I’m a professional software engineer and I’ve been in the industry since before Kubernetes was first released, and I still found it overwhelming when I had to use it professionally.

I also can’t think of an instance when someone self-hosting would need it. Why did you end up looking into it?

I use Docker Compose for dozens of applications that range in complexity from “just run this service, expose it via my reverse proxy, and add my authentication middleware” to “in this stack, run this service with my custom configuration, a custom service I wrote myself or forked, and another service that I wrote a Dockerfile for; make this service accessible to this other service, but not to the reverse proxy; expose these endpoints to the auth middleware and for these endpoints, allow bypassing of the auth middleware if an API key is supplied.” And I could do much more complicated things with Docker if I needed to, so even for self-hosters with more complex use cases than mine, I question whether Kubernetes is the right fit.

Can’t Keepass also generate TOTPs?

Proton doesn’t know that your password is 64 characters long because the hash will be the same length regardless. They also don’t know if you’ve reused your password on other sites.

Do you have two factor authentication set up? A lot of sites - Proton included - institute stricter security measures if you do not have 2FA enabled.

Claiming that GTA is responsible for mass shootings is an example of what pro-gun activists do in order to deflect the blame off of guns.

You can’t just consider the cheese! You gotta look up all the ingredients!

• https://www.cancateat.food/food/bread
• https://www.cancateat.food/food/lettuce
• https://www.cancateat.food/food/tomato
• https://www.cancateat.food/food/mayonnaise
• https://www.cancateat.food/food/beef
• https://www.cancateat.food/food/cheese

Consensus: hold the tomato! Otherwise, if there’s no seasoning, everything else is acceptable in small amounts.

This is what I would try first. It looks like 1337 is the exposed port, per https://github.com/nightscout/cgm-remote-monitor/blob/master/Dockerfile

x-logging:
  &default-logging
  options:
    max-size: '10m'
    max-file: '5'
  driver: json-file

services:
  mongo:
    image: mongo:4.4
    volumes:
      - ${NS_MONGO_DATA_DIR:-./mongo-data}:/data/db:cached
    logging: *default-logging

  nightscout:
    image: nightscout/cgm-remote-monitor:latest
    container_name: nightscout
    restart: always
    depends_on:
      - mongo
    logging: *default-logging
    ports:
      - 1337:1337
    environment:
      ### Variables for the container
      NODE_ENV: production
      TZ: [removed]

      ### Overridden variables for Docker Compose setup
      # The `nightscout` service can use HTTP, because we use `nginx` to serve the HTTPS
      # and manage TLS certificates
      INSECURE_USE_HTTP: 'true'

      # For all other settings, please refer to the Environment section of the README
      ### Required variables
      # MONGO_CONNECTION - The connection string for your Mongo database.
      # Something like mongodb://sally:sallypass@ds099999.mongolab.com:99999/nightscout
      # The default connects to the `mongo` included in this docker-compose file.
      # If you change it, you probably also want to comment out the entire `mongo` service block
      # and `depends_on` block above.
      MONGO_CONNECTION: mongodb://mongo:27017/nightscout

      # API_SECRET - A secret passphrase that must be at least 12 characters long.
      API_SECRET: [removed]

      ### Features
      # ENABLE - Used to enable optional features, expects a space delimited list, such as: careportal rawbg iob
      # See https://github.com/nightscout/cgm-remote-monitor#plugins for details
      ENABLE: careportal rawbg iob

      # AUTH_DEFAULT_ROLES (readable) - possible values readable, denied, or any valid role name.
      # When readable, anyone can view Nightscout without a token. Setting it to denied will require
      # a token from every visit, using status-only will enable api-secret based login.
      AUTH_DEFAULT_ROLES: denied

      # For all other settings, please refer to the Environment section of the README
      # https://github.com/nightscout/cgm-remote-monitor#environment

To run it with Nginx instead of Traefik, you need to figure out what port Nightscout’s web server runs on, then expose that port, e.g.,

services:
  nightscout:
    ports:
      - 3000:3000

You can remove the labels as those are used by Traefik, as well as the Traefik service itself.

Then just point Nginx to that port (e.g., 3000) on your local machine.

—-

Traefik has to know the port, too, but it will auto detect the port that a local Docker service is running on. It looks like your config is relying on that feature as I don’t see the label that explicitly specifies the port.

Thank you! That gives me a starting point that should be easy to look up!

Why is 255 off limits? What is 127.0.0.0 used for?

To clarify, I meant that specific address - if the range starts at 127.0.0.1 for local, then surely 127.0.0.0 does something (or is reserved to sometimes do something, even if it never actually does in practice), too.

Advanced setup would include a reverse proxy to forward the requests from the applications port to the internet

I use Traefik as my reverse proxy, but I have everything on subdomains for simplicity’s sake (no path mapping except when necessary, which it generally isn’t). I know 127.0.0.53 has special meaning when it comes to how the machine directs particular requests, but I never thought to look into whether Traefik or any other reverse proxy supported routing rules based on the IP address. But unless there’s some way to specify that IP and the IP of the machine, it would be limited to same device communications. Makes me wonder if that’s used for any container system (vs the use of the 10, 172.16-31, and 192.168 blocks that I’ve seen used by Docker).

Well this is another advanced setup but if you wanted to segregate two application on different subnets you can. I’m not sure if there is a security benefit by adding the extra hop

Is there an extra hop when you’re still on the same machine? Like an extra resolution step?

