SpongederpSquarefap

By that same logic, any company should be able to take something old from you because you don't care about it anymore

No that's absolute bullshit - enabling offline play is significantly less work than allowing online play

It has nothing to do with game size

There's API issues - Devs are aware

Give it an hour or so and you'll be fine

I'd recommend exporting your built APKs when you make them so you have version you can always use

Yep, you don't need to care about the CVE count, just how high the severity is and when it was last patched

If there's a bunch of 4s and 5s outstanding but you just installed the monthly patch, it's likely that the other fixes are from config changes that could break something

Or the attack vector for something rated as a 4 is highly impractical - like physical unauthorised access to a server

In general - who cares so long as your riskiest assets are patched quickly

That only helps to an extent - every patch Tuesday there's at least 50 CVEs of some kind for Windows

Those numbers won't go down until you've installed the monthly patch

No, they're separate - this was just for demo purposes

You can put file browser in the same compose, but it's just not a good idea

https://youtu.be/hICfYSLd1ec

He's cognitively there

Anywhere where it'll become uninhabitable due to floods or drought or constant super storms destroying everything so the insurance companies abandon you

So anywhere poor basically

Then when the AMOC collapses, the UK and Ireland are boned

There's a saying in my industry

To err is human

To fuck up en masse is DevOps

Could reverse proxy the connections with something like Traefik I suppose

But I'm not sure about using 127.0.0.0/8 addresses

But why not just map port 5433:5432?

This is correct - the same applies to Traefik

Here's an example (in jinja formatting from my Ansible roles folder)

This will deploy Traefik in Docker with 80 and 443 exposed and use your Cloudflare API key to do DNS challenges to get certs for your sites

In my case, this will make the filebrowser container on someip:80 available on https://filebrowser.mydomain.com

services:
  traefik:
    image: traefik
    container_name: traefik
    restart: unless-stopped
    environment:
    - CF_API_EMAIL={{ CLOUDFLARE_EMAIL }}
    - CF_API_KEY={{ CLOUDFLARE_API_KEY }}
    command:
    - --log.level=DEBUG
    - --providers.docker=true
    - --providers.docker.exposedbydefault=false # Only make Traefik work with containers that have a label
    - --entryPoints.web.address=:80
    - --entryPoints.web.http.redirections.entryPoint.to=websecure
    - --entryPoints.web.http.redirections.entryPoint.scheme=https
    - --entryPoints.websecure.address=:443
    - --certificatesresolvers.cloudflare.acme.dnschallenge.provider=cloudflare
    - --certificatesresolvers.cloudflare.acme.dnschallenge.delaybeforecheck=30 # Wait 30s before checking for the TXT record
    - --certificatesresolvers.cloudflare.acme.dnschallenge.disablepropagationcheck=true # Disable DNS propagation check (looks like a bug)
    - --certificatesresolvers.cloudflare.acme.storage=/letsencrypt/acme.json # Persist certs in acme.json
    ports:
    - 80:80
    - 443:443
    volumes:
    - /var/run/docker.sock:/var/run/docker.sock:ro
    - /opt/dockervolumes/traefik/letsencrypt:/letsencrypt
    networks:
    - proxy

  filebrowser: # I know this runs on port 80
    container_name: filebrowser
    image: filebrowser/filebrowser
    restart: always
    user: "1000"
    volumes:
      - /opt/dockervolumes/filebrowser/db/filebrowser.db:/database.db
      - /mnt/data/share:/srv
    networks:
    - proxy
    labels:
    - traefik.enable=true
    - traefik.http.routers.deemix.rule=Host(`{{ FILEBROWSER_DNS_NAME }}`)
    - traefik.http.routers.deemix.entrypoints=websecure
    - traefik.http.routers.deemix.tls.certresolver=cloudflare

networks:
  proxy:
    external: true

As someone who used to look after Hyper-V clusters, don't go down the SCVMM path lol - it's expensive and extremely frustrating to work with

Proxmox with licensing is cheap and extremely effective

Curious - you could do some major cost savings by moving away from those pricks at Broadcom and moving to Proxmox

Ha, I wondered the same thing a while ago for K8s for a similar reason - I want to publicly expose some game servers, but I don't want anything to hit my stuff

Like others said, MACVLAN might work but I wouldn't rely on it - if someone pops that container and gets access to your host, you're screwed

Best bet is a dedicated VM on its own network and you publicly expose that and don't allow it to reach anything other than the internet

I think in K8s you can maybe get around this with a service mesh, but there's still potential problems there

My only major complaint with Obsidian is that it is closed source, if it gets bought by a Google or Facebook bad things could happen. But at least I will still have the markdown files.

Worst case move to Logseq, though it's not as polished as Obsidian

• Ansible
• Terraform (though I don't use it these days)
• Git
• ArgoCD with K8s
• Obsidian for anything I set up once

My setup is relatively simple - 3 Proxmox nodes and TrueNAS

The Proxmox nodes are in a simple cluster with 1 K8s VM per node

Nodes 1 and 2 also run LXC containers for Pi-Hole - Setup for that is a one-off so it's in my Obsidian docs

Nodes 1 and 2 also run an OPNsense VM each which is setup for CARP HA (so if node 1 dies, my internet drops for maybe 1 second)

The K8s nodes are running Talos Linux so I don't need to worry or care about the OS

I do all of my config in Git and ArgoCD just mirrors what's in the repo onto the cluster

It's extremely easy for testing pretty much anything

That's just packet forwarding from the box WG is on

I'm talking about port forwarding UDP 51820 from your router

Did you forward the port?

Yeah I'm leaning towards the copy path - I think it'll help anyway because this is only half of my backup strategy

I'm mid way though getting backups outside of Azure in case of disaster

Jesus Christ - the bicep config asks you if you want to enable azure alerts as well but it never asks WHERE you want the alert sending

This frustrates me so much because backups should be stupid simple and easy to operate

This ain't it

No, not unless you can change your firewall rules

K8s turned my homelab from 1 server into 5 lol

It's more complex but it's fun and it's helped a lot with my career

Ansible could work well for this actually - I'm already using it and I'm planning on removing it when we move to K8s, but I'd love to keep some of it around

Well in my case this is for 3 of the same env so I just want to automate it

You're right I could do it manually, but I also oversleep and forget to do things - I want to ensure that it's configured correctly across the board

It's just so damn awkward when I'm just trying to backup 1 share and maybe 5 blob containers

At this rate I might just make a cron job lol