@bender@twtxt.net kinda sorta, it’s in a docker container so not a VM but like VM-ish?

I decided to use Imagor to optimise and transform the images into a stream. I am very happy with the results!
It is written in Go and is easy to run in Docker.
https://github.com/cshum/imagor
#selfhost

@kat@yarn.girlonthemoon.xyz At the core, you need an ngircd.conf like this:

[Global]
    Name = your.irc.server.com
    Password = yourfancypassword
    Listen = 0.0.0.0
    Ports = 6667

    AdminInfo1 = Well, me.
    AdminInfo2 = Over here!
    AdminEMail = forget.it@example.invalid

[Options]
    Ident = no
    PAM = no

[SSL]
    CertFile = /etc/ssl/acme/your.irc.server.com.fullchain.pem
    KeyFile = /etc/ssl/acme/private/your.irc.server.com.key
    DHFile = /etc/ngircd/dhparam.pem
    Ports = 6669

Start it and then you can connect on port 6667. (The SSL cert/key must be managed by an external tool, probably something like certbot or acme-client.)

I’m assuming OpenBSD here. Haven’t tried it on Linux lately, let alone Docker. 😅

i am writing a quick little guide on deploying soju/gamja all in docker. because i am bored

@prologic@twtxt.net oooh this looks interesting!!! maybe i could play around with it in docker and see how to integrate it with caddy layer4 for TLS + my existing web client and bouncer!!

hey everyone i’ve spent my whole day trying to set up soju + gamja in docker and now i am down a rabbit hole of building caddy with layer4 support and trying to get TLS for my IRC server and NOTHING IS WORKING

@bender@twtxt.net awww thank you :‘))) you all are too nice!!! i really wanted to share how i did this because i think i’m the first person to publicly attempt a production instance of dreamwidth code in docker, so i’m glad i did a good job at documenting it!!!!!!!

7k words of docs on deploying a livejournal folk. you absolutely want to read 7 thousand words of me forcing dreamwidth into production shape in docker https://stash.4-walls.net/selfhostdw/

We invent docker, we invent kubernetes, we invent portainer, why we still not invent solution to migrate data volumes between hosts? :(

Add support for skipping backup if data is unchagned · 0cf9514e9e - backup-docker-volumes - Mills 👈 I just discovered today, when running backups, that this commit is why my backups stopped working for the last 4 months. It wasn’t that I was forgetting to do them every month, I broke the fucking tool 🤣 Fuck 🤦‍♂️

@prologic@twtxt.net been there done that with several of my docker volumes to the point of me just not doing docker volumes anymore and manually mounting folders now LMAO

So I re-write this shell alias that I used all the time alias dkv="docker rm" to be a much safer shell function:

dkv() {
  if [[ "$1" == "rm" && -n "$2" ]]; then
    read -r -p "Are you sure you want to delete volume '$2'? [Y/n] " confirm
    confirm=${confirm:-Y}
    if [[ "$confirm" =~ ^[Yy]$ ]]; then
      # Disable history
      set +o history

      # Delete the volume
      docker volume rm "$2"

      # Re-enable history
      set -o history
    else
      echo "Aborted."
    fi
  else
    docker volume "$@"
  fi
}

Interesting.. so running into an issue where queries only return a partal set of rows if i run in a docker image built from scratch. i have to add the debian root image for it to work. I wonder what file is missing that the root has?

New article: “E2E Testing with TestCafe on Docker.”
I’ll show you how to get started with TestCafe, a framework for performing E2E tests.
https://programadorwebvalencia.com/pruebas-e2e-con-testcafe-sobre-docker/
#docker #testcafe #e2e #testing #javascript #webdev

I’m sharing a short tutorial, in Spanish, for self-hosting #twtxt with Docker:
https://programadorwebvalencia.com/twtxt-desplegar-tu-feed-con-docker/

Comparing Fuchsia components and Linux containers
Fuchsia is a new (non-Linux) operating system from Google, and one of the key pieces of Fuchsia’s design is the component framework. Components on Fuchsia have many similarities with some of the container solutions on Linux (such as Docker): they both fetch content addressed blobs from the network, assemble those blobs into an isolated filesystem structure that holds all the dependencies necessary to run some piece of software, and … ⌘ Read more

Testing the limits of our new 5G internet connection at home with pushing 1.5GB docker images into the cloud a bunch of times day…

I’m not a huge fan of docker. Sorry for the poor screen grab quality, but this is the funniest analogy for “no docker” vs “docker” I’ve come across: https://lyse.isobeef.org/tmp/no-docker-vs-docker-analogy.png :-D

@mckinley@twtxt.net @prologic@twtxt.net or just be like… “We don’t need Microshaft’s Minecraft, We already have one at home!” 🤣

#Luanti/#MineTest FTW!

