It's absurd how much better it makes the vacuums to use. Interaction through the Web UI is just instant, instead of having to bounce to servers halfway around the world before acting on it. It's the primary decider of which vacuum I consider now.
I'm also on Migadu for email, and I can say the experience has been pretty excellent. They have good instructions for setup stuff, and their pricing model is great. The pricing model has things in common with rsync.net, where they impose a soft limit on storage and reach out if you start exceeding it to talk about upgrading.
I do wonder if other mail providers will at some stage support jmap, it seems like it could take away some frustrations.
The bridges are all open source, and they use matrix synapse as their server installation - though their client is a closed source fork of element with changes. You can use any matrix client to connect to it, and they say it's a standard synapse setup.
If privacy is a concern, bringing your own client should remove that concern as the rest is open source. It's also e2e encrypted, as any matrix server is.
I self host my own matrix homeserver with bridges set up using their code. The only bit of their stack I can't use is the client. I don't like that that's closed source, that's frustrating.
Edit: while writing this two more people made the same comment. Sorry!
Those are the officially supported distros. You can install other ones just fine. I doubt you'd find another laptop that had even just more than 1 officially supported distro.
Yeah sure.
I'm going to assume you're starting from the point of having a second linux user also set up to use rootless podman. That's just following the same steps for setting up rootless podman as any other user, so there shouldn't be too many problems there.
If you have wireguard set up and running already - i.e. with Mullvad VPN or your own VPN to a VPS - you should be able to run ip link
to see a wireguard network interface. Mine is called wg
. I don't use wg-quick, which means I don't have all my traffic routing through it by default. Instead, I use a systemd unit to bring up the WG interface and set up routing.
I'll also assume the UID you want to forward is 1001
, because that's what I'm using.
I'll also use enp3s0
as the default network link, because that's what mine is, but if yours is eth0
, you should use that.
Finally, I'll assume that 192.168.0.0
is your standard network subnet - it's useful to avoid routing local traffic through wireguard.
#YOUR_STATIC_EXTERNAL_IP#
should be whatever you get by calling curl ifconfig.me
if you have a static IP - again, useful to avoid routing local traffic through wireguard. If you don't have a static IP you can drop this line.
[Unit]
Description=Create wireguard interface
After=network-online.target
[Service]
RemainAfterExit=yes
ExecStart=/usr/bin/bash -c " \
/usr/sbin/ip link add dev wg type wireguard || true; \
/usr/bin/wg setconf wg /etc/wireguard/wg.conf || true; \
/usr/bin/resolvectl dns wg #PREFERRED_DNS#; \
/usr/sbin/ip -4 address add #WG_IPV4_ADDRESS#/32 dev wg || true; \
/usr/sbin/ip -6 address add #WG_IPV6_ADDRESS#/128 dev wg || true; \
/usr/sbin/ip link set mtu 1420 up dev wg || true; \
/usr/sbin/ip rule add uidrange 1001-1001 table 200 || true; \
/usr/sbin/ip route add #VPN_ENDPOINT# via #ROUTER_IP# dev enp3s0 table 200 || true; \
/usr/sbin/ip route add 192.168.0.0/24 via 192.168.0.1 dev enp3s0 table 200 || true; \
/usr/sbin/ip route add #YOUR_STATIC_EXTERNAL_IP#/32 via #ROUTER_IP# dev enp3s0 table 200 || true; \
/usr/sbin/ip route add default via #WG_IPV4_ADDRESS# dev wg table 200 || true; \
"
ExecStop=/usr/bin/bash -c " \
/usr/sbin/ip rule del uidrange 1001-1001 table 200 || true; \
/usr/sbin/ip route flush table 200 || true; \
/usr/bin/wg set wg peer '#PEER_PUBLIC_KEY#' remove || true; \
/usr/sbin/ip link del dev wg || true; \
"
[Install]
WantedBy=multi-user.target
There's a bit to go through here, so I'll take you through why it works. Most of it is just setting up WG to receive/send traffic. The bits that are relevant are:
/usr/sbin/ip rule add uidrange 1001-1001 table 200 || true; \
/usr/sbin/ip route add #VPN_ENDPOINT# via #ROUTER_IP# dev enp3s0 table 200 || true; \
/usr/sbin/ip route add 192.168.0.0/24 via 192.168.0.1 dev enp3s0 table 200 || true; \
/usr/sbin/ip route add #YOUR_STATIC_EXTERNAL_IP#/32 via #ROUTER_IP# dev enp3s0 table 200 || true; \
/usr/sbin/ip route add default via #WG_IPV4_ADDRESS# dev wg table 200 || true; \
ip rule add uidrange 1001-1001 table 200
adds a new rule where requests from UID 1001 go through table 200. A table is a subset of ip routing rules that are only relevant to certain traffic.
