Skip Navigation
From Docker with Ansible to k3s: I don't get it...
  • I'll post more later (reply here to remind me), but I have your exact setup. It's a great way to learn k8s and yes, it's going to be an uphill battle for learning - but the payoff is worth it. Both for your professional career and your homelab. It's the big leagues.

    For your questions, no to all of them. Once you learn some of it the rest kinda falls together.

    I'm going into a meeting, but I'll post here with how I do it later. In the mean time, pick one and only one container you want to get started with. Stateless is easier to start with compared to something that needs volumes. Piece by piece brick by brick you will add more to your knowledge and understanding. Don't try to take it all on day one. First just get a container running. Then access via a port and http. Then proxy. Then certs. Piece by piece, brick by brick. Take small victories, if you try to say "tomorrow everything will be on k8s" you're setting yourself up for anger and frustration.

  • Got my first script kiddy
  • Yeah with Amazon's sheer size this has definitely been done before, curious what limits op is going to hit. My guess is they have a quota for submissions, and they'll be banned from submitting tickets.

  • Got my first script kiddy
  • I mean go for it? They literally can't do anything, you might as well complain that fire is hot though. It's part of being in the Internet. They provide safety gloves, via VPCs and firewalls, but if you choose not to use them then.. yeah I mean youre probably gonna get burned

  • Got my first script kiddy
  • Uh sorry dude, but no this isn't a script kiddy, these are bots that scan every IP address every day for any open ports, it's a constant thing. If you have a public IP, you have people, govs, nefarious groups scanning it. AWS will tell you the same as if you were hosting it locally, close up the ports, put it on a private network. Use a vpc and WAF in AWS' case.

    I get scanned constantly. Every hour of every day dark forced attempt to penetrate our defences.

  • First poster for "The SpongeBob Movie: Search for SquarePants"
  • Hm, I'm more excited for SpongeBob 4: Spacewhales

  • "Dune: Messiah" gets renamed to "Dune: Part Three", will be shot partially with IMAX cameras
  • Honestly wonder if it was to prevent protests from moronic religious groups who claim to hold a monopoly on the word "messiah"

  • Apple hits back against 'unprecedented' €500m EU fine
  • Unprecedented is not a bad word. It means there's no precedent. I mean we're finally pushing back.

  • Does anyone know what this part is called?
  • It seems to run on some form of electricity!

  • This is pants on head stupid
  • The only reason this would need to be a bill is if people are upset that they are failing the exam. Which means they qre failing the exams, to the surprise of no one.

    What we should be doing instead is making our neighborhoods more accessible to those without cars. I'm sure they feel like their mobility is gone if they lose their license, but that shouldn't be the case to begin with.

  • European game publisher group responds to Stop Killing Games, claims 'These proposals would curtail developer choice"
  • So tone deaf, and clearly they're just trying to steer the narrative.

    They call out that it's never taken lightly and it has to happen. We know. Stop killing games just says you have to do something when you turn off the servers. Either release the server source code so it can be engineered by the community, release a self hostage server alternative, even just documents or guides on how to get started.

    But they're going to try to make it about the mean old gamers want them to go broke

  • Garuda on Surface Pro 5 - performance nightmare
  • Have you seen the surface-linux project on GitHub? They've been maintaining a kernel for it. Idk if it'll work with your distro but I'd start there

  • Beehaw has a huge surplus of money. Could we use it to fund another service?
  • Very happy for you! Seconded to just banking it. If it was 50k that would be different. Throw half in a CD and the other just plan out ongoing expenses. Make sure backups are working, maybe use a bit of the cash to try recovering from a backup just in case.

    If your cost is 250 a month, then in reality you only have 2 years of runway there, if you don't grow. Good intention and I respect that, but I think keeping beehaw going long term is better than anything else you would do with the money

  • Please, stay off the copium.
  • Hm, probably sitting at home playing too many videos games

  • Microsoft has never been good at running game studios, which is a problem when it owns them all
  • Personally I agree. I've seen way more startups kicking off with these waves of layoffs. It's a silver lining, not much more, but I'm happy to see people finally realizing they don't want the big tech solutions anymore.

  • Outgrown my Synology NAS, time for a proper dedicated machine
  • Not at all. Proxmox does a great job at hosting VMs and giving a control plane for them - but it does not do containers well. LXCs are a thing, and it hosts those - but never try to do docker in an LXC. (I tried so many different ways and guides and there were just too many caveats, and you end up always essentially giving root access to your containers, so it's not great anyway). I'd like to see proxmox offer some sort of docker-first approach will it will manage volumes at the proxmox level, but they don't seem concerned with that, and honestly if you're doing that then you're nearing kubernetes anyway.

    Which is what I ended up doing - k3s on proxmox VMs. Proxmox handles the instances themselves, spins up a VM on each host to run k3s, and then I run k3s from within there. Same paradigm as the major cloud providers. GKE, AKS, and EKS all run k8s within a VM on their existing compute stack, so this fits right in.

