No, they can quit whenever they want, they just don’t want to.
- 0 Posts
- 59 Comments
Joined 2 years ago
Cake day: June 30th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
97·1 month agoAnd so, the problem wasn’t the ai/llm, it was the person who said “looks good” without even looking at the generated code, and then the person who read that pull request and said, again without reading the code, “lgtm”.
If you have good policies then it doesn’t matter how many bad practice’s are used, it still won’t be merged.
The only overhead is that you have to read all the requests but if it’s an internal project then telling everyone to read and understand their code shouldn’t be the issue.
5·1 month agoOne thing that makes a project good is knowing what it does, I’ve seen quite a few projects where they talk about all the features and technology and how to configure it but not a word about what it actually does, what problems it solves and so on.
I won’t self host your program if you don’t even tell me what it does, don’t make me search and clue together large parts of the documentation just to find if I want it. A simple explanation is enough but somehow I’ve seen quite a few programs that don’t have it.
1·1 month agoSystemG sadly doesn’t exist
Yeah it works great and is very secure but every time I create a new service it’s a lot of copy paste boilerplate, maybe I’ll put most of that into a nix function at some point but until then here’s an example n8n config, as loaded from the main nixos file.
I wrote this last night for testing purposes and just added comments, the config works but n8n uses sqlite and probably needs some other stuff that I hadn’t had a chance to use yet so keep that in mind.
Podman support in home-manager is also really new and doesn’t support pods (multiple containers, one loopback) and some other stuff yet, most of it can be compensated with the extraarguments but before this existed I used pure file definitions to write quadlet/systemd configs which was even more boilerplate but also mostly copypasta.Gaze into the boilerplate
{ config, pkgs, lib, ... }: { users.users.n8n = { # calculate sub{u,g}id using uid subUidRanges = [{ startUid = 100000+65536*( config.users.users.n8n.uid - 999); count = 65536; }]; subGidRanges = [{ startGid = 100000+65536*( config.users.users.n8n.uid - 999); count = 65536; }]; isNormalUser = true; linger = true; # start user services on system start, fist time start after `nixos-switch` still has to be done manually for some reason though openssh.authorizedKeys.keys = config.users.users.root.openssh.authorizedKeys.keys; # allows the ssh keys that can login as root to login as this user too }; home-manager.users.n8n = { pkgs, ... }: let dir = config.users.users.n8n.home; data-dir = "${dir}/${config.users.users.n8n.name}-data"; # defines the path "/home/n8n/n8n-data" using evaluated home paths, could probably remove a lot of redundant n8n definitions.... in { home.stateVersion = "24.11"; systemd.user.tmpfiles.rules = let folders = [ "${data-dir}" #"${data-dir}/data-volume-name-one" ]; formated_folders = map (folder: "d ${folder} - - - -") folders; # a function that takes a path string and formats it for systemd tmpfiles such that they get created as folders in formated_folders; services.podman = { enable = true; containers = { n8n-app = { # define a container, service name is "podman-n8n-app.service" in case you need to make multiple containers depend and run after each other image = "docker.n8n.io/n8nio/n8n"; ports = [ "${config.local.users.users.n8n.listenIp}:${toString config.local.users.users.n8n.listenPort}:5678" # I'm using a self defined option to keep track of all ports and uids in a seperate file, these values just map to "127.0.0.1:30023:5678", a caddy does a reverse proxy there with the same option as the port. ]; volumes = [ "${data-dir}:/home/node/.n8n" # the folder we created above ]; userNS = "keep-id:uid=1000,gid=1000"; # n8n stores files as non-root inside the container so they end up as some high uid outside and the user which runs these containers can't read it because of that. This maps the user 1000 inside the container to the uid of the user that's running podman. Takes a lot of time to generate the podman image for a first run though so make sure systemd doesn't time out environment = { # MYHORSE = "amazing"; }; # there's also an environmentfile option for secret management, which works with sops if you set the owner of the secret/secret template extraPodmanArgs = [ "--pull=newer" # always pull newer images when starting, I could make this declaritive but I haven't found a good way to automagically update the container hashes in my nix config at the push of a button. ]; # few more options exist that I didn't need here }; }; }; }; }
DNS turns a domain name into an IP which can then be used to send data through your router, a dns server is the server which is used to do this conversion (www.google.com turns into an IP 1.2.3.4 (that isn’t the actual IP of google)).
There are many dns servers, normally your local devices use your router as the dns server, which forwards it to your ISP which they further transfer it over global dns servers.
Alternatively you could use Google’s DNS server (8.8.8.8) or cloudflares DNS server (1.1.1.1) but if the one on your router works then just use it.
nameserver is the same as DNS server
Tldr: set the router IP as your dns server, you only need this one.
…that’s the valid response, does
ping www.google.comwork andcurl www.google.comreturn a bunch of text?If
ping www.google.comdoesn’t work then your system isn’t using the correct dns server, though your local dns server works (as seen by the prior dig).If curl works then…you have a working internet connection, maybe check the browser settings for proxy or something.
That seems correct, don’t change anything in there, try the command
dig @<routerip> www.google.comornslookup www.google.com <router ip>if the dig command is not found.
I use podman using home-manager configs, I could run the services natively but currently I have a user for each service that runs the podman containers. This way each service is securely isolated from each other and the rest of the system. Maybe if/when NixOS supports good selinux rules I’ll switch back to running it native.
Hey now, you can also spend 20 pages of documentation and 10 pages of blogs/forums/github1 and you can implement a whole nix module such that you only need to write a further 3 lines to activate the service.
1 Your brain can have a little source code, as a threat.
No one can ping 4.4.4.4, it doesn’t answer pings.
This seems like a dns issue, check
cat /etc/resolv.confand try setting the dns server in Networkmanager to “8.8.8.8”.
Gluster is EOL is my biggest takeaway.
…No really, has anyone used this warranty and if so, what does it actually do? (And I mean strictly home users)
Maybe they don’t officially offer support for those PCs?
Not like they offer any actual support for home users anyways…
NVK seems to be moving way faster than I expected.
The truth hurts.
But…an onion address doesn’t need a cert?
You create a (self-signed) CA certificate, put its certificate as the client ca in your web server.
Then you can create certificates using this CA that you distribute to your devices, only devices that have a certificate signed by your CA are allowed to connect.
see systemd.unit(5), systemd.service(5), systemd.socket(5), systemd.device(5), systemd.mount(5), systemd.automount(5), systemd.swap(5), systemd.target(5), systemd.path(5), systemd.timer(5), systemd.slice(5), systemd.scope(5) systemd.link(5), systemd.netdev(5), systemd.network(5) and honorable mentions podman-systemd.unit .container, .volume, .network(…again), .kube, .image, .build and .pod
Even Linus Trovald writes kernel code that Linus Trovald doesn’t like.