Regular btrfs scrubs is a good idea to detect data loss/drive failure early. I have a monthly sytemd timer run it automatically.
Btrfs balance can also free up space but I don’t run it regularly.
- 0 Posts
- 6 Comments
Joined 2 years ago
Cake day: July 25th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
8·15 days ago“given the same source code, build environment and build instructions, any party can recreate bit-by-bit identical copies of all specified artifacts”
NixOS does not guarantee bit-by-bit identical results. NixOS hashes the inputs and provides a reproducible build environment but this does not necessarily mean the artifacts are identical.
E.g. if a build somehow includes a timestamp, each build will have a different checksum.
7·21 days agoIt’s great to see another open source OIDC provider (with more features). I’ve set up Pocket ID which is awesome because of it’s simplicity and it’s great.
Yes. 127.0.0.0 is the localhost. This is the IP the container is listening on. Even if there was no firewall it wouldn’t allow any connection except from the host. If it’s set to 0.0.0.0 it means it’ll allow connections from any IP (which might not be an issue depending on your setup).
The reverse proxy runs on localhost anyway, so any other IPs have no reason to ever have access.
Some I haven’t yet found in this thread:
- rootless podman
- container port mapping to localhost (e.g.
127.0.0.1:8080:8080) - systemd services with many of its sandboxing features (PrivateTmp, …)
NixOS in LXC works great, although I switched to bare metal NixOS a few months ago. I didn’t see the need for proxmox as it hindered my ability of declaring the whole system.
Creating NixOS LXC’s is a bit of a pita. Some links that helped me two years ago: