o/1MS\o ⌨️🐧 | #WeAreNatenom

@mjr I think, you are writing about Owncloud.

Opencloud is newly written with Go, so it can’t be a fork of PHP driven Owncloud or Nextcloud.

https://www.heise.de/en/news/Ex-ownCloud-devs-seek-new-start-at-OpenCloud-Owncloud-owner-wants-to-sue-10254438.html

@NullPointerException

Probably https://opencloud.eu/ could be an alternative.

@theorangeninja I would suggest again, that you try to access the content of the podman volume as host user, which is running the podman container.

I think, that it would looks like this and that you can only access it using podman unshare:
drwxr-xr-x 1 166446 166446 66 28. Jul 20:43 \_data

@theorangeninja Did you have tried a ls -al on the used volume?
The podman volume path can be found here:
`podman info --format ‘{{.Store.VolumePath}}’``

When you use $HOME/linkding as volume mount and the linkding container process is running with <> UID 0, then the created files are belonging to another UID than your UID.

Maybe this tutorial explains it better:
https://www.tutorialworks.com/podman-rootless-volumes/

@theorangeninja Rootless podman container and owner of created files - always a mystery.
Maybe, the part belonging to “Using volumes” could help:
https://github.com/containers/podman/blob/main/docs/tutorials/rootless/_tutorial.md
If the container process is running with another UID than 0 (root), created files on the host belongs to another UID, calculated based on settings from /etc/suduid.
You should have a look into --userns for mapping of UIDs between container and host:
https://docs.podman.io/en/latest/markdown/podman-run.1.html
For PostgreSQL I’m using keep-id:uid=999,gid=999.

@Cenzorrll For comparison of LVM with BTRFS there are several article available.
https://www.baeldung.com/linux/btrfs-lvm
https://fedoramagazine.org/choose-between-btrfs-and-lvm-ext4/

From personal experience, I have an encrypted software RAID1 with mdadm and BTRFS on top.
Is not LVM, but same direction.
Before implementing this, I made some tests.
Related to encryption, when RAID1 was implemented with BTRFS, the CPU load had been doubled, because every BTRFS disk has an encryption process.
With software RAID1, only one encryption process is there.

@irmadlad You are welcome.
The Arch Wiki also has a lot information about Power Management.
And I would say, most of them are independent if Arch Linux is used or not.

https://wiki.archlinux.org/title/Power/_management

@irmadlad That have also been my intentions, when I created the udev rules.
They are most generic and I use them on several systems for reducing some small power consumption.
Example: enabling of PCI power management

ACTION=="add|change", \\  
 SUBSYSTEM=="pci", \\  
 ATTR{power/control}="auto"  

The things, which you listed in your first post are from my view good topics, for getting maximum results from minimum effort.
I started at
https://wiki.archlinux.org/title/powertop
and went further from there.

@irmadlad Instead of using --auto-tune, I used the output from powertop --html and created some udev rules for activating of power management functions of relevant devices during startup.
With --auto-tune some of my USB HID devices like mice are getting not usable because of activated power management.

@androidul I would say, selfhosting is doing the best out of available possibilities.
For me it is just an 11 years old PC, which was much to good to put to waste.

My intention with the example from @jwildeboer was more about the usage of Mini-PCs than about their rack mounting.

But it also shows, what could be possible with more ressources.

@Zagorath

I personally use my previous desktop PC with an i7-4790T CPU and 32GB Ram for selfhosting.

@jwildeboer shows his homelab in his blog using some Mini-PCs.

https://jan.wildeboer.net/2025/05/Cute-Homelab/

I would suggest, when you don’t need HDDs for storage reasons, to go with a refurbished Mini-PC with as much RAM as possible.

@early_riser @jwildeboer has a blog post about using step-ca for something like this.

https://jan.wildeboer.net/2025/07/letsencrypt-homelab-stepca/

@damnthefilibuster There was just a post in my timeline about some applications for Docker Container Monitoring.
Maybe there are other alternatives, which fits better your needs:

https://video.hardlimit.com/w/kDohKgBFeqJM29YDw1r4nJ

@damnthefilibuster Is it a subjective impression or do you have information about used ressources on your device?

Are you running something like Beszel for getting information about the used ressources, especial from running containers?
https://github.com/henrygd/beszel

I’m running my services with rootless podman, but I can’t compare it with docker. It’s more related to security reason.

@Eldritch @poVoq

The architecture may also be problem, when you want to use Containers (Docker, Podman). Some images are not available for all architectures.
The 3B has a 64bit ArmV8 CPU, there is a better support.

I have some Odroid devices with 32bit ArmV7 CPU, where often images are not available for.
https://wiki.geekworm.com/Raspberry/_Pi/_3/_Model/_B

@SinTan1729 Thank you, now I can better understand why you want to avoid to open the privileged ports for non-root users which makes sense for your scenario.

I’m in the easy situation, that I don’t have to think about such a scenario, because my selfhosting system is exclusive for me.

I don’t know the exact agreement with your friends, but to avoid security issues I personally would use following way:
- deny usage of all ports by firewall
- allow only necessary ports by firewall
- enable privileged ports by sysctl
So it reduces additional layers and complexity.

If one of your friends would provide a service on a specific port it has to be discussed with you.
And if this is a privileged port, it is also possible.

Or you can handle e.g. a web request with a rule in caddy.

@SinTan1729 How many user do you have on your machine, which could open and run a service on a privileged port?

And when there is no application, which is providing a service on a privileged port, then there is no security issue from my point of view.

And if you want to get absolutely secure, then you can restrict the access only to specific ports based on firewall rules.
https://www.digitalocean.com/community/tutorials/ufw-essentials-common-firewall-rules-and-commands#how-to-allow-all-incoming-http-and-https

@SinTan1729 Using privileged ports can be activated with a sysctl setting:
https://access.redhat.com/solutions/7044059

@thirdBreakfast @trilobite 🤔
Interestingly, handling of volumes with podman is much more easier:
podman volume export myvol --output myvol.tar
podman volume import myvol myvol.tar
https://docs.podman.io/en/latest/markdown/podman-volume-export.1.html

I also checked the docker volume client documentation and there is no export command available like for podman.
https://docs.docker.com/reference/cli/docker/volume/