When I was starting out I almost went down the same pathway. In the end, docker secrets are mainly useful when the same key needs to be distributed around multiple nodes.

Storing the keys locally in an env file that is only accessible to the docker user is close enough to the same thing for home use and greatly simplifies your setup.

I would suggest using a folder for each stack that contains 1 docker compose file and one env file. The env file contains passwords, the rest of the env variables are defined in the docker compose itself. Exclude the env files from your git repo (if you use this for version control) so you never check in a secret to your git repo (in practice I have one folder for compose files that is on git and my env files are stored in a different folder not in git).

I do this all via portainer, it will setup the above folder structure for you. Each stack is a compose file that portainer pulls from my self hosted gitea (on another machine). Portainer creates an env file itself when you add the env variables from the gui.

If someone gets access to your system and is able to access the env file, they already have high level access and your system is compromised regardless of if you have the secrets encrypted via swarm or not.

You could put in a big report for this. Seems like a small UI bug that could be a good QOL fix for others

True, but the downside of cloudflare is that they are a reverse proxy and can see all your https traffic unencrypted.

This is genuinely one of the most impressive open source projects out there right now. Seems like 10.9 opened the flood gates for all these amazing contributions and improvements. 81 merges in the last 30 days! Great job jellyfin team!

I like finamp as my android music client for jellyfin

I world strongly suggest a second device like an RPI with Gitea. There what I have.

I use portainer to pull straight from git and deploy

Not to mention the advantage of infrastructure as code. All my docker configs are just a dozen or so text files (compose). I can recreate my server apps from a bare VM in just a few minutes then copy the data over to restore a backup, revert to a previous version or migrate to another server. Massive advantages compared to bare metal.

Yes, you should use something that makes sense to you but ignoring docker is likely going to cause more aggravation than not in the long term.

Well this recently became a thing if you want gpu accelerated apps. Not sure about intel or amd compatibility but it should work

https://debarshiray.wordpress.com/2024/06/17/toolbx-now-enables-the-proprietary-nvidia-driver/

Is this useful for a homelab with a current setup of 1 physical host -> proxmox -> alpine VM -> docker?

Docker is managed by portainer that pulls docker compose files from a git repo. Around 30 containers total in 10 or so stacks.

This idea looks really interesting but it seems to be mostly for kubernetes deployments

So far everything has been very lacklustre. This update just got announced. Maybe it will be better?

https://www.phoronix.com/news/Fedora-41-KDE-Mobile-Proposal

There is an issue with your database persistence. The file is being uploaded but it’s not being recorded in your database for some reason.

Describe in detail what your hardware and software setup is, particularly the storage and OS.

You can probably check this by trying to upload something and then checking the database files to see the last modified date.

I like this version of fedora atomic with KDE

https://getaurora.dev/

If you are willing to spend a bit more upfront, I bought a mini PC in 2017 and installed opnsense on it. It’s still rock solid. For wifi, I use a separate ap (a ubiquity UAP that I bought in 2015) and it is also going strong. Almost a decade of rock solid performance easily beats out any other router I’ve owned in terms of both performance and cost.

I have an atomic variant of fedora 40 (Aurora) and it just works on an Intel CPU with integrated graphics. I have a USB c dongle with HDMI out and it just works when I plug it in.

I also tried it on my steam deck dock the other day and it worked without issue.

Thanks! Makes sense if you can’t change file systems.

For what it’s worth, zfs let’s you dedup on a per dataset basis so you can easily choose to have some files deduped and not others. Same with compression.

For example, without building anything new the setup could have been to copy the data from the actual Minecraft server to the backup that has ZFS using rsync or some other tool. Then the back server just runs a snapshot every 5 mins or whatever. You now have a backup on another system that has snapshots with whatever frequency you want, with dedup.

Restoring an old backup just means you rsync from a snapshot back to the Minecraft server.

Rsync only needed if both servers don’t have ZFS. If they both have ZFS, send and recieve commands are built into zfs are are designed for exactly this use case. You can easily send a snap shot to another server if they both have ZFS.

Zfs also has samba and NFS export built in if you want to share the filesystem to another server.

I use zfs so not sure about others but I thought all cow file systems have deduplication already? Zfs has it turned on by default. Why make your own file deduplication system instead of just using a zfs filesystem and letting that do the work for you?

Snapshots are also extremely efficient on cow filesystems like zfs as they only store the diff between the previous state and the current one so taking a snapshot every 5 mins is not a big deal for my homelab.

I can easily explore any of the snapshots and pull any file from and of the snapshots.

I’m not trying to shit on your project, just trying to understand its usecase since it seems to me ZFS provides all the benefits already

Start with this to learn how snapshots work

https://fedoramagazine.org/working-with-btrfs-snapshots/

Then here the learn how to make automatic snapshots with retention

https://ounapuu.ee/posts/2022/04/05/btrfs-snapshots/

I do something very similar with zfs snapshots and deduplication on. I have one ever 5 mins and save 1 hr worth then save 24 hourlys every day and 1 day for a month etc

For backup to remote locations you can send a snapshot offsite

Fresh RSS if you want a self hosted option

This is really amazing! In theory, can you can use 2gb with 4 different VMs?