@bender@twtxt.net Dud! you should see the updated version! 😂 I have just discovered the scratch #container image and decided I wanted to play with it… I’m probably going to end up rebuilding a LOT of images.

~/htwtxt » podman image list htwtxt
REPOSITORY                TAG            IMAGE ID      CREATED             SIZE
localhost/htwtxt          1.0.7-scratch  2d5c6fb7862f  About a minute ago  12 MB
localhost/htwtxt          1.0.5-alpine   13610a37e347  4 weeks ago         20.1 MB
localhost/htwtxt          1.0.7-alpine   2a5c560ee6b7  4 weeks ago         20.1 MB
docker.io/buckket/htwtxt  latest         c0e33b2913c6  8 years ago         778 MB

P.S:

~/remote/htwtxt » podman image list htwtxt                                                                                the@wks
REPOSITORY                TAG           IMAGE ID      CREATED      SIZE
localhost/htwtxt          1.0.5-alpine  13610a37e347  3 hours ago  20.1 MB
localhost/htwtxt          1.0.7-alpine  2a5c560ee6b7  3 hours ago  20.1 MB
docker.io/buckket/htwtxt  latest        c0e33b2913c6  8 years ago  778 MB

@bender@twtxt.net + a 9 years old container image by the good ol’ buckket himself … not sure what to expect from that but will give it a quick spin and report back

snapdrop looks amazing, but why should I run Docker to host it. I hate docker. https://github.com/SnapDrop/snapdrop

so i learned that my vpn provider uses nftables to tag traffic for split tunnelling. so it looks like i’ll be converting my iptables rules. there’s some implication for docker containers that i’ll have to reckon with, but i’m already nesting them inside a nixos container so i don’t really need docker to touch the network at all. after that i’ll be able to define some rules to allow traffic meant for the yggdrasil network to reach the tunnel. this will be important later.

Starting a couple of new projects (geez where do I find the time?!):

HomeTunnel:

HomeTunnel is a self-hosted solution that combines secure tunneling, proxying, and automation to create your own private cloud. Utilizing Wireguard for VPN, Caddy for reverse proxying, and Traefik for service routing, HomeTunnel allows you to securely expose your home network services (such as Gitea, Poste.io, etc.) to the Internet. With seamless automation and on-demand TLS, HomeTunnel gives you the power to manage your own cloud-like environment with the control and privacy of self-hosting.

CraneOps:

craneops is an open-source operator framework, written in Go, that allows self-hosters to automate the deployment and management of infrastructure and applications. Inspired by Kubernetes operators, CraneOps uses declarative YAML Custom Resource Definitions (CRDs) to manage Docker Swarm deployments on Proxmox VE clusters.

i have successfully put a docker container inside of a nixos container, a turturken so to speak. next up, we get arion-compose working in there and then see about mem_limit and cpus!

@prologic@twtxt.net Good to know. I must admit I’ve never actually used a Docker instance, probably as I just assumed the overhead might be a bit much for my usual very modest servers.

@bender@twtxt.net Is it so maxed out you couldn’t fit a pretty small program like Headscale on it? Headscale by itself and only personal home type use as far as amount of peers go, it really isn’t noticeable I don’t think resource-wise. The Docker version I guess could be a different story.

@xuu@txt.sour.is I have a theory as to why your pod was misbehaving too. I think because of the way you were building it docker build without any --build-arg VERSION= or --build-arg COMMIT= there was no version information in the built binary and bundled assets. Therefore cache busting would not work as expected. When introducing htmx and hyperscript to create a UI/UX SPA-like experience, this is when things fell apart a bit for you. I think….