  • Outgrown my Synology NAS, time for a proper dedicated machine
  • Just focus on one project at a time, break it out into small victories that you can celebrate. A project like this is going to be more than a single weekend. Just get proxmox up and running. Then a simple VM. Then a backup job. Don't try to get everything including tailscale working all at once. The learning curve is a bit more than you're probably used to, but if you take it slow and focus on those small steps you'll be fine.

  • Supreme Court declines to hear Iowa pork producers’ challenge to California's animal-welfare law
  • At issue was a 2018 ballot initiative, Proposition 12, that bans the sale of pork products in California unless the sow from which the butchered pig was born was housed with at least 24 square feet of floor space.

    6 foot by 4 foot. That's the minimum the law asks for and Iowa producers are upset by that? If an adult lays down on the ground that can easily take up that much room.

  • Outgrown my Synology NAS, time for a proper dedicated machine
  • I think at this point I agree with the other commenter. If you're strapped for storage it's time to leave Synology behind, but it sounds more like it's time to separate your app server from your storage server.

    I use proxmox, and it was my primary when I got started with the same thing. I recommend build out storage in proxmox directly, that will be for VM images and container volumes. Then utilize regular backups to your Synology box. That way you have hot storage for drives and running things, cold storage for backups.

    Then, inside your vms and containers you can mount things like media and other items from your Synology.

    For you, I would recommend proxmox, then on top of that a big VM for running docker containers. In that VM you have all of your mounts from Synology into that VM, like Jellyfin stuff, and you pass those mounts into docker.

    If you ever find yourself needing to stretch beyond the one box, then you can think about kubernetes or something, but I think that would be a good jump for now.

  • I'm chaotic good
  • And holt reminded him that it's still a narrative that needed to be corrected. What about the one where Terry was profiled? Or holt was denied his promotion?

    It's pretty clear that you wouldn't approve of any cop show that tries to work through these issues, so I'm not going to bother arguing with you. I think they did a great job, a lot of those episodes were very hard to watch because they were confronted with choosing a career under one pretended and then saw the reality. To do that with a comedic tone is incredibly hard, and I think they did well.

  • IFit (Fitness Platform) forces binding arbitration

    ...and you can only opt out with certified mail

    > (k) Opting Out of Arbitration. You have the right to opt out of binding arbitration within 30 days of the date you first accepted a version of these Terms by sending us notice of your opt out via certified mail addressed to iFIT Inc., Attn: Legal Department, 1500 South 1000 West, Logan, UT 84321. To be effective, the opt-out notice must include your full name, mailing address, email address, and be signed by you. The notice must also clearly indicate your intent to opt out of binding arbitration in order to be valid. By opting out of binding arbitration, you are agreeing to resolve disputes in accordance with Section 23.

    0
    Some audio doesn't play on Jellyfin on bazzite

    Hey all, I'm hoping this is simple one of you have seen. I have Jellyfin media player installed on bazzite, I use it through gaming mode. Most of the time, but some audio tracks are silent and won't play unless I force transcoding.

    They are usually DTS or DTS:MA. Do I need to install drivers somehow? Or flip a setting? I'm fine with transcoding audio, but I want to avoid transcoding video.

    I am plugged into an Onkyo receiver via HDMI, so it should be able to play most of those.

    Thanks!

    4
    Embracer to spin off Coffee Stain (maker of Satisfactory), rebrand as Fellowship Entertainment and release 76 games in the next year
    www.gamingonlinux.com Embracer to spin off Coffee Stain, rebrand as Fellowship Entertainment and release 76 games in the next year

    Embracer have released their latest interim report, along with a statement on their plans to spin off Coffee Stain Group and go through a rebrand to Fellowship Entertainment.

    Embracer to spin off Coffee Stain, rebrand as Fellowship Entertainment and release 76 games in the next year

    Not sure if I'm happy or worried about this

    14
    ph4ntomnews.blogspot.com Taylor Swift’s ‘Look What You Made Me Do (Taylor’s Version)’ Debuts in The Handmaid’s Tale Season 6

    Taylor Swift's “Look What You Made Me Do (Taylor’s Version)” debuts in The Handmaid’s Tale Season 6, setting a powerful tone for the episode.

    Taylor Swift’s ‘Look What You Made Me Do (Taylor’s Version)’ Debuts in The Handmaid’s Tale Season 6

    cross-posted from: https://lemmy.world/post/29984268

    > Social Media Description: > Taylor Swift’s “Look What You Made Me Do (Taylor’s Version)” just dropped in The Handmaid’s Tale Season 6 — and it’s giving power, revenge, and chills.

    6
    That's all folks, Plex is starting to charge for sharing

    cross-posted from: https://poptalk.scrubbles.tech/post/2333639

    > I was just forwarded this someone in my household who watches our server. That's it folks. I've been a hold out for a long time, but this is honestly it. > > They want me to pay to stream content that I bought from my hardware transcoded also on my hardware. > > I'll say it. As of today, I say Plex is dead. Luckily I've been setting up Jellyfin, I guess it's time to make it production ready.

