Saving this for when people ask why I need root access on my devices.

That’s what I was thinking, but wasn’t sure enough to say beyond “give it a shot and see”.

There might be some savings to be had by enabling compression, though it would depend on what format the images are in to start with. If they’re already in a compressed format, it would probably just be a waste of CPU to try compressing them further at the filesystem level.

Not sure if a de-duplicating filesystem would help with that or not. Depends, I guess, on if there are similarities between the similar images at the block level.

Maybe try setting up a small, test ZFS pool, enabling de-dup, adding some similar images, and then checking the de-dupe rate? If that works, then you can plan a more permanent ZFS (or other filesystem that supports de-duplication) setup to hold your images.

Thanks! Wish I had more time to work on it lately, but life has been getting in the way.

Tesseract was originally kind-of a cross between Photon and Alexandrite, though it’s evolved separately from both since then. May still be close enough for your taste?

Github

I almost went with OPNsense (having previously used pfSense), but everything else was already on OpenWRT so I decided to keep things consistent. OPNsense is a solid choice, too.

The barracuda I have is basically an x64 board in a 1U half-depth case with two extra network adapters (3 total including the onboard one). I have two of them: one’s running OpenWRT (my router) and the other vanilla Debian.

So if my router one dies, I can just either pull the drive from it or restore a config backup to another suitable PC that has two NICs (or promote the second unit I have).

The config in openwrt is abstracted. So if the hardware and NICs are totally different, you might need to reconfigure the device names in the config so they’re referencing the right NICs, but everything else should “just work” (e.g. WAN and LAN are just arbitrary labels).

If going the route of a backup solution, is it feasible to install OpenWRT on all of my devices, with the expectation that I can do some sort of automated backups of all settings and configurations, and restore in case of a router dying?

That’s what I do. Every device runs OpenWRT except my ONT. Backing up is just a cron script that calls each one and pulls the config.

For my router, I ended up buying an old Barracuda LoadBalancer 340 and installing OpenWRT (it’s an x86 device so it was super easy). It’s a little over-powered for a router, but the price was right. It’s got more than enough spare resources to run some extra stuff, including Docker, so I’m probably going to throw my PiHole container on there since I haven’t been impressed with AdGuard Home (which is available in the repos).

And if you go for an old Barracuda unit like I did, the default BIOS password is bcndk1

 _____
< Yes >
 -----
        \   ^__^
         \  (oo)\_______
            (__)\       )\/\
                ||----w |
                ||     ||

Wouldn’t restoring from such a backup be equivalent to kill -9 or pulling the cable and restarting the service?

Disclaimer: Not familiar with Immich, but this is what I’ve experienced generally.

AFAIK, effectively yes. The only thing you might lose is anything in memory that hasn’t been written to disk at the time the snapshot was taken (which is still effectively equivalent to kill -9).

At work, we use Veeam which is snapshot based, and database server restores (or spinning up a test DB based off of production) work just fine. That said, we still take scheduled dumps/backups of the database servers just to have known-good states to roll back to if ever the need arises.

I’ve only had that happen once on public wifi, and just assumed they were doing SSL stripping like you linked. I worked around it by connecting to my Wireguard VPN and routing my traffic through that.

Also, if you know of any good networking Lemmy communities, feel free to share them.

• !networking@programming.dev
• !networking@sh.itjust.works

Zabbix?

Yeah, if you find more info about that, please share.

If that is the case, DNS would definitely be a crucial service to self-host and make available.

If you already don’t know, Bangladesh was disconnected from the internet for majority of the last week due to government order. It was shut down without any warning. We were put under curfew 24/7, so no leaving home. On the second day of curfew, me, with nothing to do, figured the intranet in our country still worked.

Anyone know more about that? Is that just customer-to-customer communication?

I’ve been fortunate enough to never experience a government-mandated internet shutdown, but I figure the ISPs just disconnect the gateways. If I’m understanding that correctly, it sounds like they just used the ISP network to carry traffic internally. Very clever!

After some time, the domain fully expired and GoDaddy decided to buy it as soon as it did, and charged me £2,225 to renew the domain. I don’t understand how a price that large is justified, considering that my website gets barely any visitors and I basically only use the domain for hosting stuff. No idea how hiking prices this much is legal

GoDaddy is known to do that.

Technically, they’re not hiking the price. GoDaddy bought scalped it after it expired and then is re-selling it at an astronomically higher price. It’s one of the many, many reasons people hate them.

I’m ashamed to say I still have a couple of domains with GD that I haven’t migrated yet. This post might just light a fire under me to get that done.

The 60 EUR price limit may be your limiting factor. Everything else can be covered by the GL.iNet devices available on Amazon. I’ve got a couple of the older ‘n’ travel models, and they work pretty great. I flashed vanilla OpenWRT over top of their customized one, but the original OpenWRT-based software works fine too.

https://www.amazon.com/s?k=GL.iNET

I usually separate my router functions from my AP to make finding hardware easier, so I’m not well versed in router+AP combos these days, but those seem to be well-reviewed and my experience with an older model is also good.

I second this if OP’s not a fan of or doesn’t need all of Nextcloud.

unconditional upvoting of replies if you get one. That shows the other side that you’ve read it and appreciate they typed something for you.

I definitely use “upvote = mark as read” so I’m with you on that. 😆

I’ve looked at that, but not lately. Last I checked, it was kind of pseudo-LDAP and only really focused on user authentication. I can’t read through it now, but will check it out later. For OP’s purposes, though, yeah, that should do nicely as a user base for Authelia.

My LDAP server also backs my DHCP, DNS, SMTP/IMAP, SIP, and a few other things beyond user auth, so I kind of need a full LDAP server. The good thing is once you get OpenLDAP setup (and get a good grasp of the cn=config schema), it’s pretty easy to manage with Apache Directory Studio. Getting to that point, though, lol, is quite a mountain to climb.

I use OpenLDAP for my source of truth (user base) and have Authelia configured to use that for users.

Authelia supports acting as an OIDC provider as well as an auth source for apps I host behind Nginx.

For apps that support LDAP, they’re plumbed directly in to that and apps using more modern auth schemes (or apps that don’t support either OIDC/LDAP) are protected by Authelia - they use the same userbase in LDAP.

OpenLDAP isn’t easy, though, so you might want to look at something like FreeIPA or 389 Directory Server instead.