@movq@www.uninformativ.de can’t Ntfy help with that? That’s how I get my signal notifications (I think).

This guide may me of help…
Good luck!

@mckinley@twtxt.net for me:

• a wall mount 6U rack which has:
  
  • 1U patch panel
    
  • 1U switch
    
  • 2U UPS
    
  • 1U server, intel atom 4G ram, debian (used to be main. now just has prometheus)
    
• a mini ryzon 16 core 64G ram, fedora (new main)
  
  • multiple docker services hosted.
    
• synology nas with 4 2TB drives
  
• turris omnia WRT router -> fiber uplink
  

network is a mix of wireguard, zerotier.

• wireguard to my external vms hosted in various global regions.
  
  • this allows me ingress since my ISP has me behind CG-NAT
    
• zerotier is more for devices for transparent vpn into my network
  

i use ssh and remote desktop to get in and about. typically via zerotier vpn. I have one of my VMs with ssh on a backup port for break glass to get back into the network if needed.

everything has ipv6 though my ISP does not provide it. I have to tunnel it in from my VMs.

QOTD: What do you host on your home server? How do you host it? Are you using containers? VMs? Did you install any management interface or do you just SSH in? What OS does it run?

Mine runs Arch (btw) and hosts a handful of things using Docker. Adguard Home, http://mckinley2nxomherwpsff5w37zrl6fqetvlfayk2qjnenifxmw5i4wyd.onion/, and some other things. NFS, Flexo, and Wireguard (peer and bounce server in my personal network) are outside Docker. I have a hotkey in my window manager that spawns a terminal on my server using SSH. It makes things very easy and I highly recommend it.

I am thinking about replacing Docker with Podman because the Common Wisdom seems to say it’s better. I don’t really know if it is or isn’t.

Also, how much of your personal infrastructure is on IPv6? I think all the software I use supports both, but I’ve mostly been using IPv4 because it’s easier to remember the addresses. I’ve been working for the last couple days on making it IPv6-only.

i am wondering if maybe i need a better heap like a btree backed one instead of just list sort on Dequeue.

I found a bug where i didnt include an open/closed list that seemed to shave off a little. right now it runs in about 70 seconds on my machine.. it takes over the 300s limit when it runs on the testrunner on the same box.. docker must be restricting resources for it.

I might come back to it after i work through improving my code for day 23. Its similar but looking for the longest path instead of shortest.

fractalnetworksco/selfhosted-gateway: Route HTTPS traffic to local Docker containers through a cloud VPS over WireGuard. Ideal for self-hosting behind CGNAT.

@prologic@twtxt.net hmm, bummer. I was hoping that translating the docker commands to podman syntax would work but it looks like it’s more subtle than that. Thanks for trying!

The weird thing was I wasn’t getting errors like that on my end when I tried it. podman thought the connection was created, and it set it as the default. But I don’t think it was sending anything over the wire. When I have more time to tinker with it maybe I’ll play around and see if I can figure out what’s up.

@prologic@twtxt.net Change your script to this:

#!/bin/sh

set -e

alias docker=podman

if [ ! command -v docker > /dev/null 2>&1 ]; then
  echo "docker not found"
  exit 1
fi

mkdir -p $HOME/.docker/certs.d/cas

## key stuff omitted

# DO NOT DO THIS docker context create cas --docker "host=tcp://cas.run:2376,ca=$HOME/.docker/certs.d/cas/ca.pem,key=$HOME/.docker/certs.d/cas/key.pem,cert=$HOME/.docker/certs.d/cas/cert.pem"
# DO THIS:
podman system connection add "host=tcp://cas.run:2376,ca=$HOME/.docker/certs.d/cas/ca.pem,key=$HOME/.docker/certs.d/cas/key.pem,cert=$HOME/.docker/certs.d/cas/cert.pem"
# DO NOT DO THIS docker context use cas
# DO THIS: 
podman system connection default cas

@prologic@twtxt.net

$ podman --docker                                                                                                                                                        
Error: unknown flag: --docker

Why are you using a flag that podman doesn’t have?

@prologic@twtxt.net what do you mean when you say “Docker API”? There are multiple possible meanings for that. podman conforms to some of Docker’s APIs and it’s unclear to me which one you say it’s not conforming to.

