Raspberry pi4 Docker:- gluetun(qBit, prowlarr, flaresolverr), tailscale(jellyfin, jellyseerr, mealie), rad/read/sonarr, pi-hole, unbound, portainer, watchtower.
Raspberry pi3 Docker:- pi-hole, unbound, portainer.
Hypothetically, if you were intending to break a wing mirror to save someone's life... Punch down, pops right off. Hypothetically, armoured gloves would be best for this, which would protect you're hands in the event of a crash.
No-one hates fencing a lefty quite like another lefty.
Washing the motorcycle. I'm a daily rider, I don't have a pressure washer or garage, and I live in a country that salts the roads. I have to clean it often to get the salt off, in the cold, getting soaking wet. Miserable job.
I think the worst part is that I don't get to enjoy the clean bike as it will invariably rain the next day.
"Had to be me."
Also, there was a Warhammer RTS that had "AHH my spleen!!!" Which I never got over.
The early books the gang is quite small easy to follow and I enjoyed them enough to continue.
But later the cast balloons quite heavily. I did play the games and thought that would be enough, but I'm god awful names at the best of times. So scene with sorceress #15 and Lord #16 in kingdom #4 is usually me thinking "who's any of that again?"
Partly, it's because I'm reading by audio in situations where I can't easily pause and consider. Partly, because the author just spent 3 books telling me these are Eldrich forces for geralt to avoid as best as possible, so why would I try understand them. Partly, because the stories are less interesting to me now as previously mentioned.
I'm on my first read through of the Witcher. I've stalled on the tower of swallows though.
It's almost cyberpunkesque in how much the world hates it's inhabitants. Which was interesting when it followed cyberpunk themes of "forget thriving, the goal is to survive this world".
But, the players are in bigger arenas now, so the world is just a shit place to be. I find myself struggling to care about the politics, or follow who's who. The early books geralt is so apathetic it didn't matter which kingdom or who's the prevailing lord. So I ,like geralt, just didn't care. Now I'm supposed to, good development for geralt. I just don't want to suddenly learn the names of 40 kingdoms, their kings, recent history etc...
The prevailing magic seems to be the vow, you're fucked in a fucked world if you break one. Cool concept, I like it, but it does get watered down because the world wants to grind you down anyway. Breaking a vow is just another excuse for the universe to hurt you. I'll probably push through this and decide if I want to keep going.
Demonstrated to be untrue. I should have listened to the person telling you why you don't wrestle pigs... I should have listened to myself when I said American libs have shown me they are closed minded.
Your statements are counterfactual, your accusations are confessions, demonstrated to ignore anything anyone (including you says) and you are completely unreachable. On the whole a waste of my time except to re-teach me a lesson I had obviously forgot
On mobile so you'll have to forgive format jank.
It depends how each image handles ports if C1 has the ports set up as 1234:100 and C2 has the ports set up as 1234:500 then:
service:
gluetun:
ports:
- 1234:100 #c1 - 1235:500 #c2[...]
Will solve the conflict
Sometimes an image will allow you to edit it's internal ports with an environment so
service:
gluetun:
ports:
- 1234:1000 #c1 -1235:1234 #c2c1:
environent:
- UI_PORT=1000[...]
When both contsiners use the same second number, C1: 1234:80, C21235:80, and neither documents suggest how to change that port, I personally haven't found a way to resolve that conflict.
You have convinced me that you believe that to be true. Furthermore, you have convinced me that you cannot be convinced that it is not true. You are demonstrably unreachable.
As demonstrated we have been led here by you. You haven't played along with my avoidance of this question, I wasn't originally asked this question. I pointed out that you ignored their answer and then you got all accusey and semanticky.
Remember when you wanted to make a distinction between "donors" and "money", you sure dropped that in a hurry. Every accusation is a confession.
Still no response...
Doesn't respond to a single thing in any previous comment. Every accusation is a confession. This is also just a bald faced lie.
And for whatever reason they keep doubling down on refusing to do voter outreach and listening to what Dem voters want. Current leadership will never back away from the strategy of:
In the original comment you replied to. They could have done more outreach to determine what dem voters want by wasting less money elsewhere. Reality is you don't listen to yourself, let alone anyone else. I am over it. Thanks for proving to me, yet again, that talking to American liberals is futile. I can't dig you out of your dogma at all.
Point 1, exactly my pount, that's exactly what you did. I demonstrated that to you and now we agree. You'll notice I keep grounding us in the comments under discussion: "I think your argument is this" and "how does that have relevance to the original comment". Every accusation is a confession.
Point 2, exactly what you did when you tried labeling my argument a strawman. Ev-ery accusation is a confession.
Who is talking about ignoring people.
