• 3 Posts
  • 5 Comments
Joined 1Y ago
cake
Cake day: Jun 14, 2023

help-circle
rss

I’ve been quite happy after recently switching to Hagezi https://github.com/hagezi/dns-blocklists



FYI: OPNsense now has pretty (good) Unbound DNS reporting
Today I decided I would create some way of visualizing my unbound DNS requests/blocks on OPNsense. Adguard does a good job at this but I have issue with added third party repos and plugins, especially at the router level. Anyway...since the last time I've dug into this OPNsense has built in Unbound DNS reporting (since 23.1) and it's amazing! Arguably just as good as Pihole or Adguard. Graphs, lists of top blocked and allowed domains, query logs, quick buttons to block or whitelist next to each domain. I'm impressed. Not sure if this is the right community, but just wanted to share if some of you weren't aware of this option.
fedilink

I’ve had relatively good luck with docker in containers but eventually decided to run docker in VMs as I only semi trust most docker apps and like the added security I get from having it in a full VM in full isolation. Some of the workarounds for docker in LXCs are far from security best practices.


Alpine packages services like Gitea and Nextcloud which Debian does not. This makes keeping up to date alot simpler for myself but that’s personal preference.


I recently moved [Nextcloud](https://wiki.alpinelinux.org/wiki/Nextcloud) and [Gitea](https://wiki.alpinelinux.org/wiki/Gitea) from Containers on a Debian VM to Alpine LXCs running Alpine's packages. I've never had Nextcloud's web interface so snappy and my resource usage for both is next to 0. If you're running Proxmox I'd highly recommend trying out Alpine LXCs if they package your services.
fedilink

The simplicity of docker with much better security. Honestly the main appeal of having my homelab is to play with technologies and learn new things. The couple times I’ve skimmed the docs for Kubernetes it seemed over complicated for a personal homelab.


Migrating to Podman
I'm looking to migrate all of my containers to rootless podman but need some advice. All of my services are currently running docker compose. I've played arount with podman but I am unsure of best practice: I have the option of installing podman-docker, podman-compose, or docker-compose connected to a podman socket. What's the recommended way here? I also can't seem to find any information on setting up a systemd unit for rootless podman compose. How are you all auto starting podman (compose) files?
fedilink