The way to do this is plausible deniability. There is software that allows creating an encrypted volume with two passwords, resulting in two different decrypted volumes. So you give the duress password and there is no incriminating data on there.
For example grapheneOS also has a duress pin that wipes the device.
Get yourself a carbon monoxide detector, that stuff is deadly and should be ruled out first.
Exactly the opposite for me, using official container images is a major time save.
The containers will store their data in volumes, and ideally those volumes are individual ZFS datasets. The containers themselves are stateless, and you can just boot them up with the volume to “restore” them.
However if you want to learn proxmox anyway this is a moot point anyway.
Some concerns:
Anything based on nagios supports custom checks, via any executable script.
apt install nginx
cp -r my-files/* /var/www/
I wouldn’t use it unless you have a separate room somewhere, they are VERY loud.
I disagree with this, container runtimes are a software like all others where logging needs to be configured. You can do so in the config of the container runtime environment.
Containers actually make this significantly easier because you only need to configure it once and it will be applied to all containers.
Docker stores that stdout per default in a log file in var/lib/docker/containers/…
Containers don’t do log rotation by default and the container itself has no say in the matter. You have to configure it in your container runtime config.
In the oidc provider in authentik you have to enable sending the groups. I forgot what its called.
Roles in authentik are for permissions in authentik. You want a group instead. Group memberships are send via OIDC.
Basically it works by every component validating the next one before loading it.
They do this by checking a cryptographic signature. Specifically, UEFI checks that the bootloader is signed by a certificate that is in turn signed by a certificate authority (CA). You can upload custom CA keys in the UEFI interface.
Per default, every UEFI ships with the Microsoft CA. That does not mean you can only run secureboot with Windows and you absolutely should enable secureboot on every machine you own. Microsoft does sign other signing keys allowing them to be also used with secureboot. For example, every major Linux distro has keys signed by the Microsoft CA and so secureboot works out of the box with those.
Even if you have an OS that does not have a signing key signed by the Microsoft CA, you can upload your own secureboot keys to get around that.
It should be pretty clear at this point that all of this is pointless if you do not set a UEFI password.
I would put truenas on the NAS, also put a VM on truenas with 16-24G of RAM.
Create a kubernetes or docker swarm cluster with server 1 and the nas vm and just have everything as containers. This way you just have one resource pool, and the containers will be started wherever there are enough resources available. The containers will mount NFS shares from truenas which truenas will create automatically as ZFS datasets. ZFS supports snapshots.
I just want to voice the thought that “ripped off” is not a good term for this. It has a very negative connotation. The reality is, people try all kinds of stuff and whatever works sticks. That’s a good thing.
You mean a hotbar? Minecraft didn’t come up with that.
That is impossible. There are more unique experiences than one can have in their lifetime. Getting a bachelors, meaning really surface level understanding in one topic takes three full time years. If you actually had nothing else to do, you could do that for maybe 15 topics. And that’s just learning. What about sports, music, traveling and the endless other human activities.
Often, that money is used to fund the historical site to which the fountain belongs, they are basically donations.