I see. Yeah, that compose file is gross unless you’re running this on a dedicated vps, and even then…

I haven’t run snikket before, but it looks straightforward to me. Maybe the documentation has improved?

Tiling WM and Gruvbox. Doesn’t get any better!

It seems like the only time I encounter this oddness is when some upstream docker image maintainer has done a weird with users (I once went 3 image levels up to figure out what happened).

Or if I borrow a dockerfile and don’t strip out the “nonroot” user hacks that got popularized years ago.

You can search the package database to determine which package(s) provide a file with dpkg --search $file

I might recommend starting with a project.

Something like getting pi-hole running. This would help you learn some of the networking basics. But I’d recommend reading at least enough to have a conceptual foundation about the things you don’t understand along the way (DNS, DHCP, etc).

You’ll want one of their supported OS choices to keep things simple. That means one of: fedora, debian, ubuntu, or centos. I might steer you away from centos just because its user base is a bit more linux-pro so finding specific help might be more daunting, but I don’t have much experience with it either. Maybe use a “server” variant to keep your system demand to a minimum (boot to terminal only).

The framework 13 definitely has a fingerprint reader. Top right corner power button, just like a Mac.

https://frame.work/products/fingerprint-reader-kit?v=FRANFF0001

Just as usable as the one on my old M2 Pro work laptop too.

Fwiw, I did the DIY and brought my own 32gb of ram and 2TB nvme to keep the costs down a bit.

You might want to check out distrobox. Nice way to access apps for other distros or package managers like they’re native.

I’m also on Garuda for my main box (Bazzite on the framework 13), and I have an Ubuntu distrobox for dev work with one dev project, another for general tools that are only released as .debs, one running fedora for things that “only support RHEL”, etc.

Windows was just the boat you already knew.

Now you have a new (more adaptable) one and don’t know all it’s squeaks and rattles. You’re neither dumb nor is something wrong. You just aren’t familiar with what it needs from you.

Give it some time (a week compared to how long in windows?) and attention and soon you’ll wonder why you ever second guessed it.

Totally.

Port knocking is one of those “of course someone did that” things to me too. A replay attack is enough to make it security theater.

An IP allowlist is a more useful addon.

We can go harder: port knock to open the port to a cert-only VPN (on top of all that)

https://wiki.archlinux.org/title/Port_knocking

I would ask for a healthy margin above 100%, especially if you’re bringing an older PSU. There are a ton of variables for determining what is needed, but if your TDP on those 2 items is pushing 400W, we should be aiming for 500+ with an 80 Plus certification.

This definitely plays like a failing PSU to me as I experienced similar issues when mine started dropping on one of the 12V rails with similar hardware (fx8350, r9 290) several years ago.

Agreed! That would be a huge QoL improvement (and work just like the podman command does). Now I’m thinking about other commands that force this silliness, like pip.

The spec for quadlets has a few dedicated homes for the .pod, .container, etc. files. You can absolutely mount directories or files wherever (%h is $HOME for systemd unit files). See the Volume description for Container unit files: https://docs.podman.io/en/latest/markdown/podman-systemd.unit.5.html#volume

I’m now running quadlets on Garuda (my gaming/devbox), and Fedora. The impetus for this was needing to host service in an unprivileged way at work on RHEL9, so I got paid to do some learning with my own services.

My laptop is running Bazzite, but no services there. I’ll move the server to silverblue or another image based distro when I finish extracting the rest of my misadventures to containers.

I’m definitely interested in your experience and why you came to those conclusions because I’m not sure I can agree on the primary points.

But I have to give you the note. Root is also user space (if privileged). I’ve barely ever done anything actually in kernel space, so I guess it’s easy for me to screw that up.

I used podlet on my compose file. I was a little disappointed in the limitations, as a lot of things like variable interpolation isn’t available.

That said, the output made me wonder why I’ve waited! It was so much simpler than I imagined. It also helped demystify unit files a bit more.

I didn’t use that! I had a docker-compose file and used podlet to translate (which took a little massaging due to it not supporting interpolations).

/usr/libexec/podman/quadlet --user --dryrun was quite helpful though!

I’d love to think so too, but I think our echo chamber is pretty tight.

I certainly think they’re ready for mainstream usage (I have one Bazzite install myself), but I don’t think there’s significant awareness beyond the dedicated fan base.

There aren’t really any actually useful metrics that I know of, but the only one of the 3 I’ve mentioned that broke into distrowatch’s top 100 is Bazzite, and that’s only in the last few months.

And for legal threats: I doubt any court in any country will give credence to that. Fedora is MIT licensed.