Me, continually about you. You ignored the original answer to your question. You ignore my explanation to why it's a valid answer. You ignore my pointing out you ignoring people to ask who's talking about ignoring people.
How are you quantifying[...]
You argue semantics to steer the conversation away from the original question. E-v-e-r-y accusation is a confession.
Again I have to point out...
1 you haven't until now pointed out that you havent made an arguement. 2 it is absurd to do so. 3 you are a meme
You are quoting something that was never said
It's a summary, I made that quite plain.
If they come in wool, sign me up. I've been pricing up a full set of wool socks and it's eye-watering. I think I'm going to be asking for wool socks for Christmas/birthdays for a couple years ... my mid-life transformation is complete.
"every accusation a confession" is a common refrain to describe conservative behavior
Point 1: You accuse people of avoiding questions (they didn't), it's because you avoid questions. The question you avoided
I don't see them arguing to remove all doners and thus win without them?
The question you asked of them was how to win without donors. Not less donors.
Would you like me to extend to you the courtesy you denied me when accusing me of building a strawman. That "without" is an extention of "fewer" the same way "most" is an extention of "more". But that would take admitting they did, in fact, answer your question. Would you like to admit that? If so I'm good, that was all I wanted to highlight to you in the first place.
Point 2: you accuse people of building strawmen, I didn't, it's because you build strawmen. See above.
Regarding the pivot from "money" to "donors": did democrats have less donors this election? Just as an aside, what is it that these donors donate, what is it that citizens united allowed these donors to donate, that isn't money. Donors=money
Ignore people all you want but they, and reality, are clearly telling you that optimising for donations/money doesn't work.
politics is the gentle art of getting votes from the poor and campaign funds from the rich, by promising to protect each from the other. - Oscar Ameringer
Democrats are too focused on the latter, because reasons explained to you, and thus lost due to the former.
It seems our impasse is that's I've understood, and stated as such, your argument to be "more money, more better" which is counterfactual to this election. You reply
nuh uh, my argument is [defines "more" or uses the word "more"] [synonym for "money" or uses the word money], more better.
I don't think I can break through that level of double think.
I don't see them arguing to remove all doners and thus win without them?
This is still feeling like a "more doners is more better" argument which they rejected with a "not this time" reply so no questions were avoided.
No wonder you were so quick to level accusations of strawmanning. It was a confession, it's always a confession.
I answered your question in an edit for the sake of fairness. Tldr: they don't. The doners don't need to cost votes.
I don't see the relevance. So long as people aren't saying they spend no money, which they didn't, why bring it up? It still implies a "most money" argument to me. Can you see how the person you were talking to thought they were answering your question?
I answered the question in an edit for the sake of fairness. Tldr: they don't. The doners don't need to cost votes.
I don't see the relevance. So long as people aren't saying they spend no money, which they didn't, why bring it up? It still implies a "most money" argument to me.
Edit: I don't read usernames and it bites me everytime
Was your argument that "democrats have to spend some money"? The position that would be arguing against is that others believe they spend no money.
Not trying to build strawmen, I'm just genuinely confused. No-one is saying they spend no money, or court any donations. Which is why I, and seemingly the person you were having a discussion with, thought you meant most money.
Because of citizens united..
part interests me. Before citizens united were parties forbidden from spending money?
Edit to answer your question:
How do we win without doners?
They don't. But, because we've established they don't need the most money to win they can be more selective in their choices. Taking donations from oil companies at the cost of votes, bad plan. Taking donations from genocidal governments at the cost of votes, bad plan. Promise voters that you'll level wealth inequality at the cost of money, good plan. They don't need all the money.
Was your argument that "democrats have to spend some money"? The position that would be arguing against is that others believe they spend no money.
Not trying to build strawmen, I'm just genuinely confused. No-one is saying they spend no money, or court any donations. Which is why I, and seemingly the person you were having a discussion with thought, you meant most money.
Help using NginxProxyManager to route multiple non-tailscale devices to multiple services.
For legibility I split the post into: my current setup; the problem I'm trying to solve; the constraints for solving the problem; what I've tried and failed to do; and key questions.
When roasting me in the comments, go nuts, I'm not a complete beginner, but I wouldn't rank myself as an intermediate yet. My lab is almost entirely tteck scripts, and what isn't built by tteck are docker containers. My inexperience informs some of my decisions for example: I'm using nginxproxymanager because Nginx documentation is beyond me, I couldn't write a nginx.config and NPM makes reverse proxies accessible to me.
My Current setup
I have a Proxmox based home server running multiple services as LXCs (a servarr, jellyfin, immich, syncthing, paperless, etc. Locally my fiancée and I connect to our services. Using pihole-NginxProxyManager(NPM) @ "service.server" and that's good. Remotely we connect to key services over tailscale using tailscale's magic DNS @ "lxcname:port" and that works... fine. We each have a list of "service: address" and it's tolerable. Finally, my parents have a home server, that I manage, it is Debian based with much the same services running all in Docker (I need to move it to Podman, but I got shit to do). We run each others' off-site backup over tailscale-syncthing and that seems good. But, our media and photos are our own ecosystems.
