I doubt most user have any need for great nc performance.

I also doubt those “super performant nextcloud flakes” are actually any faster than a plain old default nc deployment; especially for our use-cases.

Using NixOS is a good recommendation though. Just don’t do flakes unless you actually understand what problem they intend to solve and how catastrophically bad they are at it.

I’d suspect the bots would just try again with a masked user agent when they receive a 403.

I think the best strategy would be to feed the bots shit that looks like real content.

I was drawing an average of 2.5kWh after a week of monitoring my whole rack

That doesn’t seem right; that’s only ~18W. Each one of those systems alone will exceed that at idle running 24/7. I’d expect 1-2 orders of magnitude more.

You should scrub your data regularly with btrfs. That’s just a mean to verify the data is in-tact though; to detect corruption.

You cannot really do anything actively to keep the data in-tact. Failure can and will happen. To keep your data safe, you must plan for failure to happen:

Expect a power surge to fry all your disks at the same time.
Expect your house to burn down or flood.
Expect to run the wrong command and istantly hose your entire array.
Expect your backup server to get ransomware’d.
…

Only if you effectively mitigate these dangers will your data stay safe.

Pretty cool!

Have you thought about whether this could also be used for limited write access? A common use-case for abusive image gallery services that you cannot ordinarily fulfil with Immich is shared albums where multiple people that e.g. attended the same event can collect pictures in without complex authentication (just a single shared secret or even just the link to the album).

Ahhhhh whyyyyy, you’ve got all of these standard response codes made for you, why would you blatantly ignore them like that?!

I know that part.

The other fork has existed for a long while.

Is this your personal phone? If your work were to dictate what you are allowed to install on your personal phone, that’d be a serious overstepping of bounds.

Perhaps you can sneak in f-droid via adb install and give it app installation permissions via ADB though.

What’s the history behind this? Why could the changes be done upstream, necessitating a fork?

https://lemmy.ndlug.org/post/1268531

TS is a lot easier to set up than WG and does not require a publicly accessible IP address nor any public whatsoever. It’s not really comparable to setting WG up yourself; especially w.r.t. security.

As it says on the website, this is still in development and not actually ready for use by mere mortals quite yet. It hopefully will be at some point though as that is its explicit goal.

It’s a central server (that you could actually self-host publicly if you wanted to) whose purpose it is to facilitate P2P connections between your devices.

If you were outside your home network and wanted to connect to your server from your laptop, both devices would be connected to the TS server independently. When attempting to send IP packets between the devices, the initiating device (i.e. your laptop) would establish a direct wireguard tunnel to the receiving device. This process is managed by the individual devices while the central TS service merely facilitates communication between the devices for the purpose of establishing this connection.

If you’re worried about that, I can recommend a service like Tailscale which does not require permanently open ports to the outside world, offering quite a bit more security than an exposed traditional VPN server.

;)

Good luck packaging new stuff

Packaging is generally hard on any distro.

Compared to a traditional distro, the packaging difficulty distribution is quite skewed with Nix though as packages that follow common conventions are quite a lot easier to package due to the abstractions Nixpkgs has built for said conventions while some packages are near impossible to package due to the unique constraints Nix (rightfully) enforces.

good luck creating new options

Creating options is really simple actually. Had I known you could do that earlier, I would have done so when I was starting out.

Creating good options APIs is an art to be mastered but you don’t need to do that to get something going.

good luck cross-compiling

Have you ever tried cross-compiling on a traditional distro? Cross-compiling using Nixpkgs is quite easy in comparison.

actually good luck understanding how to configure existing packages

Yeah, no way to do so other than to read the source.

It’s usually quite understandable without knowing the exact details though; just look at the function arguments.

Also beats having no option to configure packages at all. Good luck slightly modifying an Arch package. It has no abstractions for this whatsoever; you have to copy and edit the source. Oh and you need to keep it up to date yourself too.

Gentoo-like standardised flags would be great and are being worked on.

good luck getting any kind of PR merged without the say-so of a chosen few

Hi, one of the “chosen few” here: That’s a security feature.

Not a particularly good one, mind you, but a security feature nonetheless.

There’s also now a merge bot now running in the wild allowing maintainers of packages to merge automatic updates on their maintained packages though which alleviates this a bit.

have fun understanding why some random package is being installed and/or compiled when you switch to a new configuration.

It can be mysterious sometimes but once you know the tools, you can directly introspect the dependency tree that is core to the concept of Nix and figure out exactly what’s happening.

I’m not aware of the existence of any such tools in traditional distros though. What do you do on i.e. Arch if your hourly shot of -Syu goes off and fetches some package you’ve never seen before due to an update to some other package? Manually look at PKGBUILDs?

Yes, yes they will. If you’re the sole user, they’d identify you from your behaviour anyways.

I don’t think internet proxy won’t help very much w.r.t. privacy but it will make you a lot more susceptible to being blocked.

I do like the idea of using USB drives for storage, though…

I wholeheartedly don’t.

They are quite solid but be aware that the web UI is dog slow and the menus weirdly designed.

Well that depends on how you define malware ;)