    Edit: I have a Plex Pass. More comments saying “Just buy a plex pass” are seriously not getting it. I have a Plex Pass and my users are still getting this.

    And for the thousandth person who wants to say the same things to me:

    • YES I know I'm unaffected as a Plex Pass owner.
    • My users were immediately angry at it, which made me angry. Our users don't understand what plex pass is, and they shouldn't have to, that's why I had it. The fact that they were pinged even though it should have kept working is horribly sloppy
    • Plex is still removing functionality. I don't care that "People should pay their fair share". If Plex wants to put every new feature behind a paywall, that's completely okay. They are removing functionality.
      • "But they have cloud costs". Remote streaming is negligible to them. It's a dynamic DNS service. Plex client logs in, asks where server is, plex cloud responds with the IP and port of where server is located. That's it.
      • "Good luck finding another remote streaming" - Again, Plex just opens up an IP and port. Jellyfin also just opens up an IP and port (Hold on jellyfin folks I know, security, that's a separate conversation). All "remote streaming" is is their dynamic dns. Literal pennies to them. Know what actually is costing them money? Hosting all of that ad-supported "free" content that they're probably losing money on.

    In short, I don't care how you justify it. Plex is doing something shitty. They're removing functionality that has been free for years. I'm not responding to any more of your comments repeating the same arguments over and over.

    471
    That's all folks, Plex is starting to charge for sharing

    I was just forwarded this someone in my household who watches our server. That's it folks. I've been a hold out for a long time, but this is honestly it.

    They want me to pay to stream content that I bought from my hardware transcoded also on my hardware.

    I'll say it. As of today, I say Plex is dead. Luckily I've been setting up Jellyfin, I guess it's time to make it production ready.

    Edit I have a Plex Pass. More comments saying "Just buy a plex pass" are seriously not getting it. I have a Plex Pass and my users are still getting this.

    153
    Sharing Jellyfin

    Hi folks. So, I know due to a myriad of reasons I should not allow Jellyfin access to the open internet. However, in trying to switch family over from Plex, I'll need something that "just works".

    How are people solving this problem? I've thought about a few solutions, like whitelisting ips (which can change of course), or setting up VPN or tail scale (but then that is more work than they will be willing to do on their side). I can even add some level of auth into my reverse proxy, but that would break Jellyfin clients.

    Wondering what others have thought about for this problem

    92
    Dedicated Server has breaking changes in 1.1
    store.steampowered.com Satisfactory - Update 1.1 is out now on Experimental! - Steam News

    Today it’s the release of our first content update since leaving early access and we would like to introduce you all to our newest features with our 1.1 update!

    Satisfactory - Update 1.1 is out now on Experimental! - Steam News

    Heads up for those who run a dedicated server who haven't tried experimental first, posting this so it's on your radar.

    Long story short, we had to open two additional ports on our server, 8888 and 27777. Following is a direct copy from the changelog:

    Dedicated Server - Port Forwarding Updates

    If you have Host a dedicated server, you should definitely give the next block a read as many new improvements have been added to allow for extra flexibility since the last update on Experimental

    We have updated the Port Allocation Strategy in Reliable Messaging New features:

    Explicit Port Configuration

    • A new -ReliablePort= command-line parameter allows explicit port selection.
    • The value must be an integer between 0 and 65535.
    • If specified, the server will attempt to bind to this port and fail to initialize if the port is unavailable.

    Default and Configurable Port Ranges The following settings in Engine.ini control port allocation: [/Script/ReliableMessaging.ReliableMessagingTCPFactory] PortRangeBegin=8888 PortRangeLength=512 ExternalPortRangeBegin=-1

    • The server will attempt to bind within [PortRangeBegin, PortRangeBegin + PortRangeLength).
    • By default, the server starts at port 8888 and tries up to 512 ports until it finds an available one.

    Client Awareness & NAT Handling

    • Clients must connect to the correct port, but port remapping (e.g., via NAT/firewall rules) can break this.
    • To address this, the server now communicates the listening port to clients during the initial handshake.
    • If external port remapping is used, the server must be aware of the external port via:
    • The ExternalPortRangeBegin config setting (for remapped ranges).
    • The -ExternalReliablePort= command-line parameter (for explicitly mapped ports).

    Server Host Requirements (TL;DR)

    • If hosting a single server, port 8888 TCP must be open by default.
    • If hosting multiple servers, a range of ports starting from 8888 TCP (by default) must be open.
    • The server will attempt up to 512 ports before failing (configurable).
    • If port remapping (NAT/firewall) is used, the server must be configured accordingly; otherwise, clients won’t be able to connect.
    • Logging is in place to help server maintainers verify the allocated ports.
    5