214
Duality of humankind rule
(files.catbox.moe)
That’s pretty damn clever
I try to slap anything I’d face the Internet with with the read_only to further restrict exploit possibilities, would be abs great if you could make it work! I just follow all reqs on the security cheat sheet, with read_only being one of them: https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html
With how simple it is I guessed that running as a userand restricting cap_drop: all wouldn’t be a problem.
For read_only many containers just need tmpfs: /tmp in addition to the volume for the db. I think many containers just try to contain temporary file writing to one directory to make applying read_only easier.
So again, I’d abs use it with read_only when you get the time to tune it!!
Looks awesome and very efficient, does it also run with read_only: true (with a db volume provided, of course!)? Many containers just need a /tmp, but not always
I trust the check restic -r '/path/to/repo' --cache-dir '/path/to/cache' check --read-data-subset=2000M --password-file '/path/to/passfile' --verbose. The --read-data-subset also does the structural integrity while also checking an amount of data. If I had more bandwidth, I'd check more.
When I set up a new repo, I restore some stuff to make sure it's there with restic -r '/path/to/repo' --cache-dir '/path/to/cache' --password-file '/path/to/passfile' restore latest --target /tmp/restored --include '/some/folder/with/stuff'.
You could automate that and make sure some essential-but-not-often-changing files match regularly by restoring them and comparing them. I would do that if I wasn't lazy I guess, just to make sure I'm not missing some key-but-slowly-changing files. Slowly/not often changing because a diff would fail if the file changes hourly and you backup daily, etc.
Or you could do as others have suggested and mount it locally and just traverse it to make sure some key stuff works and is there sudo mkdir -p '/mnt/restic'; sudo restic -r '/path/to/repo' --cache-dir '/path/to/cache' --password-file '/path/to/passfile' mount '/mnt/restic'.
I have my router (opnsense) redirect all DNS requests to pihole/adguardhome. AdGuard home is easier for this since you can have it redirect wildcard *.local.domain while pihole wants every single one individually (uptime.local.domain, dockage.local.domain). With that combo of router not letting DNS out to upstream servers and my local DNS servers set up to redirect *.local.domain to the correct location(s), my DNS requests inside my local network never get out where an upstream DNS can tell you to kick rocks.
I combined the above with a (hella cheap for 10yr) paid domain, wildcard certified the domain without exposure to the wan (no ip recorded, but accepted by devices), and have all *.local.domain requests redirect to a single server caddy instance that does the final redirecting to specific services.
I’m not fully sure what you’ve got cooking but I hope typing out what works for me can help you figure it out on your end! Basically the router doesn’t let anything DNS get by to be fucked with by the ISP.
103
rule
(files.catbox.moe)
Context: denver airport had ballin murals https://www.uncovercolorado.com/denver-airport-murals-painting-location/
Orrrrrr
First date fit includes underwear??
Ah, I see I am in the presence of a preeminent N64 titty connoisseur
The whole joke plays into a terminally horny me-me emoji copypasta that people liked to crank out a few years ago - making it “moldy”! The point is the emojis! Here’s one for dickmas that takes it to 11:
MERRY🎅COCKMAS🍆🍆🍆🍆😜😜😜🐓🐓🐓🐓 AND HAPPY 😁 HOE-LIDAYS 😲😲😲😩😩😩 MERRY🎅COCKMAS🍆🍆🍆🍆😜😜😜🐓🐓🐓🐓 AND HAPPY 😁 HOE-LIDAYS 😲😲😲😩😩😩 THIS YEAR 📆 I'M DEFINITELY ✅ ON THE 😈😈😈NAUGHTY😈😈😈LIST📜📝 BECAUSE I'M 👈A GIGANTIC 🏳🌈🌈🏳🌈🌈🏳🌈🌈🏳🌈🌈🎄❄HO-HO-HOMOSEXUAL❄🎄🏳🌈🌈🏳🌈🌈🏳🌈🌈🏳🌈🌈 WHICH IS NOT 🙅♀️❌ VERY CHRISTIAN ⛪🙏 BUT I STILL CAN APPRECIATE 😜 SAINT DICK ✨🎉✨🎉 I CAN'T WAIT FOR 🎅SANTA🎅 TO SLIDE DOWN MY CHIMNEY ⬇🏠😜💦 AND STUFF MY STOCKING 🧦🎁😜 FULL OF DILDOS 😱🍆 AND PENIS PARAPHERNALIA 🍆🍆🍆🍆💦💦💦 BECAUSE I'M JUST A LITTLE 🤏 FESTIVE 🎄🎅🤶⛄❄🎁FAGGOT🏳🌈🌈🏳🌈🌈🍆🍆😜😜😩😩😩💦💦💦
SO TO ALL MY 💋👄💋👄💋SLUTTY 😩😩😩💋💋💋 SANTA'S 🎅🎅🏿🎅🏽🎅🏻 LITTLE HELPERS 😉😉😉👏👏& HORNY 😩😈 CHRISTMAS ELVES ��🏻♂️🧝🏻♂️🧝🏻♂️ REMEMBER LET IT "SNOW" 🌨🌨🌨❄❄❄❄⛄⛄⛄😜😜😜😜😜💦💦💦💦 AND DON'T FORGET TO 🌟✨🌟✨DECORATE✨🌟✨🌟 YOUR "TREE" 😜😜😜🎄🎄🎄🎄🎄🍆🍆🍆🍆🍆 I'LL BE WAITING 🕚🕕🕠 UNDER THE MISTLETOE 🍃🦶 WRAPPED UP IN RIBBON 😳🎁🎀💝 WAITING ⏱ FOR YOU 👆TO UNWRAP 😳🎀 ME SO WE CAN TASTE 👅💦 EACHOTHER'S CANDY CANES 🍬✨🍬✨🍬✨😩😩😩🍆🍆🍆💦💦💦
view more: next ›
glizzyguzzler
joined 2 years ago
Odd, I’ll try to deploy this when I can and see!
I’ve never had a problem with a volume being on the host system, except with user permissions messed up. But if you haven’t given it a user parameter it’s running as root and shouldn’t have a problem. So I’ll see sometime and get back to you!