• 0 Posts
  • 19 Comments
Joined 2 years ago
cake
Cake day: June 16th, 2023

help-circle





  • 80, 443 for HTTP/S, and 587 for a VPN service. Reason being that I travel frequently, and often have to connect through a bunch of different networks, Airport WiFi, mobile roaming, hotel WiFi, etc. and you never know the kinds of network restrictions they impose on their pipes.

    80 and 443 is least likely to be dropped, while 587 is a common SMTP port that could make it through most networks.






  • +1 for this, I have an active subscription with Bitwarden, for US$10 a year it’s worth many times that in the value and utility it provides me. I considered self-hosting the service but I decided to just stick with the cloud version since they likely have better resilience than my homelab. It’d suck if my home network is down for whatever reason and I need urgent access to my vault without a local copy within reach.




  • Thanks for asking! I think this is more or less an architectural choice, and I was vaguely adhering to the microservice design philosophy. While spinning up duplicate services for each container that requires it has its advantages in terms of isolation and what not, I wanted to:

    • Be light on resource requirements whenever possible,
    • Follow industry practices as far as possible in case it becomes useful at my day-job (it sometimes does),
    • Train myself to be an amateur sysadmin, at least on my homelab.

    Hence, all of my docker containers are deduped and reused whenever possible, and follow my own notations and conventions, as well as static and opiniated networking. It has been a really fun journey so far, but I’m also a glutton for punishment and sleep-less nights ;p


  • Interesting! I didn’t quite see that line about the postgres password and pictrs API key having to match. So far, I haven’t had issues with my instance with them being different values.

    If Lemmy really assume by convention that the postgres password and the pictrs key must be the same, it sounds like a huge architectural WTF and massive security risk, so I assume it shouldn’t be.

    For postgres versions, my solution would be to host different postgres versions in their own containers if there’s no other elegant way to avoid it. Then the URI should point to the respective postgres containers as necessary.