Both is fine. Maintaining different datasets has the administrative overhead you mentioned, but can have security benefits, e.g. if you use different users in the different docker services and adjust the NFS permissions correspondingly. If service A gets hacked and escapes the container but doesn’t get privilege escalation, it can’t access the other services’ data.

This is independent of which version you choose, but check whether adding some storage to Proxmox is an option. Having TrueNAS as a runtime dependency for all your services can get annoying real quick.

But it claims to be.

Even if you ignore the slur, the frogs and the rune in the background: Building a chat network with proper e2ee in a few weeks doesn’t sound good. It’s clear this is made with LLMs and I wouldn’t trust it’s everyone nat all.

Yeah I like them as well, it’s what we use at work. The article doesn’t leave me optimistic though

It is but they’re working on federation for forgejo (which powers Codeberg).

If you don’t want to host something yourself, check codeberg

I don’t know, I’ve seen it several times mentioned in the Proxmox forum. I think it’s more of a theoretical scenario but it’s strongly advised against.

Gets annoying soon if you have more than one host. Easily automated with Ansible

You’re not supposed to run apt upgrade in Proxmox at all, it may even break your system. Use dist-upgrade.

https://pve.proxmox.com/pve-docs/chapter-sysadmin.html#system_software_updates

I think they know what they’re doing, bit of a troll. Framed like this in the article:

Various entities, including some with security teams, revised their judgment about what Forgejo is and isn’t, which was the main goal of the previous blogpost.

There’s a follow up by the author:

https://dustri.org/b/follow-up-to-carrot-disclosure-forgejo.html

Including this:

So I ended up sending and email to Forgejo security team, containing: an apology, a bit about my reasoning for proceeding with carrot disclosure, recommendations about what to harden/review, and a bunch of commented exploits/proof-of-concepts as attachment. We’ll see how it goes.

I have wireguard, it’s supported by my router (Fritzbox).

You’re right, I added a question mark.

I always enjoy the weekly, I’m not using the database admittedly

I forgot about KillTheNewsletter! That’s pretty much what I’m looking for I think, thanks!

The articles are behind non-basic auth, the cookie possibility sounds interesting, but KTN sounds more straightforward for my use case. (Not on FreshRSS)

It’s the main reason I choose them. Can’t wait to open issues on other instances without creating an account and not everything being on GitHub.

They do, it’s just a lot of work.

Here’s an example PR: https://codeberg.org/forgejo/forgejo/pulls/10380

HA is possible with 2 (+Qdevice) with zfs repl, but I’ll look for a third one as well sooner or later. I haven’t used ceph, but everyone tells me how much of an overhead it has

What kind of distributed storage do you want to use, Ceph? What kind of orchestration/hypervisor do you use? I also have two nodes currently (Proxmox) with pseudo shared storage (zfs replication).

How do you block email spam with a firewall?