Kubernetes is much more complicated and powerful than Docker, and Docker Compose is more similar to the way you work directly with Kubernetes than it is to Helm, which adds in a templating system. Basically, from a Docker perspective, Helm allows you to configure your compose file, but not just by substituting variables. Helm can make structural changes such as completely adding or removing sections based on the variables used when loading the chart. The output of Helm is YAML, sort of like a compose file.

Kubernetes has a much more complicated system for describing workloads and their resources than Docker Compose, and it is extensible. For example, if you are running on AWS you can have Kubernetes attach EBS volumes to your pods, or if you’re on bare metal you might use LVM, and it’s not limited to things that Kubernetes natively understands like storage volumes: Cert Manager is a common piece of software that is deployed into Kubernetes that takes care of issuing and renewing TLS certificates for other software in Kubernetes.

I used to run Kubernetes at home with ArgoCD, but I’ve moved on to NixOS instead. NixOS is less powerful because it doesn’t have dynamic workload scheduling, but I don’t actually need dynamic workload scheduling or all the configuration necessary to facilitate dynamic workload scheduling in my house, and Nix is much nicer to work with than Helm’s gotmpl templating. Unless you like this kind of stuff or want to get into Kubernetes, you probably want to avoid it for running a few things on one host.

Helm is what is used for real world software deployments. It has its problems but it’s better than Docker Compose.

Just be careful with SD cards if you’re using SBCs. Home Assistant does a lot of writing and if your SD card can’t handle repeated writes you may suddenly lose everything. Keep backups to another device and have a replacement SD card ready if extended downtime is going to be a problem for you.

What is RentAHuman’s cut? This is a very expensive service to operate. If an LLM posts a request for somebody to go pick up a package, what happens if the package never existed? What happens if the human just says that it never existed and takes the money or even the money and the package? Somebody in the middle needs to be arbitrating between AI agents that are notorious for making things up or getting details wrong and humans that just want to make quick money. Nobody is going to send requests if the humans are randomly stealing and nobody is going to fulfill requests if sometimes the request is unsatisfiable and you don’t get paid.

I have 1 podman container on NixOS because some obscure software has a packaging problem with ffmpeg and the NixOS maintainers removed it. docker: command not found

Quarto and Docusaurus are for documentation. You may be looking for a more general static site generator like 11ty.

Claude says he’s sincerely sorry that users feel software quality isn’t a priority, probably.

I don’t know what the plugin does but script to append an audio file to all audio files is possible to do cleanly in just three lines. Being able to write three lines doesn’t make something good at programming, and taking many more lines would make it bad at programming.

Many senior level “software engineers” are just tenured programmers and they’re managed by business people who don’t know software engineering either. One of the major benefits of using off the shelf software libraries is that they generally work as expected and have been through much more testing than something you just wrote, and often these libraries even receive free or cheap maintenance updates. You don’t want your developers wasting time reimplementing things and then wasting more time maintaining those reimplementations.

Getting the AI to write it is like mitigating the initial reimplementation cost by going to Fiver.

Wireguard normally runs with higher than root privileges as part of the kernel, outside of any container namespaces. If you’re running some sort of Wireguard administration service you might be able to restrict its capabilities, but that isn’t Wireguard. Most of my devices are running Wireguard managed by tailscaled running as root, and some are running additional, fixed Wireguard tunnels without a persistent management service.

Check the README for piper. It moved to https://github.com/OHF-Voice/piper1-gpl

Nextcloud shouldn’t be seeing your MAC address. However, my guess is that Nextcloud has been configured to invalidate the session if the client IP changes, and randomizing the MAC address is one way that can happen.

Are you looking for a VPN or are you looking for an IPv6 tunnel broker like Hurricane Electric?

An immutable distro… like NixOS? Or do you mean your root filesystem is immutable? NixOS can do that too. You could normally mount your nix store as readonly and remount rw during updates if you really care about filesystem immutability, or use some snapshot system if you’re paranoid about adding new files to the store corrupting other files already in the store during an update.

The nixpkgs VM creation module, which I’ve never seen documentation for, has a mode where it generates a kernel, initrd, kernel command line, and erofs image containing a prepopulated /nix directory and that’s enough to boot the VM.

Ansible is disappointing as an IAC tool. It’s good for doing things, but it’s not good for converging systems to a desired state. Too often you end up with playbooks that are not idempotent or rely on something that was done during a previous execution of the playbook or just don’t do something that was done by a previous version, and then unless you are constantly recreating your systems you won’t notice until it’s a problem and you can’t get your system back.

You can host a Proton mail bridge to use different apps running on different machines, including phones.

Self hosting e-mail, particularly SMTP, will likely require a static IP from a reputable provider. Mail servers may reject incoming mail based on the reputation of the sending server. You can avoid this by relaying through another SMTP server and configuring your DNS rules to allow that server to send mail on your behalf, but that’s not really self hosting anymore.

Don’t worry. Next year Google will protect you from such dangerous apps by ensuring that you can only “side load” applications that they allow you to run.

You can use OpenEBS to provision and manage LVM volumes. Host path requires you to manually manage the host paths.

That sounds like build automation. You can use some Git forge software.

It’s not just anti-LGBTQ+. This is going to be bad for everyone. We’re just years away from banks and insurance companies factoring in your social credit score based on your activity on sites where you had to verify you’re not a legally considered a child.

You verify your age on Discord. Discord doxxes you through negligent handling of user data. Your account is found to be a member of a server that might suggest you are less responsible. Your rates are increased. Even if you know this is the reason, you cannot sue Discord because you were coerced into waiving your rights. The shareholders are happy because the line goes up. Is it already happening? I doubt any companies are rushing to tell us that they’re doing it, but the data is available to them.