You just have to Google “podman Docker API” and you find stuff like this: https://www.redhat.com/sysadmin/podman-rest-api

Podman’s REST API consists of two components:

• A Docker-compatible portion called Compat API
  
• A native portion called Libpod API that provides access to additional features not available in Docker, including pods
  

Or this: https://docs.podman.io/en/latest/markdown/podman-system-service.1.html

The REST API provided by podman system service is split into two parts: a compatibility layer offering support for the Docker v1.40 API, and a Podman-native Libpod layer.

@prologic@twtxt.net I don’t understand what you’re saying. podman works with TLS. It does not have the “–docker” siwtch so you have to remove that and use the exact replacement commands that were in that github comment.

@prologic@twtxt.net My understanding is that podman can talk to the Docker Engine API. It’s just that the commands sometimes have different names in the podmanverse. I think–never used those features.

@prologic@twtxt.net I don’t get your objection. dockerd is 96M and has to run all the time. You can’t use docker without it running, so you have to count both. docker + dockerd is 131M, which is over 3x the size of podman. Plus you have this daemon running all the time, which eats system resources podman doesn’t use, and docker fucks with your network configuration right on install, which podman doesn’t do unless you tell it to.

That’s way fat as far as I’m concerned.

As far as corporate goes, podman is free and open source software, the end. docker is a company with a pricing model. It was founded as a startup, which suggests to me that, like almost all startups, they are seeking an exit and if they ever face troubles in generating that exit they’ll throw out all niceties and abuse their users (see Reddit, the drama with spyware in Audacity, 10,000 other examples). Sure you can use it free for many purposes, and the container bits are open source, but that doesn’t change that it’s always been a corporate entity, that they can change their policies at any time, that they can spy on you if they want, etc etc etc.

That’s way too corporate as far as I’m concerned.

I mean, all of this might not matter to you, and that’s fine! Nothing wrong with that. But you can’t have an alternate reality–these things I said are just facts. You can find them on Wikipedia or docker.com for that matter.

@prologic@twtxt.net I had a feeling my container was not running remotely. It was too crisp.

podman is definitely capable of it. I’ve never used those features though so I’d have to play around with it awhile to understand how it works and then maybe I’d have a better idea of whether it’s possible to get it to work with cas.run.

There’s a podman-specific way of allowing remote container execution that wouldn’t be too hard to support alongside docker if you wanted to go that route. Personally I don’t use docker–too fat, too corporate. podman is lightweight and does virtually everything I’d want to use docker to do.

@prologic@twtxt.net @jmjl@tilde.green
It looks like there’s a podman issue for adding the context subcommand that docker has. Currently podman does not have this subcommand, although this comment has a translation to podman commands that are similar-ish.

It looks like that’s all you need to do to support podman right now! Though I’m not 100% sure the containers I tried really are running remotely. Details below.

I manually edited the shell script that cas.run add returns, changing all the docker commands to podman commands. Specifically, I put alias docker=podman at the top so the check for docker would pass, and then I replaced the last two lines of the script with these:

podman system connection add cas  "host=tcp://cas.run..."
podman system connection default cas

(that … after cas.run is a bunch of connection-specific stuff)

I ran the script and it exited with no output. It did create a connection named “cas”, and made that the default. I’m not super steeped in how podman works but I believe that’s what you need to do to get podman to run containers remotely.

I ran some containers using podman and I think they are running remotely but I don’t know the right juju to verify. It looks right though!

This means you could probably make minor modifications to the generated shell script to support podman. Maybe when the check for docker fails, check for podman, and then later in the script use the podman equivalents to the docker context commands.

@prologic@twtxt.net hmm, now I get this:

$ ssh -p 2222 -i PRIVATE_GITHUB_KEY GITHUB_USERNAME@cas.run add | sh
sh: 135: docker: not found

The quickstart says:

## Quick Start

  ssh -p 2222 cas.run add | sh

so that’s why I tried this command (I had to modify it with my key and username like before)

Edit: 🤦‍♂ and that’s becasue I don’t have docker on this machine. Sorry about that, false alarm.

https://www.grottedubarbu.fr/securiser-socket-docker/

Building docker image with name and tag …