d00phy

I currently have my home services set up in a way I like, and think I understand. I have an S12 pro w/ *arr, Overseerr, Immich, paperless, etc running. The only things exposed are immich, paperless, and overseerr. This is via swag/dockerproxy over a cloudflare tunnel. This makes it so I don't have to do anything on the cloudflare end or my router to add a new service. DockerProxy picks up a new container, swag configures a reverse proxy automatically (assuming it recognizes the container, but it also supports custom configs) using the container_id as the subdomain.

I'm looking at setting up a VPS to host authentik and uptima kuma (to start - maybe ntfy in the future). What I'd like to do is have the public interface on these containers use the same cloudflare tunnel I'm currently using... or a second one, if necessary. For the interface back to my home server, I'd like to use Tailscale. I already have it running on my home server, and I expect I'll install it on my VPS. The goal here is the "public" connection uses the cloudflare tunnel, and the backend connection is over tailscale.

I've tested that I can spin up swag/dockerproxy on a second box in my lab and it will connect to cloudflare. I have not yet tested standing up a container on that box to see if the proxy works as expected.

So, questions:

• Tailscale on VPS: container or no? Obviously, if I can't install it locally, I'll put it in a container
• How to I configure a container to use these 2 networks? I'm fairily good on getting the cloudflare part working. The TS part is new to me, and all the documentation I've seen doesn't really cover other containers using the tailnet.
• Am I overthinking this? If I put these services on tailnet alone, will the cloudflare tunnel... tunnel back and forth to/from clients not on tailnet?

TBH, I kind of get his point, and respect him for his candor. That said, I think he's also aware that he will more than likely be disappointed by his decision. He probably also knows it's only a matter of time before the party completely rejects him.

Throughout our 90-minute interview, Cox rejected the “MAGA” label, called Trump and his running mate, J. D. Vance, “antithetical” to his brand of Republicanism, and at various points seemed even to quibble with the idea that he’d endorsed Trump at all. “I said I’m going to vote for him,” Cox told me. “I didn’t say I support everything he does. I’m not even telling you that you need to vote for him.”

...

When Cox addressed the state Republican convention in May, he was loudly booed by Trumpists. Finally, in a fit of exasperation, he spat, “Maybe you just hate that I don’t hate enough.” The race seemed to rattle his faith in Utah exceptionalism. “It only reinforced my concern that there’s kind of been a breach in the stronghold,” he told me.

...

“When we talk about disagreeing better and the work of depolarization, there’s this weird thing that happens to people,” Cox told me. “You start to criticize the people who are polarizing us … and then they become your enemies.” If you’re not careful, he said, you risk becoming a mirror image of the thing you’re working to defeat.

“That ‘Love your enemies’ stuff—it sucks. I hate it. I wish Jesus had never said that,” Cox told me. But if he was serious about injecting decency and compassion back into politics, he explained, he needed to find a way to work with his political enemies. And within his own party, at least, he could think of few figures who qualified as enemies more than Trump. “To me, this is kind of the ultimate test.”

I have the arr stack and immich running on a beelink S12 pro based on geekau mediastack on GitHub. Basically, and I'm sure my understanding is maybe a bit flawed, it uses docker-proxy to detect containers and passes that to swag, which then sets up subdomains via a tunnel to Cloudflaire. I have access to my services outside of my LAN without any port forwarding on my router. If I'm not mistaken, that access is via the encrypted tunnel between swag & Cloudflaire (please, correct me if I'm wrong).

That little beelink is running out of resources! It's running 20 containers, and when immich has to make any changes, it quickly runs low on memory. What I would like to do is set up a second box that would also run the same "infrastructure" containers (swag, docker-proxy), and connect to the same Cloudflaire account. I'm guessing I need to set up a second tunnel? I'm not sure how to proceed.

One can’t keep herself out of a box or anything resembling a box. The other is responsible for the never healing contusion on his sister’s ear (though, she sometimes starts it).

Our mini schnauzer passed in January. They were pals.

Do you drink the cereal-flavored milk straight from the bowl? I grew up doing this because my parents taught me how good that milk tastes. As I’ve gotten older, I feel a little self-conscious about doing it in public. It’s not something I notice other non-children doing.

Editing to add: I do drink the milk from the bowl. As to when I'm eating it "in public:" hotels mostly. Self-conscious was probably the wrong word. I'm more wondering if people silently judge a grown person drinking cereal milk from the bowl. Not losing sleep if they do, just curious.

Trying to do a couple things. I have 2 jump hosts I can use to get into my cluster login node. From my laptop to the jump hosts is password. From jump hosts to login node can be key-based, so if I do it all from CLI:

[me@home ~]$ ssh user@jump1
Password:
[user@jump1 ~]$ ssh user@login1
[user@login1 ~]$ 

Same process if I use jump2.

So first thing I'm trying to do is set up my ~/.ssh/config to use the ProxyJump host and key file to get to login1. I have the following:

Host jump1
  Hostname jump1.domain
Host jump2
  Hostname jump2.domain
Host login1
  Hostname login1.cluster
  ProxyJump jump1
  #ProxyJump jump2

I'm not sure how to configure the IdentityFile entries for each jump host. The user on the jump hosts has different id_rsa keys in ~/.ssh, but both are in the authorized_keys file on login1.

Second thing I'm trying to do is join or start a tmux session. From CLI, I can run:

tmux has-session -t mysession || tmux new -s mysession && tmux a -t mysession

I've learned that to just join a running session (tmux a -t mysession), I need to include "RequestTTY yes" in my ssh config entry for login1. What I can't get working is the conditional statement that will fire up a new tmux session if it doesn't already exist.

I’ve seen a lot of recommends for Immich on here, so I have an idea what the answer here is going to be, but I’m looking for some comparisons between it and Photoprism I’m currently using Synology Photos, and I think my biggest issue is it’s lack of metadata management. I’ve gotten around that with MetaImage and NeoFinder. I’m considering moving to something not tied to the Synology environment.

I have a well pump in my garage that seems to have stopped working. When plugging it in, I hear it running, but the pressure never goes up, and the motor never stops. No idea what I’m doing with this thing.