Have you looked at Ghost?

If you don’t have a uniform infrastructure, nobody will want to use your spare compute you have lying around.

Every hosted solution already has free tiers and free CI runners, so the question is why would they pay you for the privilege?

I don’t mean to put your efforts down, but I’m so confused about what this is. I listened a bit, and it seems to be just you musing about your experience with certain things. I think people show up to listen to podcasts for an objective viewpoint about X topic, and not just somebody moving from topic to topic and talking about their wants and needs about a certain thing.

I’m also very confused on what “Linux Prepper” means. What are you preparing for?

Don’t pull containers from random sources then. If you’re working with a specific project, only pull from their official images.

Pushed images are built and verified from the maintainers, then pushed. Then you pull, each layer is verified by hash that it is the same image as was originally pushed by the maintainers.

Whether that project protects itself from supply chain attacks is a different story, but as far as ports go, you only expose what you tell it to expose. There’s no workaround for that.

This isn’t a clear question about what you’re trying to confirm here.

Are you wondering how you pull a confirmed container from a confirmed provider?

Are you concerned about supply chain attacks?

Naw

There are numerous automated systems for this, and almost every platform you use will have their own. Infiscal doesn’t seem bad, but I haven’t used it.

I always suggest engineers just use whatever is closest to their stacks instead of implementing something, UNLESS it’s going to cost a lot more money (looking at you, AWS).

Bitwarden/Vaultwarden+BWcli is also another workaround if you’re just using it for small projects.

Etcd can do value encryption, and Redia even, but you should really be looking at something that has solid RBAC, or ZTC rotation.

Sounds like Jellfyfin+Jellybook is your winner then. The server portion of audiobook or ebook hosting isn’t going to be giving you any game changing features. They serve files.

The client you use is going to make or break your experience here, so just go with the easiest setup on the server side, and then run through some clients to see what works best.

You’re not really telling what the exact nature of your problem is, so it’s hard to answer you.

What’s the camera? How are you intending to connect to it? Do you otherwise have access to the feed of this camera as a user?

You need to give a lot more details, and maybe some errors to explain what you need help with.

I think parsedmarc is the only active-ish game in town. Most tools like this are going to be hosted SaaS.

That, or your phone is using an overridden DNS server and not your local DNS resolver while on your own network. Common with Android specifically.

Ghost is meant more for hosting blogs and newsletters, not necessarily an interactive site.

Lots of static site frameworks out there: Hugo, Gatsby, Jekyll - all with their own strengths and weaknesses. Hugo probably has the largest following and template ecosystem, so may be faster to get started. Something a bit different that has some steam behind it is Grav CMS.

No, it’s the difference between your docker service knowing it’s datadir isn’t in /var/lib and not.

Shut down docker. Create a datadir in your writeable mount, change the docker configs to point to the new location, and restart.

Here’s an example: https://linuxconfig.org/how-to-move-docker-s-default-var-lib-docker-to-another-directory-on-ubuntu-debian-linux

It’s an immutable distro, so the regular locations on the filesystem are all read-only. The only way you can do this is making sure you mount separate storage, or use the userspace home mount or whatever they call it. It’s trivial to move the docker dir to wherever, so just do that.

Are you talking about just a straight HTML/CSS static blog, or is it created in a framework of some sort?

When using semantic versioning of anything, it’s an intention to run that specific version. AKA version pinning or locking. Meaning you DON’T want it automatically updating unless you do it manually.

You especially don’t want this happening in a k8s cluster if you intend to run replicas with pulls enabled for obvious reasons.

As for being notified of updates, there are some tools out there for this, but I believe they only check for pulling specific tags, or latest tag. The way container registries work wouldn’t make it obvious what exactly you’d want to update, because there is no concept of tag inheritance. This means if a new tag showed up in a repo, you wouldn’t know if it’s an update to your specific current version of aomething, or just another tag. They don’t work like packages in this sense.

Ok…but crowdsec bans abusive IPs. Are you saying your actions got you banned for some reason?

Also, whitelist first. Ban second.

Crowdsec if you have many instances that need to report to each other.

If you just have a single instance and care to configure f2b for those services, then it’s fine. I would suggest incorporating the use of public blocklists though.

Care to elaborate? This seems kind of insanely specific.

Also, if you’re using fail2ban, the same thing would happen.

For what, exactly?