Excuse me have you heard about our lord and savior, NixOS?

Ooo I do love me some Nix modules. Any particular options to look out for in order to configure something like that?

Edit:

It’s programs.chromium.extraOpts isnt it? Lol

How do you manage your images in Nix? Ive got a bunch of docker compose files and want to migrate over but havent had the time to sink.

Hmm these are some pretty cool features I’d be interested in. I currently use Voyager for lemmy and quite like the layout. Does Piefed have any good mobile clients? Is there something you’d recommend?

Another way to say it, if you cut a sphere in half and both sides are equal, its a great circle. All lines of longitude and the equator are great circles.

Did you allow the containers to talk to eachother with ufw after setting it up?

Without flakes

For those cool enough to use flakes

Enjoy :)

It helps to run the garbage collector and clean out the Nix store. Once you get a stable version that works, clear your nix store.

See this built in helper script

If you’re new you might have a bunch of stuff in the store from trying out things. You can also delete objects older than a certain period, which is nice.

You can setup wild card certs with a DNS challenge using traefik. No plug-ins needed, works right out the box.

Personally, I quite prefer traefik. Its harder to use than Caddy but offers more features. Also, it uses yaml or docker labels for config. I’m not a fan of the nginx .conf format.

Ive read about plan 9 and found it fascinating but really have no use case for it. What do you use plan 9 for? Any recommendations?

Did you watch ‘I am Legend’? This is exactly what starts the apocalypse lol

Side note, book was waaaayyyyy better

The routers or computers you are using for this have to support forwarding traffic. With Linux this is pretty straight forward for other OSes I’m not sure how easy it is.

You can get around this by having tailscale installed on the default gateway (router) of each network. It might be quite a pain for OP to change routers at each location. On the plus side, OpenWRT has some other cool features like PXE booting.

Here is an article about tailscale on an OpenWRT router.

I’d love to but all the logistics are overwhelming for me. What made your sabbatical so good? Was it easy to finance?

:3

I mean he killed himself while sober. Some people will go through struggles that you and I will never understand. Maybe we could have a little compassion?

Im at the compose2nix phase of this pipeline. Ive got a bunch or sevices in Docker compose files and all of my systems have been running Nix for over a year now. Ive gotten the hang of my repo and made a couple modules for my specific uses and im hooked.

What would you suggest to migrate all my compose files into a nix friendly environment? I use flakes as well.

Ahhh interesting video! I appreciate the post. I see the mTLS is more about authenticating who the client is outside the application.

Don’t worry, Im not just exposing thing willy nilly 🤣 For client-side authentication I use Authentik combined with 2FA, Duo, and fail2ban. Authentik provides identity management through LDAP to jellyfin and any sign in request goes to MFA and you get a Duo notification to approve. You can do other MFA, i just havent set it up.

Ive got a lot of family who use my server. Asking them to install a TSL cert on every machine would be impossible. My method also monitors all sign in requests. Setting up Authentik was a hugggeee game changer for me.