextcloud and other services on port 80 using caddy. This is not working, and I am having issues diagnosing which side is preventing access. One thing I know: it's not DNS, since dig <my domain> works well. I would like some pointers for what to do in this circumstances. Thanks in advance!

What I have looked into:

  • curling localhost from the server works well, caddy returns a simple result.
  • curl <my domain> times out, currently trying to inspect packets - it seems like server receives TCP without HTTP.
  • curl <my domain>:3000 displays forgejo page, as forgejo exposes at 3000 in its container, which podman routes to host 3000.

EDIT: my Caddyfile is as follows.

:80 {
    respond "Hello World!"
}

http://<my domain> {
    respond "This should respond"
}

http://<my domain 2> {
    reverse_proxy localhost:3000
}

EDIT2: I just tested with netcat webserver, it responds fine. This narrows it down to caddy itself!

EDIT3: (Partially) solved, it was firewall routing issue. I should have checked ufw logs. Turns out, podman needs to be allowed to route stuffs. Now to figure out how to reverse-proxy properly.

EDIT4: Solved, created my own internal network between containers, besides the usual one connecting to the internet. Set up reverse-proxy to correctly connect to the container. My only concern left is if I made firewall way permissive in the process. Current settings:

Status: active

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       Anywhere                  
3000/tcp                   ALLOW       Anywhere                  
222/tcp                    ALLOW       Anywhere                  
8080/tcp                   ALLOW       Anywhere                  
80/tcp                     ALLOW       Anywhere                  
8443/tcp                   ALLOW       Anywhere                  
Anywhere on podman1        ALLOW       Anywhere                  
22/tcp (v6)                ALLOW       Anywhere (v6)             
3000/tcp (v6)              ALLOW       Anywhere (v6)             
222/tcp (v6)               ALLOW       Anywhere (v6)             
8080/tcp (v6)              ALLOW       Anywhere (v6)             
80/tcp (v6)                ALLOW       Anywhere (v6)             
8443/tcp (v6)              ALLOW       Anywhere (v6)             
Anywhere (v6) on podman1   ALLOW       Anywhere (v6)             

Anywhere on podman1        ALLOW FWD   Anywhere on ens3          
Anywhere on podman0        ALLOW FWD   Anywhere on ens3          
Anywhere (v6) on podman1   ALLOW FWD   Anywhere (v6) on ens3     
Anywhere (v6) on podman0   ALLOW FWD   Anywhere (v6) on ens3

podman0 is the default podman network, and podman1 is the internal network.

52
submitted 2 weeks ago* (last edited 2 weeks ago) by someacnt@sh.itjust.works to c/selfhosted@lemmy.world
 

From what I have seen, rootless podman seems to take more effort (even if marginal) than rootful one. I want to make a more informed decision for the containers, so I would like to ask.

  1. What is a rootless podman good for? How much does it help in terms of security, and does it have other benefits?
  2. One of the benefits commonly mentioned is for when container is breached. Then, running container on sudo-capable user would give no security benefits. Does it mean I should run podman services on a non-privileged user?

Thank you!

 

Recently saw a post regarding pi-hole, and I am considering to try it out. I am wondering if it would fit my usecase, so I want to ask about specifically what it solves.

I heard pi-hole blocks ads at DNS resolution level, so it does not block e.g. youtube ads. For me and my family who mostly watch youtube with handful of blog surfing, what value would it bring? Most blogs do not seem to contain much ads, so I am not sure ad-blocking helps much there.

Given the praise pi-hole is getting, I guess there are more to it than limited blocking of ads. I would love to learn more about this topic, as I am blind on the networking stuff. Thanks in advance!

 

I am new to podman, so please forgive me that I might be asking about the basics.

Today, I decided to migrate forgejo into a container, to harden my "server". For this, I backed up forgejo using forgejo dump, which gave me a ZIP file. Now I am lost on putting it into the podman container..

Basically, I want to know:

  1. How do I access files inside podman container, especially one created through quadlet? Does the quadlet part make a difference?
  2. How can I restore forgejo backup created by forgejo dump? Despite this being seemingly common task, there seems to be no documentation about how to restore the backup.

I have been struggling a lot with setting it up. Until moments ago, I had great difficulty debugging networking issue from firewall, which was quite exhausting. So I would like to ask help first for this problem. If anyone could give some pointers or help, it would be greatly appreciated!

 

Hello all! I began working today, where the work is closely related to programming. Despite this, the work computer is set up as Windows (eww). I want to look for work-arounds, as installing linux on a work machine is a no-go.

I wonder, what is the way to minimize pain from having to use windows? Either that, or a way to maximize work done on linux-like stuffs. A linux server is given for us, and I think I can install WSL. Any recommendations on this setup?

Especially, I miss the virtual desktop feature, is there any way to use it? Is there a way I can run compositor through WSL? Also, should I install Pop! OS for the feature, or is it available on e.g. Ubuntu (default WSL)?

Sorry to ask a non-exclusively-linux question, but I think, hopefully, many linux people have experience to give me pointers what to do with a windows work environment.

EDIT: The Windows is Windows 10. EDIT: It seems like using WSL is servicable, while being janky at times. Gotta see how it goes.

 

I have this distrobox container which is running arch. Time to time, when I update the container, I often confront a pacman error due to some GPG credentials related issues, and the update just halts.

Indeed, there is a solution involving updating GPG keys, which does work. However, having to look it up every time I have the issue is not ideal. I want to fix this one once-and-for-all.

Do you guys happen to know the core reason of this behavior? Is this happening due to incorrect setup, or is it a characteristics of Arch? How can I fix this issue (semi-)permanently? Thanks in advance!

 

Basically, I want to synchronously share files betweem iPad and linux PC, mostly just the PDFs (compiled from latex). I don't want to send files back and forth every time, I want changes on one side to be reflected on the other. I do not need write access from both, it is enough for me to be able to e.g. view from iPad an article written in PC.

Should I just and rely on iCloud? I feel like that's not ideal from privacy standpoint. Is there better alternatives?

Mayybe it would be great if I could somehow use git for this purpose. Is this possible?

 

Hello, Today I tried to run talos principle 2, but it keeps freezing and eventually crashes during the starting loading screen.

This is one of the few times linux gaming has failed on me recently, so I am quite frustrated. ProtonDB gives it a fairly good rating, so I wonder if some part of my setup is wrong or something.

For distro, I am running Pop OS, and installed it in non-home partition. Could that cause issues?

Any help would be greatly appreciated!

EDIT: Strange behavior is observed. Once I skip the starting loading sequence (the one with e.g. unreal logo), it works flawlessly. I wonder what is happening while they show me corp logos.

view more: next ›