o/1MS\o ⌨️🐧 | #WeAreNatenom

o/1MS\o ⌨️🐧 | #WeAreNatenom@norden.social · 10 minutes ago

@bordam Personally I would suggest, take so much Ram as you have money available.
If you have services relying on databases like Nextcloud (Valkey / Redis, MariaDB / PostgreSQL) more RAM could be helpful.
My current not finished setup with podman containers already takes 2 GB Ram.
Also prices for Ram and SSDs are predicted to rise or are already rising, so if you buy now, I would suggest to buy maximal large hardware parts.

o/1MS\o ⌨️🐧 | #WeAreNatenom@norden.social · 28 days ago

I don’t know the exact agreement with your friends, but to avoid security issues I personally would use following way:
- deny usage of all ports by firewall
- allow only necessary ports by firewall
- enable privileged ports by sysctl
So it reduces additional layers and complexity.

If one of your friends would provide a service on a specific port it has to be discussed with you.
And if this is a privileged port, it is also possible.

Or you can handle e.g. a web request with a rule in caddy.

o/1MS\o ⌨️🐧 | #WeAreNatenom@norden.social · 28 days ago

@SinTan1729 Thank you, now I can better understand why you want to avoid to open the privileged ports for non-root users which makes sense for your scenario.

I’m in the easy situation, that I don’t have to think about such a scenario, because my selfhosting system is exclusive for me.

o/1MS\o ⌨️🐧 | #WeAreNatenom@norden.social · 28 days ago

@SinTan1729 How many user do you have on your machine, which could open and run a service on a privileged port?

And when there is no application, which is providing a service on a privileged port, then there is no security issue from my point of view.

And if you want to get absolutely secure, then you can restrict the access only to specific ports based on firewall rules.
https://www.digitalocean.com/community/tutorials/ufw-essentials-common-firewall-rules-and-commands#how-to-allow-all-incoming-http-and-https

o/1MS\o ⌨️🐧 | #WeAreNatenom@norden.social · 28 days ago

@SinTan1729 Using privileged ports can be activated with a sysctl setting:
https://access.redhat.com/solutions/7044059

o/1MS\o ⌨️🐧 | #WeAreNatenom@norden.social · 1 month ago

@thirdBreakfast @trilobite 🤔
Interestingly, handling of volumes with podman is much more easier:
podman volume export myvol --output myvol.tar
podman volume import myvol myvol.tar
https://docs.podman.io/en/latest/markdown/podman-volume-export.1.html

I also checked the docker volume client documentation and there is no export command available like for podman.
https://docs.docker.com/reference/cli/docker/volume/

o/1MS\o ⌨️🐧 | #WeAreNatenom@norden.social · 1 month ago

@filister I don’t have an arr stack running, but I’m using several podman quadlets for running successfully e.g. PostgreSQL, Nextcloud, HomeAssistant and some more.
Did you checked the journal with
journalctl --identifier=\<container name\> for possible errors?

o/1MS\o ⌨️🐧 | #WeAreNatenom@norden.social · 3 months ago

@Darkassassin07 Did you already considered https://pdfgrep.org/?

With pdfgrep --ignore-case --recursive “text” **/*.pdf for example you can search a directory hierarchy of pdf files for “text”.