I still don’t understand why .255 specifically is prohibited. 8 bits can go up to 255, so it seems weird to prohibit one specific value. I’ve seen router subnet configurations that explicitly cap the top of the range at .254, though - I feel like I’ve also seen some that capped at .255 but I don’t have that hardware available to check. So my assumption is that it’s implementation specific, but I can’t think of an implementation that would need to reserve all the .255 values. If it was just the last one, that would make sense - e.g., as a convention for where the DHCP server lives on each network.

Why is 255 off limits? What is 127.0.0.0 used for?

I thought Hue bulbs used Zigbee?

The up arrow moves through the letters, e.g., A->B->C. The down arrow moves to the next character in the sequence, e.g., C->CA->CAA. If you click past the correct letter, you’ll have to click all the way through again. And if you submit the wrong letter, you have to start all over (after it takes twenty seconds attempting to connect with the wrong password and then alerts you that it didn’t work, of course).

It’s incredibly compatible. Capitalists want laborers to work hard. It encourages laborers to work hard so they can one day be capitalists themselves.

It also encourages them to vote for politicians who don’t serve them, but politicians, because someday they’ll benefit from their pro-business policies.

The American Dream is capitalist propaganda, not anticapitalist.

Your comment wasn’t in a meta discussion; it was on a post where they were venting about people complaining about them having a women’s only space. There was certainly no indication that the regular community rules didn’t apply, nor any invitation for men to comment.

Commenting that it’s hostile for them to have a women’s only space might be ironic, but couldn’t possibly be good faith, in that context. And if the same mod banned you from multiple communities, then either it was out of line and you could appeal it, or it was warranted due to the perceived likelihood of you causing problems in those other communities and the perceived low likelihood of you contributing anything of value to them.

Even now, you’re acting like the mod(s) banned you because of her / their emotions. You don’t see how that’s misogynistic?

It makes logical sense for bad actors to be preemptively banned. Emotions have nothing to do with it.

You got the idea!

We’re in c/showerthoughts. “What if my grandma was a bike?” would fit right in

I think the best way to handle this would be to just encode everything and upload all files. If I wanted some amount of history, I’d use some file system with automatic snapshots, like ZFS.

If I wanted to do what you’ve outlined, I would probably use rclone with filtering for the extension types or something along those lines.

If I wanted to do this with Git specifically, though, this is what I would try first:

First, add lossless extensions (*.flac, *.wav) to my repo’s .gitignore

Second, schedule a job on my local machine that:

1. Watches for changes to the local file system (e.g., with inotifywait or fswatch)
2. For any new lossless files, if there isn’t already an accompanying lossy files (i.e., identified by being collocated, having the exact same filename, sans extension, with an accepted extension, e.g., .mp3, .ogg - possibly also with a confirmation that the codec is up to my standards with a call to ffprobe, avprobe, mediainfo, exiftool, or something similar), it encodes the file to your preferred lossy format.
3. Use git status --porcelain to if there have been any changes.
4. If so, run git add --all && git commit --message "Automatic commit" && git push
5. Optionally, automatically craft a better commit message by checking which files have been changed, generating text like Added album: "Satin Panthers - EP" by Hudson Mohawke or Removed album: "Brat" by Charli XCX; Added album "Brat and it's the same but there's three more songs so it's not" by Charli XCX

Third, schedule a job on my remote machine server that runs git pull at regular intervals.

One issue with this approach is that if you delete a file (as opposed to moving it), the space is not recovered on your local or your server. If space on your server is a concern, you could work around that by running something like the answer here (adjusting the depth to an appropriate amount for your use case):

git fetch --depth=1
git reflog expire --expire-unreachable=now --all
git gc --aggressive --prune=all

Another potential issue is that what I described above involves having an intermediary git to push to and pull from, e.g., running on a hosted Git forge, like GitHub, Codeberg, etc… This could result in getting copyright complaints or something along those lines, though.

Alternatively, you could use your server as the git server (or check out forgejo if you want a Git forge as well), but then you can’t use the above trick to prune file history and save space from deleted files (on the server, at least - you could on your local, I think). If you then check out your working copy in a way such that Git can use hard links, you should at least be able to avoid needing to store two copies on your server.

The other thing to check out, if you take this approach, is git lfs. EDIT: Actually, I take that back - you probably don’t want to use Git LFS.

Sure - Wikipedia says it better than I could hope to:

As English-linguist Larry Andrews describes it, descriptive grammar is the linguistic approach which studies what a language is like, as opposed to prescriptive, which declares what a language should be like.[11]: 25  In other words, descriptive grammarians focus analysis on how all kinds of people in all sorts of environments, usually in more casual, everyday settings, communicate, whereas prescriptive grammarians focus on the grammatical rules and structures predetermined by linguistic registers and figures of power. An example that Andrews uses in his book is fewer than vs less than.[11]: 26  A descriptive grammarian would state that both statements are equally valid, as long as the meaning behind the statement can be understood. A prescriptive grammarian would analyze the rules and conventions behind both statements to determine which statement is correct or otherwise preferable. Andrews also believes that, although most linguists would be descriptive grammarians, most public school teachers tend to be prescriptive.[11]: 26

You might be interested in reading up on the debate of “Prescriptive vs Descriptive” approaches in a linguistics context.