Sadly they’ve gone up in price over the last 6 months.

Mindfactory had 16TB for 160€ (10€/TB), but now they want 240€ for 18TB (13.3€/TB).

On eBay there’s sellers like HMCW, which are now also more expensive. But returns/warranty are questionable to say the least.

Edit: I wanna punch myself because I didn’t get one at the time.

Yeah. There already are arbitrators by law: public courts.

Yes, even IPv4 was intended to give each device in the world their own IP, but the address space is too limited. IPv6 fixes that.
Actually, each device usually has multiple IPv6s, and only some/one are globally routable, i.e. it works outside of your home network. Finding out which one is global is a bit annoying sometimes, but it can be done.

Usually routers still block incoming traffic for security reasons, so you still have to open ports in your router.

If you go with IPv6, all your devices/servers have their own IP. These IPs are valid in your LAN as well a externally.

But it’s still important to use a reverse proxy (e.g. for TLS).

Many places don’t enforce those laws for simply torrenting.

Some countries (US) ask the ISP to send warning letters and might disable the internet. In other countries law firms get personal details from the ISP and send a costly letter of a thousand Euro for a single infraction like in Germany.

I would ideally like to convert the library to h.265 or even AV1 if I can make it work.

Unless you’ve downloaded remuxes (which I doubt), I’d seriously recommend redownloading instead of converting your existing files.

h.265 and especially AV1 take a long time to encode by CPU, and hardware encoding won’t give you any space savings, unless you’re okay with losing much details.

Redownloading is most definitely faster, will result in more space savings for the quality you’ll get. PS: Unless you’ve got data volume limits, but even then I’d recommend slowly upgrading over time. It’s quite simple with TRaSH guides and giving h.265 a higher score.

• ActualBudget for finances.
• Radicale for calendar/contacts.
• Immich for photos/videos.
• Redlib as a frontend for Reddit (LibRedirect ftw).
• TheLounge as an IRC client.
• Bitwarden/Vaultwarden as a password manager.
• paperless-ngx for documents

NixOS in LXC works great, although I switched to bare metal NixOS a few months ago. I didn’t see the need for proxmox as it hindered my ability of declaring the whole system.

Creating NixOS LXC’s is a bit of a pita. Some links that helped me two years ago:

• https://wiki.nixos.org/wiki/Proxmox_Virtual_Environment#LXC
• https://web.archive.org/web/20230818134729/https://blog.xirion.net/posts/nixos-proxmox-lxc/

Regular btrfs scrubs is a good idea to detect data loss/drive failure early. I have a monthly sytemd timer run it automatically.

Btrfs balance can also free up space but I don’t run it regularly.

“given the same source code, build environment and build instructions, any party can recreate bit-by-bit identical copies of all specified artifacts”

NixOS does not guarantee bit-by-bit identical results. NixOS hashes the inputs and provides a reproducible build environment but this does not necessarily mean the artifacts are identical.

E.g. if a build somehow includes a timestamp, each build will have a different checksum.

It’s great to see another open source OIDC provider (with more features). I’ve set up Pocket ID which is awesome because of it’s simplicity and it’s great.

I found the guide/examples on their website a bit irritating at first (that’s on me) but it works well once understood and configured.

Yes. 127.0.0.0 is the localhost. This is the IP the container is listening on. Even if there was no firewall it wouldn’t allow any connection except from the host. If it’s set to 0.0.0.0 it means it’ll allow connections from any IP (which might not be an issue depending on your setup).

The reverse proxy runs on localhost anyway, so any other IPs have no reason to ever have access.

It’s mostly to allow the reverse proxy on localhost to connect to the container/service, while blocking all other hosts/IPs.

This is especially important when using docker as it messes with iptables and can circumvent firewall like e.g. ufw.

You’re right that it doesn’t increase security on case of a compromised container. It’s just about outside connections.

Some I haven’t yet found in this thread:

• rootless podman
• container port mapping to localhost (e.g. 127.0.0.1:8080:8080)
• systemd services with many of its sandboxing features (PrivateTmp, …)

I do the same, but with Wireguard instead of OpenVPN. The performance is much better in my experience and it sucks less battery life.

Trying to actually restore is the best way to ensure the backup works. But it’s annoying so I never do it.

I usually trust restic to do it’s job. Validating that files are there and are readable can be done with restic mount, and you’ve mentioned restic check.

The best way to ensure your data is safe is to do a second backup with another tool. And keep your keys safe and accessible. A remote backup has no use of the keys burned down.

Yes. I like to leave the original link in the post body for that reason.

Sadly it’s not possible to provide links using Firefox Translate. People would have to translate it themselves (i.e. opening in a browser and clicking translate). Depending on the device they likely wouldn’t bother.

Agreed. In general people seem to like centralised platforms. They don’t want to sign up on another site for a specific purpose. They stick to what they know unless there’s good reason to change (mostly peer/ad/social media pressure I feel like).

In a way Lemmy is similar in that it’s a single platform to access all types of content. Given most people don’t care about the technical “how”, I can see why they like Discord and Reddit.