Oh good tip!

That’s a pretty righteous set up OP.

Lol not me. I’m not the author. Just saw the article and thought it was an interesting conversation starter.

or a recipe for an insecure mess that could become difficult to maintain

The concept, or the specific setup the author of that article has? If you mean the latter, I’m not going to argue. But the concept? It shouldn’t have any effect either way on security, but the whole advantage of it is that it’s less of a mess. The same way that running a whole bunch of services on bare metal can quickly become a mess compared to VMs or Docker/LX containers, declared state helps give a single source of truth for what all the services you might be running are. It lets you make changes in repeatable and clearly documented ways, so you can never be left wondering “how did I do that before?” if you need to do it again.

If everything you run is a Docker container, there’s a good chance Terraform is overkill; a Kubernetes config will probably do the job. But depending on your setup there are a whole bunch of different tools that might be useful.

What’s your preferred approach to defined state in your home servers?

None of what you said is new to me, or likely to anyone in this thread. And apart from the last two paragraphs, none of it is even controversial.

The penultimate paragraph is a bit misleading. It’s not that Taiwan is not “a legitimate national government”. It’s that its claims to be the national government of all of China were obviously bullshit for a government that had not had actual control over mainland China for over two decades at the point that UN recognition changed.

The last paragraph is true in the sense of what is official recognised, but obviously incorrect in reality. Taiwan is an independent country as a matter of fact and has been since the end of the civil war. I’m not interested in what they claim, or the PRC claims, or America claims, or even what Australia claims. It is an entirely separate country that maintains entirely separate foreign policy, separate defence force, and entirely operates its own internal affairs. In no real sense is it part of the same country. And that’s what actually matters. Anyone who claims Taiwan is not an independent country is doing so for political reasons, and their discussions on the subject should be treated with significant scepticism. At best, they’re playing a game of realpolitik. At worst they’re talking bullshit.

I know which is going on here.

Taiwan has been an independent country for over three quarters of a century. So yes, a forceful invasion of another country for the purposes of exploiting its resources and population would be colonialism.

Nice deflection. We’re not talking about what happened 400 years ago. We’re talking about what’s going on right now.

Yes, the pre-communist, pre-republic Chinese imperialism against the native Taiwanese population was bad. It doesn’t justify modern-day imperialism from the PRC, any more than poor treatment of the various central Vietnamese native populations would justify Chinese imperialism against Vietnam. Or indeed any more than Australia’s treatment of its Indigenous population would justify China deciding to invade Australia.

Your blatant whataboutism is not a defence of China here.

Yes, that’s completely true.

It does not in any way excuse China for its own current imperialism (e.g., Tibet, Xianjiang), or for its threats of further direct military conquests for the sake of expanding its empire (the subject of this article).

to violently oppose China and Taiwan unifying their governmental and national defense structures

You say that as though there’s any prospect of that happening by any means other than violent colonial oppression on the part of the PRC.

Oh, I used HA to mean high availability. I was not aware people also abbreviated Home Assistant.

Sorry for the late reply. I’m just disorganised and have way too many unread notifications.

LXC containers sound really interesting, especially on a machine that’s hosting a lot of services. But how available are they? One advantage of Docker is its ubiquity, with a lot of useful tools already built as Docker images. Does LXC have a similarly broad supply of images? Or else is it easy to create one yourself?

Re VM vs LXC, have I got this right? You generally use VMs only for things that are intermittently spun up, rather than services you keep running all the time, with a couple of exceptions like HomeAssistant? What’s the reason they’re an exception?

Possibly related: your examples are all that VMs get access to the discrete GPU, containers use the integrated GPU. Is there a particular reason for that distribution?

I’m really curious about the cluster thing too. How simple is that? Is it something where you could start out just using an old spare laptop, then later add a dedicated server and have it transparently expand the power of your server? Or is the advantage just around HA? Or something else?

Sorry for the late reply. I’m just disorganised and have way too many unread notifications.

LXC containers sound really interesting, especially on a machine that’s hosting a lot of services. But how available are they? One advantage of Docker is its ubiquity, with a lot of useful tools already built as Docker images. Does LXC have a similarly broad supply of images? Or another easy way to run things?

and MacOS

Oh that’s interesting. I wonder why they do it that way, considering macOS is a Unix OS.

Yeah I’m interested in how that works too.

I’ve recently been looking at the Nextcloud “all in one” Docker image. It works by mounting the docker.sock file into the master container, which allows that container to stand up a whole bunch of other containers on your machine.

How would that work on Windows, if the Docker socket isn’t a file handle?

That might be part of it, but I was thinking it was more how things we don’t think of as files, like sockets, are accessed with a file descriptor.

Oh yeah, the “run headless” tip too was great! I would never have used a desktop environment, and would in effect have been using it headless. But had you and others not specifically suggested running it as headless it would probably not have occurred to me that that’s a setting change I’d need to make while installing it.

Absolutely!

Tux’s right eye being occluded by the guy’s black hair, and his left eye being partly shaded into a more angular shape makes it look like he’s giving an evil smirk.

Thanks! I genuinely wasn’t sure how much RAM would be necessary, and would have probably seriously considered 8 GB enough if I hadn’t gotten the feedback.