Using Traefik outside of k8s is for masochists. Especially after configv2. Caddy is by far the easiest reverse proxy to configure and has the sanest defaults.

I wasn’t looking for technical support. You can do everything correctly and still get your mails randomly marked as spam or not delivered at all. This has happened to us, some of our customers, multiple smaller email providers as well as several municipalities (imagine blackholing government emails, what a grand idea). They don’t send sensible return headers, they might not even return your undelivered mail at all, they won’t react to any inquiries to their postmaster contact (or anywhere else really), they will blacklist entire IP blocks sometimes. The only way to sidestep any issues with them is to pay a few thousand bucks to enter their cool kids club certified sender alliance, which is what the big marketing firms use to deliver mass amounts of unwanted ads unhindered through their networks.

It is cheap, but the performance leaves much to be desired and their technical support is piss poor.

I’ve had the opposite experience with their cloud services in a professional context. My biggest gripe is with United Internet, the monopolistic company that owns IONOS, 1&1 (an ISP) as well as the ad-ridden, flaming pile of garbage that are GMX and WEB.DE, two of the most popular email service providers in Germany as well as a constant source of pain for anyone operating an Email server. They will ignore common industry standards and best-practices, silently block your mailserver for absolutely no reason, not respond to inquiries and just generally make the internet a slightly worse place for small to medium sized businesses and selfhosters.

It’s an alternative, but IONOS honestly fucking sucks as well, so I’m feeling pretty ambivalent about this.

I agree with your recommendation. As for free/freemium email providers, there’s Tuta for one. I’m hoping that there are others.

On the other hand, GMX (and web.de) is a notoriously bad influence on email communication and will randomly block mailservers if they feel like it while flooding all of their own users with spam. The world would be a better place without 1&1 / united internet.

I wouldn’t recommend Docker for a production environment either, but there are plenty of container-based solutions that use OCI compatible images just fine and they are very widely used in production. Having said that, plenty of people run docker images in a homelab setting and they work fine. I don’t like running rootful containers under a system daemon, but calling it a giant mess doesn’t seem fair in my experience.

If I may ask: how practical is monitoring / administering rootless quadlets? I’m running rootless podman containers via systemd for home use, but splitting the single rootless user into multiple has proven to be quite the pain.

With bluray rips, I don’t really see any way to avoid that unfortunately, unless someone else has already added the hashes for your release. Most people use it to scan their encoded releases, which will (in most cases) have already been added to AniDB by the release group. I’m a bit surprised though, that none of your rips are recognized. Have you checked the AniDB pages for your series to see if anyone uploaded hashes for bluray rips?

Grouping seasons into a series folder doesn’t work well in some cases, because that’s not the way they are released in Japan. A new season is (most of the time) effectively an entire new show entry. Show seasons are mostly a north american thing. No matter which software you use, there’s always going to be some minor issues if you group seasons into one entry.

Shoko compares a files ED2K hash against the AniDB database. The filename doesn’t matter for automatic detection. Have a look at the log to see if there are any issues. It’s entirely possible that AniDB just doesn’t have the hashes for the raw BluRay rip. In that case you can either manually link them in Shoko, connecting the AniDB episode id to the file hash, or create new file entries on AniDB with your specific hashes.

Shoko also has rate limits. The problem is that AniDB does rate limiting in an extremely stupid way for a UDP API and doesn’t even have the decency to define clear time limits.

Pretty sure that the registry path for official images is “library” (at least it used to be). So it should be “docker.io/library/debian”, though I can’t double check at the moment.

That’s what a firewall and a DNS service is for respectively, imho. As long as you get an IPv6 prefix from your ISP, you can expose as many devices or services to the public as you want, by just allowing incoming traffic to a listening port. That was sort of the whole point of having a large enough address space when moving away from v4. Maybe it’s just me but reading stuff about “private AI” on a website where the relation to the product is not immediately obvious, makes me question their legitimacy.

The more I look at their site, the more it reads like a sales pitch for IPv6, which sounds kind of expensive at $6-10 a month.

What problem does this solve? Do ISPs not provide IPv6 prefixes anymore?

That script is a wrapper around a single call to qrencode. I’ve been making qr codes from wireguard config files in the terminal at least since PiVPN existed. There are plenty of guides on how to do this as well.

I get what you’re saying, but this feels like a weird question to ask in a community for selfhosting enthusiasts.

Doubt.

Cool attitude. In my experience, most docker/docker-compose setups will work transparently with podman/podman-compose. If you want to tighten security, lock down ressource access, run rootless (daemon and inside the container), integrate with SELinux, then you might need to put in extra-work, just like you would if you used docker.

Why re-invent the wheel?

They aren’t. Podman is mostly just a docker-compatible CLI wrapper around an existing OCI runtime (runc by default). It also lets you manage pods and export k8s yaml, which is arguably the more important industry standard at this point. Podman was also completely usable in rootless mode way before Docker support for that was on the table, which was the main reason I switched years ago. Podman development effort also yielded buildah, which is a godsend if you want to build container images in a containerized environment, without granting docker socket access (which is a security nightmare) or using some docker in docker scenario (which is just a nightmare in general).

YAML is way too bloated of a standard and has a ton of inconsistencies between implementations, despite the widespread reputation of simplicity. It is easy to read as long as you limit yourself to a fraction of its capabilities and err on the side of caution when it comes to escaping characters (especially when number literals are involved, or booleans for that matter). As far as alternatives go, I prefer TOML for simple key=value configs, but it has its own issued and is nowhere near as featureful, for better or worse.