Exactly. I don’t know if the AIO image was used and how that all works (I stay away from that and the snap which is just an abomination) but no one should try to selfhost anything for prod unless they know exactly how it works. That and have a staging env. If you’re not up to the task then just pay for some commercial hosting (even if it’s just Nextcloud that is hosted elsewhere.)

I’ve run the nextcloud image (just docker.io/nextcloud IIRC) pinned for years with k8s and it’s durable and fine. It stays put and I just take the time to update my testing instance, make sure it all works with some cheap smoke tests, then upgrade prod.

I haven’t looked terribly far into it but zrok (SP?) is based on openziti

For anyone with ZFS related issues I’d honestly recommend just going to Jim’s site- https://discourse.practicalzfs.com/ which is invaluable. Lot more help and a trove of valuable info already exist there.

This is a great point. Thanks for taking the time and great app.

I really want to like one of these. I’ve tried it before but can anyone using this or similar tell me how it differs and improves upon just using Firefox sync?

Dendrite iirc is essentially in maintenance mode. I run a small one but I don’t think it’s expected to get any new features until there is more funding.

I might give this a go. Have been using bog standard ingress nginx for my k8s but have wanted to try a gateway supporting ingress product for a while.

Thanks op.

Could simplify it by making a 28 block at most. That is 14 IPs per bridge which seems like way more than one would generally need anyhow.

{
  "default-address-pools": [
    { "base":"172.16.0.0/12", "size":28 },
  ]
}

I will have to check. Still willing to try again. I’ll update if i get it going better on round 2.

Thanks for the hint about the docs. I hadn’t thought of that.

0e2475ba-882a-4f61-8938-2642ca80193b WARN     │  ┝━ 🚧 [warn]: WARNING: index "displayname" Equality was not found. YOU MUST REINDEX YOUR DATABASE
0e2475ba-882a-4f61-8938-2642ca80193b WARN     │  ┝━ 🚧 [warn]: WARNING: index "name_history" Equality was not found. YOU MUST REINDEX YOUR DATABASE
0e2475ba-882a-4f61-8938-2642ca80193b WARN     │  ┝━ 🚧 [warn]: WARNING: index "jws_es256_private_key" Equality was not found. YOU MUST REINDEX YOUR DATABASE

I had to drop it for a few days. I got that at some point though. It’s all brand new so I wouldn’t know why. Seems a bit rough around the edges so far. I’ll try to reindex and attempt again. I really want this to be the product I use since it’s a nice AIO solution but we’ll see.

Edit:

[~]$ podman run --rm -i -t -v kanidm:/data \
    kanidm/server:latest /sbin/kanidmd reindex -c /data/server.toml
error: unrecognized subcommand 'reindex'

Phew boy. Straight from the docs. Same with the vacuum command.

Looks like the docs need updated to specify the command is kanidm database reindex -c /data/server.toml

And further upon trying to login…

300e55b7-e30a-42a5-ac3e-ec0e69285605 INFO     handle_request [ 188µs | 0.00% / 100.00% ]
300e55b7-e30a-42a5-ac3e-ec0e69285605 INFO     ┕━ request [ 188µs | 72.94% / 100.00% ] method: GET | uri: /v1/auth/valid | version: HTTP/1.1
300e55b7-e30a-42a5-ac3e-ec0e69285605 INFO        ┝━ handle_auth_valid [ 50.8µs | 25.54% / 27.06% ]
300e55b7-e30a-42a5-ac3e-ec0e69285605 INFO        │  ┝━ validate_client_auth_info_to_ident [ 2.85µs | 1.51% ]
300e55b7-e30a-42a5-ac3e-ec0e69285605 WARN        │  │  ┕━ 🚧 [warn]: No client certificate or bearer tokens were supplied
300e55b7-e30a-42a5-ac3e-ec0e69285605 ERROR       │  ┕━ 🚨 [error]: Invalid identity: NotAuthenticated | event_tag_id: 1
300e55b7-e30a-42a5-ac3e-ec0e69285605 WARN        ┕━ 🚧 [warn]:  | latency: 204.504µs | status_code: 401 | kopid: "300e55b7-e30a-42a5-ac3e-ec0e69285605" | msg: "client error"

I think I’m gonna have to just nuke it and start fresh but yeah, this is not a great first impression at all.

