I have a feeling that this human step might be at the end of a chain of automated filters.

Personally I tried Bazzite because it was the recommended distro for a gaming device, and I liked it so much that it quickly became my main.

Bazzite may present a bit more friction if you want to do something “advanced” that would otherwise be trivial on other distros perhaps with just a couple terminal commands, but it makes all the “simple” things super-duper easy, and the system is almost impossible to break.

I would say this model makes sense for “ordinary” users that just need a computer to read email, view cat videos, open office documents, and in the specific case of Bazzite also gaming. In my specific case I also needed to write code (I use VSCode + Godot), besides the initial friction of learning to work with containers and SELinux, Bazzite seems to be fit for coding.

Thus, I hope immutable distros will stay and thrive. I hope that one day someone will make a distro that you can just set and forget on your grandma’s laptop, and I think this distro should be immutable, like Bazzite.

No, only the local FS. But they have recommendations in their README for integrating with S3 with the help of other tools.

You are invited to join the CopyParty! This has a web UI accessible from the browser, also from mobile, files are stored directly on the filesystem (not encrypted or on a database) and you can mount it as a network drive on Windows and Linux. But it doesn’t let you sync files for offline use, at least not without the help of some auxiliary tools.

You won’t find anything simpler to install and configure than this.

Thanks for sharing your opinion and expanding.

In the past I used to think the same. Or rather, probably naïvely, I considered the GPL to be a bit of a nuisance, and preferred LGPL or MIT software.

Now I’ve changed my mind and started preferring AGPL for all my code. If a big company likes your MIT or LGPL code, they can legally steal it. If it’s GPL at least you get some safeguards, but they can still take it and put it on a server without the need to release the source code. That’s why I started to believe AGPL is the only “safe” license approved by the OSI, at least at the moment.

Of course I agree that MIT and GPL or LGPL make sense in some cases, but I would say in general they don’t protect users’ freedom anymore in today’s cloud-first world.

I would say AGPL is the “safest” license still approved by the OSI. Could you share your opinion?

Well… I assume that might be illegal. Or maybe these rules would only apply to public software? For sure it wouldn’t be enforceable, and it would still allow criminals to use it to communicate privately between each other, but it would make it harder to exploit mainstream public apps (e.g.: WhatsApp) to scam or exploit weaker individuals.

I am not OP, but that would be the ideal solution for me. Unfortunately, KPXC does not support communication with the GPG agent and the team is not interested in adding this feature due to it being «[…] far more complicated than ssh-key management. There are already excellent tools for this, Kleopatra being the best».

You will have to transfer your containers before you can see them.

From Docker to Podman: full migration to rootless

Perhaps a bit unconventional, but CloudFlare R2 gives 10GB of free storage accessible as S3 with rclone.

Ah I see… I keep container configs in a specific directory, which contains one directory per-service, which contain all the config files + a compose.yml file to place them in the correct path in the container. I could commit everything to Git if I wanted to.

Regarding network and firewall, you could make a symlink to a versioned file and keep your config with the containers. Same for firewall rules.

I’m not sure what you mean by file sharing permissions. With containers you could give a different user to each service.

If you are worried about memory and disk usage, another option I’ve been exploring recently is using OverlayFS, which, among other things, allows you to inject a directory at a specific path. Again, this would let you keep all your configs where you fancy the best. I use it through Bubblewrap.

Anyways I realize that what I just described is far from standard… hopefully other users will suggest something less custom.

If your goal is to host services, I would recommend looking into Docker, and eventually Podman. Containerization lets you keep the configuration wherever you want, personally I use a dedicated a directory for each service.

Also, please note that a container is not a VM. It’s just a way to keep everything in one place.

Here’s my config for reference, which works for me:

name: forgejo
services:
  forgejo:
    image: codeberg.org/forgejo/forgejo:12
    environment:
      - USER_UID=1000
      - USER_GID=1000
    restart: always
    volumes:
      - ./data:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    ports:
      #- 80:3000
      - 2222:22
    networks:
      - nginx
networks:
  nginx:
    name: nginx
    external: true

If you can share your error message we might be able to better pinpoint the issue.

EDIT: I searched a bit and now I understand better what you are trying to do. I didn’t know about this “SSH shim” idea. This is not what I have done on my setup, sorry.

Not FOSS, but OneShot: World Machine Edition is a great game based on this idea.

You might want to look into Island/Insular. https://f-droid.org/packages/com.oasisfeng.island.fdroid

Depending on your level of commitment to privacy, this might be a suitable solution for you.

deleted by creator

They provide decent defaults for all the not-so-straightforward configurations, and they provide a web UI to configure the rest. That’s the sole reason I would recommend it to get one’s feet wet without having to work too much.

If one is committed to do things “the right way” they could switch to Nginx and “proper” self-hosting later.

Yeah, I’m afraid you have to use a reverse proxy to host multiple subdomains. The CloudFlare daemon is the reverse proxy.

I would say this would be the proper way to do it (at least as a sysadmin), but since it’s OP’s first time I would simplify it to:

1. Install CloudFlare ZeroTrust daemon on your local server;
2. Set up reverse proxy such as Nginx (optional, the alternative is to use a different subdomain for each service, which might be easier);
3. Point the FQDN to CloudFlare.

Let CloudFlare handle the certificates, DDoS protection, etc… Link if you’d like to give this setup a try.

Personally, I’ve been sharing this folder across different installations for years, even between different operating systems. I’ve never had any major issues so far.

The only minor annoyance is that whenever I switch between Windows and Linux I have to restart the browser once, otherwise extensions do not load on the first run.

So yeah, I would say diy-syncing this profile folder is feasible and very reliable. Same thing is true for Thunderbird, but I’ve been doing it for less time. And I would assume the same thing is also true for Chromium-based browsers because I do it with Signal which is Electron-based.