I don’t but lots of people stick anyways to a single network with some kind of crappy router and from OPs post I assumed that OP doesn’t really care about security, see SELinux
SELinux should not be an issue if you stick to common directories and use :Z flag after the mount path with docker, afaik podman uses the same mechanism. There’s even a tool for selinux container policies: https://github.com/containers/udica
Regarding firewall stuff, disable it on your machine and you are fine. Port forwarding in containers is necessary to connect to services, now way around.
Ah and read this: https://stopdisablingselinux.com/
It has a reason why it exists.
I got different colors for Kubernetes clusters. Like green for testing cluster, yellow for development and red for production. Always taking a Quick Look before I do something
Only thing I miss is proper support for some services I use. Minikube is afaik still a pain with podman, at least rootless. Gitlab runner still doesn’t support podman completely imho. But a plus to docker is that they still build packages for EL 7 while the podman version in EL 7 is pretty damn old. Besides from that I went podman all the way.
This is the graybeard way! Even Korloks are sooo easy when your team shooting it all the time and as a driller dig a tunnel under the main thingy and when it opens just drill into it from below.
Pray for Olaf 🙏
Postfix! I worked at an E-commerce company that sent newsletters(spam) through shitty Windows SMTP servers. Looking for speed and some other neat things (DKIM and modify headers) I setup postfix on Debian and I guess this system is still running. Quickly after that I explored NGINX as a reverse proxy for yet again shitty Windows IIS webservers. This was my entry to open source and Linux in general.
Ah I see, ragica is right. krunner bin is part of plasma-workspace, kinda misleading that there's an own package.
paru -Fy krunner
:: Synchronizing package databases...
core 1014.4 KiB 956 KiB/s 00:01 [-------------------------------------------] 100%
extra 38.2 MiB 1133 KiB/s 00:34 [-------------------------------------------] 100%
multilib 215.2 KiB 391 KiB/s 00:01 [-------------------------------------------] 100%
extra/plasma-workspace 5.27.7-2 (plasma)
usr/bin/krunner
I dont't see plasma-workspace as a dependecy. Output from paru:
paru -S krunner ✔ 41s
resolving dependencies...
looking for conflicting packages...
Packages (41) kactivities-5.109.0-1 kauth-5.109.0-1 kbookmarks-5.109.0-1 kcodecs-5.109.0-1 kcompletion-5.109.0-1
kconfig-5.109.0-1 kconfigwidgets-5.109.0-1 kcoreaddons-5.109.0-1 kcrash-5.109.0-1 kdbusaddons-5.109.0-1
kdeclarative-5.109.0-1 kded-5.109.0-1 kglobalaccel-5.109.0-1 kguiaddons-5.109.0-1 ki18n-5.109.0-1
kiconthemes-5.109.0-1 kio-5.109.0-2 kirigami2-5.109.0-1 kitemviews-5.109.0-1 kjobwidgets-5.109.0-1
knotifications-5.109.0-1 kpackage-5.109.0-1 kservice-5.109.0-1 ktextwidgets-5.109.0-1 kwallet-5.109.0-1
kwayland-5.109.0-1 kwidgetsaddons-5.109.0-1 kwindowsystem-5.109.0-1 kxmlgui-5.109.0-1
libdbusmenu-qt5-0.9.3+16.04.20160218-6 media-player-info-24-2 plasma-framework-5.109.0-1
polkit-qt5-0.114.0-1 qca-qt5-2.3.7-1 qt5-multimedia-5.15.10+kde+r3-1 qt5-speech-5.15.10+kde+r1-1
qt5-wayland-5.15.10+kde+r57-1 solid-5.109.0-1 sonnet-5.109.0-1 threadweaver-5.109.0-1 krunner-5.109.0-1
Total Download Size: 41.58 MiB
Total Installed Size: 133.02 MiB
This is still alot for one tool, but as far as I can see it will not install the whole plasma desktop again. I am running GNOME, so not sure if GNOME already brings some dependencies not mentioned in my output.
Surprised that nobody yelled Proton yet? Lots of Windows games running pretty good, some close to native, some even better on Linux through Proton. But here is the thing you mentioned which could be a problem: anti cheat. It works on Linux but depends on the developer to enable it. Some major games simply does not support it. You can check them here: https://areweanticheatyet.com/ , for general compability check https://protondb.com , even non Steam games can run through Lutris with little to no hassle. Proxmox with GPU passthrough seems like a big clunky overhead in terms of gaming but maybe you got that game that will never run on Linux.
Maybe it is too late because of your filesystem choice but btrfs snapshots delievers enough security if something goes wrong. Rsync seems like a little bit overhead for updating only There is even a pacman hook that makes pre and post snapshots of your filesystem with snapper. Tldr: most of your steps can be automated with pacman hooks. But if you like it this way its fine
Thanks for clarification. I think I heard about Trisquel but to be tbh most Linux beginners do not surf the FSF website at first, they just google stuff and find a ton of blogs and articles and dive into the pretty standard distros like Mint and Ubuntu.
Oh it is not that much, I run adguard DNS with adblocking, searxng as my search engine, vaultwarden as my password manager. All combined with Argo CD as GitOps engine, nginx ingress with cert-manager for lets encrypt certificates, longhorn as storage layer and metallb as loadbalancer solution. I am planning to completely replace my current setup (which is an old sandy bridge powered HP microserver) with a turing pi 2 clusterboard with 4 RPi4 CMs as soon as they get cheaper.
I run k3s and all my stuff runs in it no need to deal with docker anymore.
I never heard of this distros lol. I think distrochooser is a tool for newbies. If you know your mentioned distros it is not the tool for you I guess.
You got a point with NVD but this case shows how one could damage the reputation of a product - this really looks like Bagder didnt care about security, even the 2020 prefix is a bad sign looking from the outside. I am not sure how the NVD define CVE scores but as bagder openly explains this isnt a flaw in security, just a bug he already fixed years ago.
Custom Kubernetes controller that can be used to replicate secrets, configmaps and certificates. - GitHub - emberstack/kubernetes-reflector: Custom Kubernetes controller that can be used to replica...
I was wondering how I could use a wildcard lets encrypt certificate with different Ingresses in different namespaces and found this at the cert manager documentation. Quite easy to setup, just add some annotations and the certificate (and any other secret or configmap) will be automatically reflected to given namespaces.
Hey there,
not sure if this is really the problem but yesterday I updated my Arch (btw) system and today I tried to play via steam some games. I noticed that my system became really laggy after a game started (no matter what game). I inspected my pacman.log and searched for GPU/gaming related packages.
I identified these packages were upgraded:
mesa (1:23.1.5-1 -> 1:23.1.6-1) lib32-libva-mesa-driver (1:23.1.5-1 -> 1:23.1.6-1) lib32-mesa (1:23.1.5-1 -> 1:23.1.6-1) vulkan-radeon (1:23.1.5-1 -> 1:23.1.6-1) lib32-vulkan-radeon (1:23.1.5-1 -> 1:23.1.6-1) libva-mesa-driver (1:23.1.5-1 -> 1:23.1.6-1) opencl-clover-mesa (1:23.1.5-1 -> 1:23.1.6-1) opencl-rusticl-mesa (1:23.1.5-1 -> 1:23.1.6-1)
I am not a fan of downgrading packages but I didn't see any other solution yet.
I downgraded the above packages back to 23.1.5-1 and my memory usage is as expected.
Leaving this here as possible quick fix, didn't find anything yet on arch bugtrackers or something.
Someone struggling with the same issues?
