cross-posted from: https://programming.dev/post/39212874

I recently migrated my services from rootful docker to rootless podman quadlets. It went smoothly, since nothing I use actually needs to be rootful. Well, except for caddy. It needs to be able to attach to privileged ports 80 and 443.

My current way to bypass it is using HAProxy running as root and forwarding connections using proxy protocol. (Tried to use firewalld but that makes the client IP opaque to caddy.) But that adds an extra layer, which means extra latency. It's perfectly usable, but I'd like to get rid of it, if possible.

I'm willing to run caddy in rootful podman if needed. But from what I understand, that means I can't have it in the same rootless network as my other containers. I really don't wanna open most of my containers' ports, so that's not an option.

So, I'm asking whether any of these three things are possible.

1. Use firewalld to forward ports to caddy without obscuring the client's IP.
2. Make rootful caddy share a network with other rootless containers.
3. Assign privileged ports to caddy somehow, in rootless mode. (I know there's a way to make all these ports unprivileged, but is it possible to only assign these 2 ports as unprivileged?)

Or maybe there's a fourth way that I'm missing. I feel like this is a common enough setup, that there must be a way to do it. Any pointers are appreciated, thanks.

I recently migrated my services from rootful docker to rootless podman quadlets. It went smoothly, since nothing I use actually needs to be rootful. Well, except for caddy. It needs to be able to attach to privileged ports 80 and 443.

My current way to bypass it is using HAProxy running as root and forwarding connections using proxy protocol. (Tried to use firewalld but that makes the client IP opaque to caddy.) But that adds an extra layer, which means extra latency. It's perfectly usable, but I'd like to get rid of it, if possible.

I'm willing to run caddy in rootful podman if needed. But from what I understand, that means I can't have it in the same rootless network as my other containers. I really don't wanna open most of my containers' ports, so that's not an option.

So, I'm asking whether any of these three things are possible.

1. Use firewalld to forward ports to caddy without obscuring the client's IP.
2. Make rootful caddy share a network with other rootless containers.
3. Assign privileged ports to caddy somehow, in rootless mode. (I know there's a way to make all these ports unprivileged, but is it possible to only assign these 2 ports as unprivileged?)

Or maybe there's a fourth way that I'm missing. I feel like this is a common enough setup, that there must be a way to do it. Any pointers are appreciated, thanks.

This release adds the ability to edit existing links, show and download QR codes for easy sharing, and various improvements in the frontend. Check out the release note for a list of all changes.

It's mainly meant for episodes where TMDB doesn't have the information on release. I'm using it with a cronjob so that it keep trying until there's metadata available.

I simply want to emulate the effect of -p by default i.e. open all files in tabs when multiple files are supplied. I wrote the following autocommand to make it work.

-- Open files in tabs by default
vim.api.nvim_create_autocmd("VimEnter", {
    callback = function()
        if not vim.opt.diff:get() and #vim.fn.argv() > 1 then
            vim.cmd("tab sball")
            vim.cmd("tabfirst")
        end
    end,
})

But it seems to bork the colorscheme for all but the first tab. It's weird since Running the same commands manually after neovim is loaded works perfectly. I may have something to do with the order in which things are run. Is it possible to run this command as late as possible?

I'm open to alternative approaches that gets the job done.

I thought of this after a recent trip with some friends. We shared the photos when we were still in person. But sometimes we need to share a lot of photos over the internet. In the past, we have used a shared google drive directory for this. But I'd prefer a self-hosted option. There should be some sort of password protection as well (ideally per share, and no need for accounts). One should be able to both access the current files and upload new ones, just like google drive or dropbox.

I currently have FileShelter, which works for 1-to-1 sharing but not for groups. I guess something like ProjectSend would work, but it's too complex for my usecase. I'd prefer something more lightweight since I'll maybe use it once every few months. Also, it should be noob-friendly, and accessible using a browser.

Update: I'm very happy with copyparty. It does what I want, and much much more. I even replaced my older webdav server with it since it provides more granular control over share locations and permissions. Kudos to the developer @tripflag@lemmy.world!

Someone added a PR to an app of mine adding instructions for k8s setup. I do like the idea of providing these instructions, but I don't have any experience with k8s whatsoever. The commits look fine to me, but in case anyone is experienced, I'd appreciate if you can take a look. I don't want to inadvertently add something malicious. Here's a link to the PR: https://github.com/SinTan1729/chhoto-url/pull/48, thanks.

A simple selfhosted URL shortener with no unnecessary features. Simplicity and speed are the main foci of this project. The docker image is ~6 MB (compressed), and it uses <5 MB of RAM under regular use.