I could do this but sadly even just the trial did not work. I’m using podman but it gives me “invalid state” just trying to login with a user per the quickstart, etc. Can’t reset the password cleanly, can’t add a passkey via bitwarden, etc.

Unsure if I’m doing something wrong or if it’s very alpha/beta.

Awesome. Thank you.

Now to see how i make this work in k8s since they evidently mandate the cert inside instead of just allowing the ingress to have it.

Does this do it all? It seems that it holds all your users like LDAP and can auth that way too. But it can also do simple oidc integrations too? Basically just want to see if it is the all in one. Looks like it does which is why i wonder why you use oauth2-proxy in addition.

I’ve otherwise been trailing keycloak/authelia as the oidc portion and lldap/freeipa as the ldap Backend that actually holds the users. Would love to simplify if possible.

Yep. I’ve got a test instance working with keycloak. Post up the problem you’re having and i can check it against mine. I think all of it was configured via UI on both except there are two changes in the gitea config.INI that allowed that auth and auto created users if they didn’t exist yet.

Maybe give photoview a shot.

https://github.com/photoview/photoview

You are like the most miserable poster with so many axes to grind.

Relax man.

You know, you can recommend lxd and whatever without putting out FUD about proxmox and other tech.

More than likely your os is just symlinking vi to vim.

Liftoff is no longer maintained right? So what’s the fork?

Maybe. I found that using redis, the php cache, and disabling unused apps (like photos) sped it up. Personally it just provides a lot to me and is only one thing to manage.

Great for my use case. Maybe not anymore for yours but food for thought. Good luck on whatever you choose. Lot of good programs recommended here.

No offense but if you’re using at least three things nextcloud provides I’m not so sure it’s overkill.

The latest roku updates have it. Unsure about the browser capability. I wouldassumed it has it.

For real. This is great stuff and a true RSS feed. Much thanks op.

If it can email you can send it to an email address and paperless can automatically grab it and archive it.

Except Google is established. Paying a company that has shown complete disregard for users and privacy and ethics doesn’t work.

An upstart? Sure. They don’t have a proven track record of being assholes.

Yeah and every update seems worse than the last.

They don’t let you at all skip around so I’d never pay. It only gets worse with them.

I use zap2xml or whatever it is. Simple script and crontab job and it’s worked without issue for near two years now I guess (since I initially configured it.) All free. I’m in the States so not sure if it’s location dependent or not.

Note- there is also a charge for calls per day.

https://www.backblaze.com/cloud-storage/transaction-pricing

I forget how truenas does it but I moved to restic which calculates changes locally then uploads the changed bits making it easily doable daily without extra charges.

Happy customer of open garage. It just worked for me.

If you edit files a lot vim is worth its weight in gold. Nano makes me want to kill myself as everything takes so much longer.

Nano is perfectly sufficient for a very rare edit.

I’d honestly just stop using YouTube rather than deal with all this crap. Fuck Google

Ahh, I had skimmed over and didn’t see you were running it on k8s (so kubernetes executor makes sense. ;) )

This is good to know though. I actually just stood up a podman runner and it is vastly improved over what I had to do even a year ago if I remember. I’ll need to look into Testcontainers though too as we do use that. Good to know it’s at least progressing pretty well. Thanks!

Do you have more details how you’re doing this? Using a custom executor still?

I apparently am not most users.

No desire to use discord in the slightest honestly.

I can’t believe they gave an intern that much power, no disrespect.

Interns are there to learn and gradually be trusted. Not given the wheel and a “go get em sport” pat on the back.

Protonmail at certain levels gives you simple login with unlimited aliases. Something to look into. I love it and have been with them for years.