The Problem
I would like to give someone (Bob) a box (a Pi, a minipc, a whatever). The sole function of this box is to act as a gateway for Bob's devices to connect to key LXCs on my tailnet. Thus Bob can enjoy my legally obtained media and back up their photos.
The constraints
These are in order of importance, I would be giving ground from the bottom up. The top two are non negotiable though.
A VPS has low to zero WAF. Otherwise I would have followed the well trodden ground.
Failsafe. If the box dies bob can't access jellyfin until I can be arsed to fix it. Otherwise, they experience no other inconvenience.
No requirement to install tailscale on Bob's devices. Some devices aren't compatible with tailscale: Amazon fire stick. A different bob does't want to install a VPN on their phone. Some devices I don't trust to be up to date and secure, I don't want them on my tailnet... I have no idea if the one degree of separation is any more secure, but it gives me the willies.
I'm pretty sure I can solve this using pihole-nginx-tailscale with my skillset. But then I have to get into bob's router, and maybe bob might not like that. If I could just give them a preconfigured box that would be ideal. They would have pretty addresses though.
I don't currently have a domain, I do plan to get one. I just don't currently have one.
My attempts and failures to solve the problem.
I've built a little VM to act as a box (box), it requests a static IP. On it I installed Mint (production would probably be DietPi or Debian) Tailscale,Docker (bare metal) and NPM as a container. In NPM I set a proxy host 192.168.box.IP to forward to 100.jellyfin.tailscale.IP:8096. I tested it by going to box.IP and jellyfin works. Next up Jellyseerr... I can't make another proxy host with the same domain name for obvious reasons.
I tried "box.IP:8096" as a domain name and NPM rejected it. I tried "box.IP/jellyfin" and NPM rejected that too (I'll try Locations in a bit). I tried both "service.box.IP" and "box.IP.service" and I'd obviously need to set up DNS for that. Look, I'm an idiot, I make no apologies. I know I can solve it by getting into their router, setting Pihole as their DNS, and going that route.
Next I tried Locations. The required hostname and port I set up as jellyfin.lxc.tailnet.IP:8096 and I set /jellyseerr to go to jellyseerr.lxc.tailnet.IP and immich set up the same way. Then I tested the services. Jellyfin works. Jellyseerr connects then immediately rewrites the URL from "box.IP/jellyseerr" to "box.IP/login" and then hangs. Immich does much the same thing. In desperation I asked chatGPT... the less said about that the better. Just know I've been at this a while.
Here's where I'm at: I have two Google terms left to learn about in an attempt to solve this. The first is "IP tables" the second is "tailscale subnet routers" and I have effort left to learn about one of them.
During this process I learned I could solve this problem thusly: give Bob a box. On this box is a number of virtual machines(vm). Each vm is dedicated to a single service, and what the fuck is that for a solution?! It would satisfy my all of my constraints though, its just ugly.
Key questions
Is my problem solvable by just giving someone a Pi with the setup pre-installed? If not I'll go the pihole-npm-tailnet and be happy. Bob'll connect to "service.box" and it'll proxy to "service.lxc.tailnet.IP".
Assuming I can give them a box. Is nginx the way forward? Should I be learning /Locations configs to stop jellyseerr's rewrite request. Forcing it to go to "box.IP/jellyseerr/login". Or, is there some other Google term I should be learning about.
Asssuming I can give them a box, and nginx alone is not useful to me. Is it subnet routers I should be learning about? They seem like a promising solution, but I'll need to learn how the addressing works... Or how any of it works... IP tables seem like another solution on the face of it. But both I don't know where to send bob without doing local DNS/CNAME shenanigans
Finally assuming I'm completely in the weeds and hopelessly lost... What is it I should I be learning about? A VPS I guess... There's a reason everyone is going that route., Documentation on this "box" concept isn't readily findable for a reason I imagine.
Uncomplicated firewall rule set for a *arr stack.
I set up an *arr stack and made it work, and now I'm trying to make it safe - the objectivly correct order.
I installed uncomplicated firewall on the system to pretend to protect myself, and opened ports as and when I needed them.
So I'm in mind to fix my firewall rules and my question is this: Given there's a more sensible ufw rule set what is it, I have looked online I couldn't find any answers? Either "limit 8080", "limit 9696", "limit ..." etc. or "open". Or " allow 192.168.0.0/16" would I have to allow my docker's subnet as well?
To head off any "why didn't you <brilliant idea>?" it's because I'm dumb. Cheers in advance.