You don’t. That’s not what caddy is. Use a bastion for ssh.

Edit: link https://www.redhat.com/sysadmin/ssh-proxy-bastion-proxyjump

The answer to your overarching question is not “common maintenance procedures”, but “change management processes”

When things change, things can break. Immutable OSes and declarative configuration notwithstanding.

OS and Configuration drift only actually matter if you’ve got a documented baseline. That’s what your declaratives can solve. However they don’t help when you’re tinkering in a home server and drifting your declaratives.

I’m pretty certain every service I want to run has a docker image already, so does it matter?

This right here is the attitude that’s going to undermine everything you’re asking. There’s nothing about containers that is inherently “safer” than running native OS packages or even building your own. Containerization is about scalability and repeatability, not availability or reliability. It’s still up to you to monitor changelogs and determine exactly what is going to break when you pull the latest docker image. That’s no different than a native package.

Depends on the specific Zigbee switch, but generally yes.

The magic is in the fact that you can decouple the relay, and use the switch as a sensor that triggers things that may or may not be related to the physical switch position.

The other reason I like it better than a typical “smart switch” is that I can use the shellys with whatever switch I want, so I can have it match my dumb switches and use different colors.

shelly relays will do exactly what you want. just wire them as disconnected switches. i do this to simulate 3-way switches, but it’ll work just as well to swap circuit behavior.

you can use a homeassistant action if you’re already using HA, or you can have the shellys call each others web api when it senses the switch.

Just cause you’ve never seen them doesn’t make it not true.

Try using quadlet and a .container file on current Debian stable. It doesn’t work. Architecture changed, quadlet is now recommended.

Try setting device permissions in the container after updating to Debian testing. Also doesn’t work the same way. Architecture changed.

Redhat hasn’t ruined it yet, but Ansible should provide a pretty good idea of the potential trajectory.

It isn’t. It’s architecture changes pretty significantly with each version, which is annoying when you need it to be stable. It’s also dominated by Redhat, which is a legit concern since they’ll likely start paywalling capabilities eventually.

Every complaint here is PEBKAC.

It’s a legit argument that Docker has a stable architecture while podman is still evolving, but that’s how software do. I haven’t seen anything that isn’t backward compatible, or very strongly deprecated with notice.

Complaining about selinux in 2024? Setenforce 0, audit2allow, and get on with it.

Docker doing that while selinux is enforcing is an actual bad thing that you don’t want.

Gatorz are tough as hell, and have some of the best polarized optics I’ve ever worn.

They’ll do lens replacements, and can make prescriptions as well.

Careful leaving them on a car dashboard though. They’re aluminum frames and I burned my temples once.

Free tier is super limited and super easy to accidentally break out of. I had a single file in S3, but because my logging settings were wrong, I broke the free tier with junk logs.

The t2 micro ec2 instances are fine, but you need to be very careful about their storage and network egress.

Best use I’ve had for AWS that has managed to stay within the free limits has been Lambda. Managed to convert a couple self hosted discord bots to a few Lambda functions, works great. Plugging it into CloudFormation and tying up CI/CD with CodePipeline and the like were overkill but good learning exp.

I don’t think there’s any ECS free tier, but you can fit a private container repository in the free S3 limits as well.

deleted by creator

A VPN is (in a generic, high level sense) a proxy. It’s just proxying layer2 frames, vs. layer 4 protocols.

So the answer depends entirely on the traffic and the architecture you’ve built to support it.

deleted by creator

deleted by creator

deleted by creator

deleted by creator

Or how about, rather than your narrow, specific 3 definitions, a fourth thing, such as how it’s phrased in the wiki:

Misogyny is hatred of, contempt for, or prejudice against women or girls. It is a form of sexism that can keep women at a lower social status than men.

The emphasis there is why you’re being called names on the internet. If you’re advocating systems or societal norms of gender oppression, you’re being misogynist. This remains true even if you’re not doing it intentionally.

The world we live in is deeply patriarchal, so it can be hard to see these problems, because the views and opinions you’ve got are just “normal”. Something being the norm doesn’t mean it isn’t oppressive, and having an opinion doesn’t mean you shouldn’t consider the impacts of that opinion.

Generally, if someone calls you a misogynist, and you go “bUt I rEsPeCt wOmEn”, you might want to take a little time to figure out where it’s coming from. It can certainly be real without fitting in your 3 tidy little self-serving definitions.

I’ll also point out that you can replace nearly every instance of misogyny in this thread with racism, and replace women with black, and it would be the same discussion. Or you could swap misogyny/women with misandry/men. Oppression is oppression, no matter who holds the power.

deleted by creator

deleted by creator

deleted by creator

Yup. Treating VMs similar to containers. The alternative, older-school method is cold snapshots of the VM, apply patches/updates (after pre-prod testing & validation), usually in an A/B or red/green phased rollout, and roll back snaps when things go tits up.