this post was submitted on 20 Nov 2023
137 points (78.0% liked)
Privacy
32103 readers
1017 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Docker by itself is not a good thing, bad with security, not entirely open source, buggy networking, not very reproducible
The problem with docker was timeout for requests, not sure whose falt it was, but the reverse proxy container was unresponsive pretty often
Also, yeah, RPI was not really fast too, it had 8gb ram, boot from ssd Just right now I have i9 with 64gb ram, and this is stupid fast, and actually for most of the apps the performance bump is like 50%
About docker, really, try to look into nixos, it has a really steep learning curve, but it will worth it, and you will be able to do magic
Containers are really awesome, but take a bit more to troubleshoot sometimes. Docker is not the only method to run them either. I prefer podman actually, but K3s is the next logical step for running services in a more powerful setup.
All true FOSS too
Podman is better, but believe my words, try nixos. It's like a docker-compose file, but for a system, this is really something groundbreaking
You specify all the system and services passwords, usernames, all the stuff, your wallpapers, directories, keys, everything
And all basic configurations are already unified, so to enable some service you just need to add a line in your main config like
services.nginx.enable = true;
and it just works with all the bells and whistles (kind off, you can add much more. Even more than in containers)The services are usually not sandboxes, but you can sandbox them, can even run the same containers
Sorry if you're really not into it, it just nixos feels like a whole new lvl after podman
edit: even like that, I manage all my machines as a fleet with nixos, all from one configuration So I can basically press a button and change all the usernames on all machines and everything will continue working
Instead of adding each machine separately to a vpn, I just press a button and it deploys all the machines with wireguard and connects them all
No nix is super cool! I really like the idea that guix and nix in having that system as code from build to deployment. I am not sure yet on how I feel about it for fleet/cluster deployments, k8s schedulers, network patterns like service meshes, ETCD, and operating on labels and cluster state are all super powerful.
I have looked too into using nix to make OCI containers and OCI containers to make flatpaks as well. All where they make sense of course.