The 15% tariff is probably a positive thing. It’s motivation for European companies to find customers outside of the US and eventually decouple, without the shock of a total embargo.

I would probably remove python 2 support, it was end of life when the project was started.

I dont think Immich supports turning a normal account into an sso account, though it may be possible with manual database editing.

I believe only the controller needs cooling, not the dies.

Kubernetes is great for single nodes! It definitely is more advanced than docker compose, but it’s actually not hard at all if you read through the documentation. It definitely makes running containers easier in the long run.

Here is my git repo for my big Kubernetes cluster at home: https://codeberg.org/jlh/h5b/src/branch/main/argo/custom_applications

It started out as just a NFS server and a Kubernetes server running on Proxmox in 2021.

It’s not going to make a meaningful difference in your threat model and it will cause a lot of hassle for extra configuration and broken docker images, so I wouldn’t bother.

There is some nice tooling for transparent user name spaces coming down the pipeline in Kubernetes which will be a nice 0-effort security upgrade, but if you don’t have the tooling, I would say it’s not worth it.

https://kubernetes.io/docs/concepts/workloads/pods/user-namespaces/

Hetzner Storage box is $20/month for 10tb.

They literally campaigned on a slogan saying that doubling the prison time would cut crime in half. Insanity.

Better source from Vox:

https://www.vox.com/on-the-right-newsletter/415360/state-department-substack-samuel-samson-adrian-vermeule-integralism

The memo in question:

https://substack.com/@statedept/p-164571608

Probably not that hard to build a simple flask frontend around it.

Automatically processing files in an S3/WebDAV directory would also be useful.

https://docs.k3s.io/installation/uninstall

There is also a k3s option for Nixos, which removes the security and side-affect risks of running a random bash script installer.

Very true. Each brick you lay upgrades your setup and your skillset. There are very few mistakes in Kubernetes as long as you make sure your state is backed up.

For question 1: You can have multiple resource objects in a single file, each resource object just needs to be separated by ---. The small resource definitions help keep things organized when you’re working with dozens of precisely configured services. It’s a lot more readable than the other solutions out there.

For question 2, unfortunately Docker Compose is much more common than Kubernetes. There are definitely some apps that provide kubernetes documentation, especially Kubernetes operators and enterprise stuff, but Docker-Compose definitely has bigger market share for self-hosted apps. You’ll have to get experienced with turning a docker compose example into deployment+service+pvc.

Kubernetes does take a lot of the headaches out of managing self-hosted clusters though. The self-healing, smart networking, and batteries-included operators for reverse-proxy/database/ACME all save so much hassle and maintenance. Definitely Install ingress-nginx, cert-manager, ArgoCD, and CNPG (in order of difficulty).

Try to write yaml resources yourself instead of fiddling with Helm values.yaml. Usually the developer experience is MUCH nicer.

Feel free to take inspiration/copy from my 500+ container cluster: https://codeberg.org/jlh/h5b/src/branch/main/argo

In my repo, custom_applications are directories with hand-written/copy-pasted yaml files auto-synced via ArgoCD Operator, while external_applications are helm installations, managed via ArgoCD Operator Applications.

helm charts are awful, i didn’t really like cdk8s either tbh. I think the future “package format” might be operators or Crossplane Composite Resources

Trump and Netanyahu have alienated 92 million people from the west and kicked a massive, nuclear, hornets nest. I worry that the Tehran regime has nothing left to lose at this point. They’re on the ropes militarily, but they’re not out of power.

would probably take a month or two

Closing Hormuz would blockade the Saudis as well.

all home routers have NAT which functions as a firewall, but VPSes don’t cone with any firewall by default, so you’d have to set one up. Also VPS ranges seem to hotter for scanning.

That is not the argument stated in the article

Sánchez argued that Spain doesn’t need to spend 5 percent of its GDP to fulfill its so-called capability targets, meaning new objectives of weapons inventory agreed by NATO defense ministers earlier this month.

He also wrote that a 5 percent defense spending goal would jeopardize the country’s welfare system, force the government to increase taxes on the middle class, scale back commitments to the green transition and curtail international development cooperation.

“It is the legitimate right of every government to decide whether or not they are willing to make those sacrifices,” he wrote.

Rushing to 5 percent would also force Madrid to buy off-the-shelf equipment instead of fostering its own industrial base, as well as take money away from welfare policies, Sánchez also wrote.

The Spanish Socialist party is in a coalition with the junior left-wing Sumar party, which opposes increased defense spending and whose members are expected to attend a counter-summit for peace in parallel to the NATO summit.

Your stuff is more likely to get scanned sitting in a VPS with no firewall than behind a firewall on a home network