for a homelab I don’t think it’s feasible to fully review the source code of everything you install

Here’s what you can actually do:

• Consider if you actually need the application and stop applications you don’t use
• Don’t allow public access unless it is necessary, consider VPN/reverse proxies with client authentication (if supported)
• isolate applications that don’t need to talk to each other
• • see also rootless podman, firewalls, virtual machines, etc
• • don’t forget network access, if everything runs on 127.0.0.1 and every service shares it then they can all talk to each other! (See also network namespaces or VMs)
• Don’t reuse passwords
• keep software up to date
• actually evaluate the quality of the project if it needs access to sensitive information
• • see open issues, closed issues that stand out
• • check for audits or at least a history of good effort™

Sure you wont always catch ai slop this way but you don’t need to read a line of code to at least be reasonably sure your arr stack won’t get to the family photos.

Can’t have shit in Detroit.

Didn’t pay that, only the microwave light works now.

Don’t you mean: “How much speedtest?”

Windows snobs cant even run Windows on without a super giga 1000€ license for more than 16 Core CPUs

I’m not using Windows servers at home but if I did then a license wouldn’t be a factor when deciding what hardware to buy.

Technically, a copper wire is a battery that charges in (a very tiny fraction of ) seconds.

If you’re truly that revolutionary then more than enough people will post for you.

Are ya winning, son?

Hidden

You can just do it in parts though?

If you have a flake.lock you can update it, start rebuilding (nixos-rebuild boot) and if it’s not done before shutdown you can just run that same command after the next boot and it will continue where it left of (minus a few packages it has to rebuild again).

My pc always updates to the latest lock whenever it is running, when I update my Nixos repository my pc will eventually follow without doing anything. The only thing to watch out for is changed configurations or build errors but for that you just have to check the logs every once in a while or set up some way to be notified of the failing rebuild command.

From the moment I understood the weakness of my flesh, it disgusted me. I craved the strength and certainty of steel. I aspired to the purity of the Blessed Machine. Your kind cling to your flesh, as though it will not decay and fail you. One day the crude biomass you call a temple will wither, and you will beg my kind to save you. But I am already saved, for the Machine is immortal… Even in death I serve the Omnissiah.

https://youtu.be/M3OAx8EFtz8

Select whole disk encryption.

https://youtu.be/4fNS9CNmIc8

Basically https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot#Using_your_own_keys

The process get’s worse each time I look at it so you choose if it’s worth it.

Maybe it works if you add custom secure boot keys and sign your bootloader?

won’t just boot straight into the OS, otherwise GRUB freezes (not dual booting, secure boot is off), so I have to spam F9 on startup

That would annoy me so much that I would switch bootloader or find a cmdline argument to fix it

But only to protect the children™ of course

Pea is stored in the balls?