This has no relevance to politics and I’m not attacking anything by saying forcing sign ups is a barrier to content or that you’re wrong about it having anything to do with bots, you dork.

No it isn’t, they are letting bots scrape the articles just like every other news site for that sweet, sweet SEO. Why do you think the archive.is link has the full article?

Still a wall between people clicking the link and the content.

That reddit thread is horrible advice, it’s just mapping the LXC root user to the host root user, which is just a privileged LXC with extra steps (and maybe less secure).

The reason you’re probably having issues is that your root user in the LXC is mapped to the host user 100000 by default, and that user doesn’t have access to the share, but you can change that with mount options or creating a user with 100000:100000 and adding it to a group with access.

I use Tautulli, but I’m not sure if that is going to cover all the same use cases.

For anything. You can get a push notification for anything you can make run a script or send an http request.

Just run docker in an LXC. That’s what I do when I have to.

I’m not really worried about it. Each LXC runs as its own user on the host, and they only have access to what they need to run each service.

If there’s an exploit found that makes that setup inherently vulnerable then a lot of people would be way more screwed than I would.

I don’t have anything publically accesible on my network (other than wireguard), but if I did I’d just put whatever it was on its own VLAN, run a wireguard server on it, and use a VPS as a reverse proxy that connects to it.

I only use unprivileged LXCs and everything I host on my network runs in its own LXC, so I’m not really worried about someone getting access to the host from there.

Truly one of the most embarassing things I have ever seen someone share publically.

Over polite comments responding to an opinion about a video game.

lol I would open every port on my router and route them all to wireguard before I would ever consider doing this

I use notifications in Thunder and I’ve had no issues. I haven’t compared the difference or anything, but when I’ve happened to check battery usage it’s always been a reasonable amount for how much I’ve used it that day. It does generate a decent amount of network traffic since it’s regularly checking with you instance for it, and that traffic is generated for each account you have reaching out to each instance. That should be how any FOSS app works though, the alternative would be something like Sync where you pay to have actual pushes sent from their server.

I use Nextcloud with Nginx Proxy Manager and just use NPM to handle the reverse proxy, nothing in Nextcloud other than adding the domain to the config so it’s trusted.

I use Plex instead of Jellyfin, but I stream it through NPM with no issues. I can’t speak to the tunnel though, I prefer a simple wireguard tunnel for anything external so I’ve never tried it.

Edit: unless that’s what you mean by tunnel, I was assuming you meant traefik or tailscale or one of the other solutions I see posted more often, but I think one or both of those use wireguard under the hood.

The issue is that the docker container will still be running as the LXC’s root user even if you specify another user to run as in the docker compose file or run command, and if root doesn’t have access to the dir the container will always fail.

The solution to this is to remap the unprivileged LXC’s root user to a user on the Proxmox host that has access to the dir using the LXC’s config file, mount the container’s filesystem using pct mount, and then chown everything in the container owned by the default root mapped user (100000).

These are the commands I use for this:

find /var/lib/lxc/xxx/rootfs -user 100000 -type f -exec chown username {} +;
find /var/lib/lxc/xxx/rootfs -user 100000 -type d -exec chown username {} +;
find /var/lib/lxc/xxx/rootfs -user 100000 -type l -exec chown -h username {} +;
find /var/lib/lxc/xxx/rootfs -group 100000 -type f -exec chown :username {} +;
find /var/lib/lxc/xxx/rootfs -group 100000 -type d -exec chown :username {} +;
find /var/lib/lxc/xxx/rootfs -group 100000 -type l -exec chown -h :username {} +

(Replace xxx with the LXC number and username with the host user/UID)

If group permissions are involved you’ll also have to map those groups in the LXC config, create them in the LXC with the corresponding GIDs, add them as supplementary groups to the root user in the LXC, and then add them to the docker compose yaml using group_add.

It’s super confusing and annoying but this is the workflow I’m using now to avoid having to have any resources tied up in VMs unnecessarily.

I’ve been doing this for at least a decade now and the drives are just as reliable as if you bought them normally. The only downside is having to block one of the pins on the SATA connector with kapton tape for it to work.

Someone made something up about you once, so now your plan is to never be introspective again for the rest of your life?

Good luck with that. I’m sure the issue in that situation was definitely how self-aware you were at the time.

I like the workflow of having a DNS record on my network for *.mydomain.com pointing to Nginx Proxy Manager, and just needing to plug in a subdomain, IP, and port whenever I spin up something new for super easy SSL. All you need is one let’s encrypt wildcard cert for your domain and you’re all set.

IIRC from running into this same issue, this won’t work the way you have the volume bind mounts set up because it will treat the movies and downloads directories as two separate file systems, which hardlinks don’t work across.

If you bind mounted /media/HDD1:/media/HDD1 it should work, but then the container will have access to the entire drive. You might be able to get around that by running the container as a different user and only giving that user access to those two directories, but docker is also really inconsistent about that in my experience.

If you want Proxmox to dynamically allocate resources you’ll need to use LXCs, not VMs. I don’t use VMs at all anymore for this exact reason.

The only one I can think of is that Source might still have some id code in it from the goldsrc days, but that was before it was open sourced.