- 0 Posts
- 16 Comments
I’m not a docker expert- i tend to just run everything in an LXC. But, doesn’t docker typically run as root? It might be that you gave your lxc user UID proper permissions, but not the lxc root UID.
Alternatively, you are aware that LXC UID 1000 != Host UID 1000, yes?
FWIW, permissions in proxmox/LXC are really clear and predictable… once you understand the way the map in the config files.
Aside from driving being an activity that, in my opinion, will require something approaching AGI, there are other issues to consider. Self driving cars will be completely unable to make difficult decisions reliably. How, for example, do they deal with a robbery where you just have someone stand in front of the car to immobilize it and then have the folks inside the car at your mercy? I have to imagine that either you’re producing pedestrian murder machines or serving up passengers on a silver platter.
Racknerd via the coupon @ Low end box.
The full price is like $24/yr, so even if it goes up, meh.
I’m a big fan of cheap (as in ~$10/yr vps) and reverse proxy over wireguard. My home ip isn’t exposed and I’m able to quickly spin new containers up by updating my reverse proxy config and adding a wireguard peer.
I keep two VPSs- one as reverse proxy for all my miscellaneous services and another solely for email. The latter port forwards raw traffic over wireguard to my email server container. That way, even if the VPS gets compromised, my personal data remains secure.
I end up paying ~ $30/yr (+ whatever I’m paying in electricity) for domain + VPS. It’s a bit more involved than tailscale, etc, but I’m willing to put in a little extra work to make sure I’m not at the mercy of some company getting up to some rent-seeking bullshit.
The only option that fits your budget today I can think of would be picking up one of the old xeon combos off of AliExpress. I spent like $100 on a MB+CPU+64GB DDR4 combo with a 2880 v4 I think. 14c/28t at any rate. You can probably grab a case/power supply/video card used for under $50 on eBay.
Please note that I’m not saying that this is a good option; it took a lot of fiddling for me to get mine running smoothly. But if you’ve got more time and patience than money, it might work for you.
To me, this reads like “Giant-ATV-Based Taxi Service Couldn’t Exist If Operators were Required to Pay Homeowners for Driving over their Houses.”
If a business can’t exist without externalizing its costs, that business should either a. not exist, or b. be forced to internalize those costs through licensing or fees. See also, major polluters.
Racknerd has VPSs starting at around $10/yr. Been using them to host my email/nextcloud/jellyfin proxies for a while now with no issues or unexpected downtime. They don’t have any of Linode’s advanced features, but they’re pretty hard to beat price-wise.
I use a wireguard tunnel and port forwarding from a vps to a mailinabox instance serving mail for my various domains. If you have your SPF/DKIM/rDNS set up correctly, it’s not too bad with respect to management and mail delivery, plus you don’t have to trust anyone with your data. As far as other mail servers are concerned, your VPS IP is the only IP they see. I pay $10/yr for the VPS
Outside of a kink context, its use is a pretty great indicator that the person using it is a hateful moron who thinks they’re"winning" if someone is “triggered.” Basically the online equivalent of a pair of truck nuts.
In that respect, I’m grateful for its prevalence as it saves me a lot of time/energy that would otherwise be spent dealing with assholes.
I second this. I use a couple of dirt cheap VPSs from racknerd ($24/yr for 1 CPU/512Mb ram, but you can find coupons online to get them for $10/yr 1CPU/768mb ram) one does port forwarding over wireguard to my mail server so I can keep all my data in house, the other hosts an NGINX reverse proxy for all my web services. Works great. I use the reverse proxy for nextcloud and jellyfin for myself and 6 other users. Never had an issue. (Well, never had an issue I didn’t cause myself at any rate.)
It’s a little harder to set up than some of the other suggestions, but it’s cheap, fully transparent to users, and doesn’t expose your home network to the outside world.
Nope. It just maps a single user and group from the container to a regular user on the host. With the above config, root in the container has the “real” UID of 100000. It can’t make changes to anything any other unprivileged user can. A privileged container otoh runs root as root. It can do a lot of damage. By running privileged containers you’re kind of throwing out a good portion of LXC’s benefits.
The user and group mapping for lxc is easy(ish) once you understand it.
The above breaks out as follows: lxc.idmap: [user/group] [beginning host UID/GID] [number of sequential IDs to map]
lxc.idmap: u 0 100000 1000 [maps LXC UIDs 0-999 to host UIDs 100000-100999]
lxc.idmap: g 0 100000 1000 [maps LXC GIDs 0-999 to host GIDs 100000-100999]
lxc.idmap: u 1000 1000 1 [maps LXC UID 1000 to host UID 1000]
lxc.idmap: g 1000 1000 1 [maps LXC GID 1000 to host GID 1000]
lxc.idmap: u 1001 101001 64535 [maps LXC UIDs 1001-65535 to host UIDs 101001-165535]
lxc.idmap: g 1001 101001 64535 [maps LXC GIDs 1001-65535 to host GIDs 101001-165535]
The last two lines are needed because a running Linux system needs access to a minimum of 65336 UIDs/GIDs (zero-indexed).
You can basically think of LXC as running everything on the host system itself, but running it all as UID/GID 100000-65535 by default. In an unprivileged container, you have to remap these to give access to resources not owned by that range.
This is pretty much how I’m hosting a similar set of services to you. I have a couple of dirt cheap VPSs ($10/yr via racknerd) which serve as public access points. One provides a wireguard tunnel and port forwarding to a mailinabox instance serving mail for my various domains, the other runs a wireguard tunnel and nginx reverse proxy for all my public-facing services. A little fiddly to set up the port forwarding, but it’s been rock solid since I set it up.
Re: email, it’s not too hard, but it is unforgiving. Mailinabox makes it much, much easier to set up an email server that doesn’t automatically go to spam. Basically though, if you have your SPF, DKIM, DMARC and RDNS set up correctly, your golden. Mailinabox takes care of all of it except RDNS.
Check out low end box. I found coupons for racknerd. I have one VPS that’s $10/yr, another that’s $18/yr. I’ve had zero downtime in the 18 months I’ve used them. No complaints from me. YMMV of course.