ip route add #VPN_ENDPOINT# ...
ensures that traffic already going through the VPN - i.e. wireguard traffic - does. This is relevant for handshakes.
ip route add 192.168.0.0/24 via 192.168.0.1 ...
is just excluding local traffic, as is ip route add #YOUR_STATIC_EXTERNAL_IP
Finally, we add ip route add default via #WG_IPV4_ADDRESS# ...
which routes all traffic that didn't match any of the above rules (local traffic, wireguard) to go to the wireguard interface. From there, WG handles all the rest, and passes returning traffic back.
There's going to be some individual tweaking here, but the long and short of it is, UID 1001
will have all their external traffic routed through WG. Any internal traffic between docker containers in a docker-compose should already be handled by podman pods and never reach the routing rules. Any traffic aimed at other services in the network - i.e. sonarr
calling sabnzbd
or transmission
- will happen with a relevant local IP of the machine it's hosted on, and so will also be skipped. Localhost is already handled by existing ip route
rules, so you shouldn't have to worry about that either.
Hopefully that helps - sorry if it's a bit confusing. I learned to set up my own IP routing to avoid wg-quick
so that I could have greater control over the traffic flow, so this is quite a lot of my learning that I'm attempting to distill into one place.
One of the really nice side-effects of it running rootless is that you get all the benefits of it running as an actual Unix user.
For instance, you can set up wireguard with IP route to send all traffic from a given UID through the VPN.
Using that, I set up one user as the single user for running all the stuff I want to have VPN'd for outgoing connections, like *arr services, with absolutely no extra work. I don't need to configure a specific container, I don't need to change a docker-compose etc.
In rootful docker, I had to use a specific IP subnet to achieve the same, which was way more clunky.
I was thinking of running an instance which houses just bots. In theory, that'd make it easy to have an easy to remember URL and usernames, like !bgg@bot.pls or something. If I can get a URL that makes sense I might consider something like this. It'd keep it small enough to call, and make sure they're always 100% intentional.
This is mainly because I don't want to be a source of annoyance for anyone, and I've seen too many people annoyed at the "natural response" bots that pop in all the time on reddit.
If they're on their own instance, a whole instance can block that instance if they don't want bots, or block specific bots if they prefer.
Electronics. I'm a programmer by profession, but more and more I want to better understand the lowest level parts of things. Ben Eaters' videos have been a huge source on better understanding, but I'm desperately novice with it.
Nah, if you're using your instance as an essentially private one, you're not about to be blocked. If you're running communities on it that run counter to the basic ideals of other communities, you'll probably find yourself losing some federation however.
I run my own, and I'm not blocking anything yet because, honestly, I just won't be vising ones I'm not interested in. I'll probably block a few if I see things coming out of them that I really don't want to see, but at this point it doesn't affect anyone else.
mander.xyz is an instance with a bunch of science based communities, and they have a mycology one.
Out of interest, is it better for server load to have new instances federating, or to have users using the instance directly? I assumed that the reliable way of handling this would be to run my own instance and keep it closed for friends I know in real life to use. I don't want to moderate a community, but I also like the reliability (and fun) of self-hosting, and knowing I can just stop using a server if their instance rules change to be against my own principals without losing my user history etc.
How does that mesh with what Lemmy is trying to do? I know I'm going to be in the vast minority here, but I'd like to know if I'm exacerbating load issues.
My favourite one is renaming a directory full of files in
nnn
. It opens in vim, and I'm in my happy place, where I really know how to edit text (or, in this case, filenames). Great when there's some minor variation between a lot of files. Full previewing before saving, multiple operations handled before doing anything etc.