glizzyguzzler

As far as I know (unless smarter people know), you need a “long ass backup script” to make your own fun on a set schedule. Autorestic and borgmatic are smooth but don’t seem to have the granularity to deal with it. (Unless smarter people know how to make them do, which I may be fishing for lol)

That’s ok for a database that’s running?

Do you use a ZFS backup manager?

Ah gotchya, well docker compose plus the image is pretty necessary for me to easily manage big ass/complicated database-based storage services like paperless or Immich - so I’m locked in!

And I’d still have to specially handle the database for backup even if it wasn’t in a container…

;.; I don’t know what this means

Yea I likely don’t have a full understanding, just getting into this and all. That’s why I decided a hard req was to force the images to run in a non-root context. (I did succeed, prolly)

But the macvlan does have its own IP with the associated ports free and that will let the adguard home image bind 53 while the host can squat on it with dns listener stub or whatever the fuck it does by default. The macvlans is a recommended thing by the Docker adguard home guides to bypass the host or other processes already binding 53, I didn’t cook it up myself.

Anyway, this is the first I’m hearing of traffic or caddy in this context - googling those is not ez pz so it’ll take me a bit to know what you’re implying I should do!

Edit: I’m not gonna understand traffic or caddy beyond the surface level, the main pages are enterprise-focused so I’m not sure how they apply. I’ll have to wait to run into an organic use case (with wordy guide) to truly understand them, I think. (Other than traffic could redirect but it’s called a reverse proxy but I think, at least in this context, that’s a fancy word for redirect. So use it somehow instead of forwarding specific ports?)

Thank you for the in-depth explanation!! I’ll keep this in mind as I try to club my way through podman!

I have tried pre-making the network in podman directly beforehand, but because I want a second docker image binding to port 53 I was under the impression that I had to use macvlans

Huh you’d think macvlans would have an error telling me to kick rocks for trying to use it in a rootless state. I guess that’s why it can’t see anything?

Weird though, like why can’t I make the macvlans network interface as root and then let rootless containers connect to it? If I sudo make the macvlans network thing it lives in the sudo podman zone. Hm

Love the idea, but theoretically with this “macvlan” it will have its own IP address and thus have free reign of all of its ports and not have any conflicts

I’ve made it so the host OS doesn’t require root, are you saying I’d need to make the image also do that?

I see, I’ll check that out and also check out how to ascertain that lol

Does that “similar security” still count if the image is hacked? Since the capability for “real” root is there.

I am reasonably pleased with my TV UI approximation. It’s an old Skylake-era CPU running Windows 10 Enterprise IoT LTSC which lasts until 2032.

I chose windows because Linux is often limited to 720p browser streaming. And I got tired of overcoming hurdles to make the thing work well, forget what they were but damn they sucked and took a lot of time. Burned through a ton of my self-allotted time fixing stuff till I just ripcorded Win 10 Ent IoT LTSC; Linux might go better for you!

Anyway, it’s at 150% desktop scale and I have the task bar auto hide. I have icons for all streaming sites, Freetube, and Jellyfin on the desktop arranged in a grid. It looks reasonably good, they open in Firefox or in their apps. I close the whole window when I’m done (I don’t use the browser’s tabs), which helps with the “TV box” feel of usage.

I have a remote that has some IR functions to turn the TV on and off and change inputs along with gyro mouse control. It’s hella China, just buy one on your relevant China source (Amazon, alibaba, etc.) - there are tons of clones. The light up feature on it makes an audible hum, so that sucks, but I don’t use it and don’t seem to miss it.

Best bonus is it blocks ads on all the streaming services I have (uBlock origin mostly, also AdGuard but I think uBlock Origin does the heavy lifting). And can turn on WireGuard for modern account sharing, going to automate it soon for certain streaming services.