Partially yes, the tricky thing is that when using network_mode: "service:tailscale" (presumably on the caddy container since that’s what needs to receive traffic from the tailscale network), you won’t be able to attach the caddy container to any networks since it’s using the tailscale network stack. This means that in order for caddy to reach your containers, you will need to add the tailscale container itself to the relevant networks. Any attached containers will be connected as well.

(Not sure if I misread the first time or if you edited but the way you say it is right, add the tailscale container to the proxy network so that caddy will also be added and can reach the containers)

Here’s the super condensed version of what matters for connecting traefik/caddy to a VPN like wireguard/tailscale.

• I left out all WG config since presumably you know how to configure tailscale
• Left out acme / letsencrypt stuff since that would be different on caddy anyway
• You may need to configure caddy to trust the tailscale tunnel IP of the machine on the other end that will be reverse proxying over the tunnel.
• Traefik I guess requires you to specify the docker network to use to reach stuff, I just put anything that should be accessible into “ingress” as you can see. I’m not sure if my setup supports using a different proxy network per app but maybe caddy allows that.

My traefik compose:

services:
  wireguard:
    container_name: wireguard
    networks:
      - ingress

  traefik:
    network_mode: "service:wireguard"
    depends_on:
      - wireguard
    command:
      - "--entryPoints.web.proxyProtocol.trustedIPs=10.13.13.1" # Trust remote tunnel IP, the WG container is 10.13.13.2
      - "--entrypoints.websecure.address=:443"
      - "--entryPoints.websecure.proxyProtocol.trustedIPs=10.13.13.1"
      - "--entrypoints.web.http.redirections.entrypoint.to=websecure"
      - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
      - "--entrypoints.web.http.redirections.entrypoint.priority=100"
      - "--providers.docker.exposedByDefault=false"
      - "--providers.docker.network=ingress"

networks:
  ingress:
    external: true

And then in a service’s docker-compose:

services:
  ui:
    image: myapp
    read_only: true
    restart: always
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.myapp.rule=Host(`xxxx.xxxx.xxxx`)"
      - "traefik.http.services.myapp.loadbalancer.server.port=80"
      - "traefik.http.routers.myapp.entrypoints=websecure"
      - "traefik.http.routers.myapp.tls.certresolver=mytlschallenge"
    networks:
      - ingress

networks:
  ingress:
    external: true

(edited to fix formatting on mobile)

I’ve done something similar but I’m not sure how helpful my example would be because I use wireguard instead of tailscale and traefik instead of caddy.

The principle is the same though, iirc I have my traefik container set to network_mode: “service:wireguard” so that the traefik container uses the wireguard container’s network stack. That way the traefik container also sees the wireguard interface and can receive traffic going to the wireguard IP. Then at the other end of the wireguard tunnel I can use haproxy to pass traffic to the wireguard IP through the tunnel and it automatically hits traefik.

If the battery inverter in the Anker box doesn’t pass through grid power then I think you would use an automatic transfer switch that switches between mains and battery inverter depending on which is powered. I had dreams of offsetting my homelab power with solar + battery + inverter.

If the machine doesn’t boot then you can use this to access the bios and boot a recovery environment of your choice remotely using pxeboot.

Immich has a setting that does automatic photo backup over WiFi, I use the android app as a Google photos replacement. You can choose however many folders on your phone as you want (I just do camera roll) and enable only backup over WiFi and it backs up all the photos in original quality. I self-host the server on my Synology with a reverse proxy (can’t forward ports at my current place due to cgnat) so I can access it from anywhere.

I believe the app is cross platform so the iPhone version should be identical to the android one.

I once had someone open an issue in my side project repo who asked about a major release bump and whether it meant there were any breaking changes or major changes and I was just like idk I just thought I added enough and felt like bumping the major version ¯⁠\⁠_⁠(⁠ツ⁠)⁠_⁠/⁠¯

Woah federation would be huge!

Someday I would love to be able to share and receive shared photos / albums to and from users on different servers. Especially if it lets me sync the original files so that I can keep a copy in case their server goes down. It would also be neat if you could enable activitypub so that your account could show up as a fediverse user that people can follow for public or approved follower only posts, pixelfed compatibility would be super cool.

Tired: knocking down corruption allegations by testifying and proving your innocence Wired: knocking down corruption allegations by cancelling the trial

Keep in mind that if you set up raid using zfs or btrfs (idk how it works with other systems but that’s what I’ve used) then you also get scrubs which detect and fix bit rot and unrecoverable read errors. Without that or a similar system, those errors will go undetected and your backup system will backup those corrupted files as well.

Personally one of the main reasons I used zfs and now btrfs with redundancy is to protect irreplaceable files (family memories and stuff) from those kinds of errors, as I used to just keep stuff on a hard drive until I discovered loads of my irreplaceable vacation photos to be corrupted, including the backups which backed up the corruption.

If your files can be reacquired, then I don’t think it’s a big deal. But if they aren’t, then I think having scrubs or integrity checks with redundancy so that issues can be repaired, as well as backups with snapshots to prevent errors or mistakes from messing up your backups, is a necessity. But it just depends on how much you value your files.

In addition to the possibility of reinforcement bars it could also have to do with the thickness of the tactile pad or it could have recessed spots underneath (to save on material if it was injection molded) that could create an insulating air gap.

