• step 1: use named volumes
• step 2: stop your containers or just wait for them to crash/stop unnoticed for some reason
• step 3: run docker system prune --all as one should do periodically to clean up the garbage docker leaves on your system. Lose all your data (this will delete even named volumes if they are not in use by a running container)
• step 4: never use named or anonymous volumes again, use bind mounts

The fact that you absolutely need to run docker system prune --all regularly to get rid of GBs of unused layers, test containers, etc, combined with the fact that it deletes explicitely named volumes makes them too unsafe for my taste. Just use bind mounts.

One has a total powered-on time of 51534 hours, and the other 49499 hours.
As for their actual age (manufacturing date), the only way to know is to look at the sticker on the drive, or find the invoice, can’t tell you right now.

$ for i in /dev/disk/by-id/ata-WD*; do sudo smartctl --all $i | grep Power_On_Hours; done
  9 Power_On_Hours          0x0032   030   030   000    Old_age   Always       -       51534
  9 Power_On_Hours          0x0032   033   033   000    Old_age   Always       -       49499

Follow the official documentation, nothing else comes close.

I have automated this process in my nextcloud ansible role

• simple: rsyslog: all local logs to a central syslog file (using the imfile module), all syslogsfrom all server to a central rsyslog server (over TCP/SSL, example here). Use lnav or something similar to consume the logs
• more complex, resource-heavy: Graylog Open as a replacement for the central rsyslog server, setup pipelines/alerts/whatever… Currently considering replacing my Graylog instance with Wazuh but I don’t know yet if it will be able to replace it completely for me

security

with containers, software maintainers also need to keep their image up-to-date with latest security fixes (most of them don’t) - whereas these are usually handled by unattended-upgrades or similar in a VM. Then put out a new release and expect users to upgrade ASAP. Or rebuild and encourage redeploying the latest image every day or so, which is bad for other reasons (no warning for breaking changes, the software must be tested thoroughly after every commit to master).

In short this adds the burden of proper OS/image maintenance for developers, something usually handled by distro maintainers.

trivy is helpful in assessing the maintenance/vulnerability level of OCI images.

https://lemmy.world/comment/13349298

homebank (desktop app) + weekly import of new transactions using woob/bank and a basic shell script. Homebank database synced via Nextcloud.

Please not these posts again

This thread is pinned for a reason: https://lemmy.world/post/60585

You are right. Quadlets require 4.4, Debian 12 has 4.3

Podman

• rootless by default
• daemonless
• integration with systemd, made even easier by podman-generate-systemd
• no third-party APT repository required, follows the same lifecycle as my LTS (Debian) distro
• podman and docker command-line are 100% compatible for my use cases

podman-compose is packaged in a separate podman-compose package in Debian 12 (did not try it though). The only thing missing (for me) in Debian 12 is quadlets support (requires podman 4.4+, Debian 12 has 4.3)

I use tt-rss and the android app

shaarli bookmarks + hecat (shaarli_api importer + download_media/archive_webpages processors + html_table exporter for the HTML index)

https://www.sphinx-doc.org/ + https://pradyunsg.me/furo/ theme + https://myst-parser.readthedocs.io/ markdown parser + https://sphinx-design.readthedocs.io/ extensions.

Just drop all your markdown files in a directory and run sphinx-build. Highly customizable but also works out of the box

You just have to find the channel_id buried in the page source

I use this Firefox addon for that: https://addons.mozilla.org/en-US/firefox/addon/youtube-rss-finder/ - really useful

I wrote this ansible role to setup dovecot IMAP server. Once a year I move all mail from the previous year from various mailboxes to my dovecot server (using thunderbird).

Nice! I suggest adding a link to in in the README

wget --continue --timestamping --show-progress https://tails.boum.org/tails-signing.key
wget --continue --timestamping --show-progress https://tails.boum.org/torrents/files/tails-amd64-6.8.1.iso.sig
gpg --import "tails-signing.key"
wget --continue --timestamping --show-progress https://mirrors.wikimedia.org/tails/stable/tails-amd64-6.8.1/tails-amd64-6.8.1.img
gpg --keyid-format 0xlong --verify tails-amd64-6.8.1.iso.sig tails-amd64-6.8.1.img

(adapted from my script https://gitlab.com/nodiscc/distrib-dl / https://github.com/nodiscc/distrib-dl)

I think any kind of graphical application should have at least one screenshot linked in documentation/README