Lots of notes.
GitOps. Either FluxCD if you are on Kubernetes, or doco-cd if using docker compose. You will thank yourself later.
Use an external secret manager. Its worth figuring out, and then you have one source of truth, and one place to update the credentials.
Figure out your backup strategy, document it really well, and test it regularly.
I’m pretty sure it does not federate yet. Please correct me if I’m wrong though.
I don’t think forgejo is fully federated yet. Unless they had a big release in the last week.
I totally agree. I think it stems from Ops people that are angry at developers for building bad software. Theoretically making devs responsible for their deployments would make them care more about the quality, but really it just splits their focus and now they make bad software and provide poor ops.
But it doesn’t mean it isn’t incredibly common. Especially with “DevOps” where the developers are pushed to handle literally every aspect.
Its a communication platform and these people are just communicating. Part of good communication is watching who is actually listening. That’s all this is.
I dunno. I agree that the way engagement is used is often toxic, but that doesn’t mean it isn’t useful. If your job is creating content, then its useful to know how well that content is being received by your community. Hell, without measuring interaction in some way you wouldn’t even know if you had a community.
Off the top of my head:
The only thing I like about this is the pressure it might put on tailscale to make their offering better.
Slightly different function, but I use KaraKeep for managing bookmarks and I never use bookmarks in my actual browser.
I haven’t investigated it much but AdGuard’s VPN masquerades as https traffic and might work for you. They recently open sourced it too:
I use k3s, but I’ve been considering a rebuild with Talos.
I used Minio for years but I’m currently migrating to Garage on both my NAS and my cluster. The garage operator is pretty solid.
That’s exactly what I did, but I use Grimmory/BookLore.
Yeah, one is a switch. The patch panel basically is just for organization. All the equipment in the rack and all the house runs all plug into the back of the patch panel and then the short cables allow you to more easily plug them into the switch. Its definitely not necessary, but it helps maintain the space.
And that one random device on top is the router. Maybe one day I’ll upgrade to a better one, but this one handles everything great. Its just too small to be worth mounting. Kinda like the Pi sitting on the UPS.
Not as clean as I would like, but way better than it started!
5 node Kubernetes cluster and a NAS. Runs about 250 pods.
That’s fair. The community seems to be much more sane than the original dev and is working hard to clean it up. The first release already removed the telemetry and the obnoxious donation button.
Grimmory all the way. Once I tried it I haven’t gone back to my CWA deployment at all. Also, Shelfmark is pretty cool.
I use KaraKeep for this and couldn’t be happier.
This is the way
If you want robust (and a ton to learn) go with k3s for a lightweight Kubernetes deployment and FluxCD.
If you want simpler go with docker-compose and doco-cd.
With a GitOps workflow you define it all in files in a bit repo then the server automatically deploys and updates. IMHO its much easier to maintain long term than click ops.