My primary use case is safeguarding my important personal artifacts (family photos, digitized paperwork, encryption key / account recovery / 2FA backups) against drive failure (~2TB), followed by my decently sized Plex server (23TB), immich, nextcloud, and various other small things like selfhosted bitwarden, grocy, ollama, and stuff like that.

I run all of my stuff off of a 6 bay Synology (more drives helps with capacity efficiency as double redundancy with 6 drives costs you 30% and I wanted to be protected against drive failures during rebuilding) with an Intel nuc on top to run plex/jellyfin transcoding using quicksync instead of loading the poor nas with cpu transcoding, I also run ollama on the nuc since it has faster cores than the nas.

Oh nice, I completely forgot about the vault export since I’ve never used it. I was expecting to be able to “view” the passkey data when editing an entry like how you can view the password. It’s kind of inscrutable when viewing a single entry currently.

The key difference is that during normal use, the private key of the passkey doesn’t leave the device (or password manager). The passkey basically comes in 2 parts, the public and private (secret) part. In order to log in, the website presents a cryptographic challenge that is only solvable using your private key - and crucially you can solve the challenge without revealing your private key. An attacker could get your answer to the challenge and still be unable to solve additional challenges without the private part of your passkey.

This of course makes it basically impossible to manually log in using a passkey and a keyboard, without any password manager to do the cryptographic calculations (unless you have a LOT of paper and time), but the security advantage of making it near impossible to be phished is generally regarded as a net positive. In order to steal a passkey there would need to be a vulnerability in the software, since passkeys make it much harder to trick a user into giving it away (since tricking the user into logging in on a fake website doesn’t work due to the aforementioned cryptography, the main way to steal a passkey would be to trick the user into exporting it - which is a much higher bar).

If you mean the “passkeys” that are becoming popular as a “password replacement”, it’s basically speaking a public private keypair. What makes it more secure is that, under normal conditions (aside from backing up the passkey), the private “secret” part of the keypair never leaves the app or device it’s stored on. It’s only used temporarily to sign messages and prove that you have the secret key, unlike a password which needs to be sent securely to a server to validate.

You could in theory store a backup on a USB drive but since passkeys are new, it highly depends on the password manager you use to store the passkey. Since passkeys are more complex than something you can memorize/type, it has to be stored in a password manager of some sort to be useful, so you would need to check that password manager allows backing up passkeys. There is currently work being done to standardize the formats/protocols to transfer passkeys so it seems this is very much up in the air. For example, I use BitWarden which stores passkeys, but it seems like I can only add or delete passkeys to an entry, not export them and apparently they get exported with the passwords when the vault is exported. BitWarden also syncs your vault to every logged in device though so you could see that as a form of backup. Going one step further, even though BitWarden doesn’t have a passkey export/backup feature yet (in addition to Bitwarden’s vault export), the self-hosted server also stores all your passwords including passkeys in regular files which also can be backed up (this is how I back up my VaultWarden instance) - although it would probably be hard to use that backup in any other way besides restoring it onto a BitWarden server instance.

Edit: I didn’t realize passkeys were exported with the vault export, since I haven’t used it and noticed that editing an entry doesn’t allow you to view passkey data - only remove, updated my comment to reflect that.

First I’ll say, if you aren’t able to boot a windows installer off of a flash drive (and nothing’s wrong with your flash drive and you created it without errors and there isn’t a setting in bios preventing you from booting it like disabled USB boot) then it could be a hardware issue that Linux won’t fix (it’s not clear how you tried to reinstall windows). But if you’re able to get to the windows logo or the menu for safe mode then it sounds like it “POSTs” (gets past showing the bios screen) and windows should be reinstallable. In short, I think it’s unlikely to be a problem that only Linux can fix if you want to stick with windows.

That said, if you are otherwise interested in trying Linux and create a USB installer, most will allow you to exit the installer or choose to go into a temporary “live desktop” where nothing is saved, so it’s a good opportunity to try out how that distro feels to use - just don’t save anything important. And if you do end up installing either OS, you can use that “live mode” to use programs to back up any files from your main hard drive to another plugged in drive.

I’ve done a backup swap with friends a couple times. Security wasn’t much of a worry since we connected to each other’s boxes over ssh or wireguard or similar and used tools that allowed encryption. The biggest challenge for us was that in my selfhosting friend group we all prefer different protocols so we had to figure out what each of us wanted to use to connect and access filesystems and set that up. The second challenge was ensuring uptime and that the remote access we set up for each other stayed up - and that’s what killed the project as we all eventually stopped maintaining the remote access and nobody seemed to care - so if I were to do it again I would make sure all participants have alerts monitoring their shared endpoint.

It should be safe, using fstab is how I do a network mount to a specific folder also so it doesn’t change or anything.

Does fakespot have a chatbot? I thought it predated LLMs and is basically just some human-made algorithms to filter out suspicious reviews.

Somebody should make an api shim that proxies openapi compatible requests to this. And since Microsoft is forcing copilot on windows 10 they’re on the shit list too. Load balance all the AI workloads onto both of them through API adapters.

Brb uploading a 5GiB file from /dev/urandom to make sure there isn’t a byte of space left in OneDrive for them to do this to me.