I do. I find it very useful.

Is it safe? No idea, but its read only, so seems that they cannot operate on your bank account in any case. That feels safe enough for me.

The OS needs access to the keys accepted by the bl. Pixels have that, so graphene can relock. Other vendors don’t give this opportunity, so Roms like los which support many devices, better be safe than sorry.

Try relock on a xiaomi device and you have unrecoverable hard brick.

A locked bootloader looks for official ROM signatures, which a custom ROM doesn’t have.

That’s why this is impossible. You can hard-brick your phone, that’s why LineageOS doesn’t allow you to relock.

These blog posts might seems a bit nahive, but making fun of them is not nice.

I still appreciated reading them and the raised some questions in me, even if maybe not the ones the author was aiming for.

Still interesting.

Whats wrong with people just criticizing everything around here? Are we getting toxic like “the other site”?

LineageOS stock

Not a bad take per-se, but a bit condescending. While I agree and like the KISS paradigm, remember that no solution works at a lower complexity level of the problem itself.

So, define your problem clearly, find the simplest possible solution. Don’t overcomplicate, I agree, but don’t be fooled by false hopes.

Is it really simpler? Yes. Will it scale if I need it to? Maybe not, but will I really need for it to scale?

And so on.

I installed from fdroid, I expect it to be still available as far as it will work…

And I guess somebody will build and keep publishing it just not on google play, which is anyway a cesspool nowadays, so no big deal.

Nope!

Just wasted 3 days debugging an IP assigned to two devices… Not fun, don’t do it…

I think that proposing immich for every use case out there is not the correct answer.

As much as I like immich, this is not a good use case… iMHO.

All that? Well, I understand your point, but honestly I have more fun learning something new, and was really little work.

Anyway… Its an option too

No you don’t need two: in fact I have only unbound setup to do everything with one piece of software.

Better or worse? No idea, but it works and its one less piece that might fail.

I have a quite rich selfhosted stack, and DNS is indeed part of it.

For such a critical piece of infrastructure I didn’t needed a container, just installed Unbound and did some setup for ad blocking and internal DNS rules.

Here my setup: https://wiki.gardiol.org/doku.php?id=router:dhcp-dns

You could go with an independent pihole maybe, but that would double the chances of a hardware failure…

Using one device for everything might seem risky, but actually has less chances of failure ;)

That’s not the point. Maybe you can, but for how long? you will never stop asking the question with docker…

I think you wrote it back ways: transitioned from docker to podman?

Yeah podman should use quadlets, not compose, but still works just fine with docker compose and the podman socket!

Yes you need both 80 and 443 for certbot to work. Anyway having 80 to redirect to 443 is common and not a security risk.

Podman guys… Podman All the way…

There is no “write and forget” solution. There never has been.

Do you think we have ORIGINALS or Greek or roman written texts? No, we have only those that have been copied over and over in the course of the centuries. Historians knows too well. And 90% of anything ever written by humans in all history has been lost, all that was written on more durable media than ours.

The future will hold only those memories of us that our descendants will take the time to copy over and over. Nothing that we will do today to preserve our media will last 1000 years in any case.

(Will we as a specie survive 1000 more years?)

Still, it our duty to preserve for the future as much as we can. If today’s historians are any guide, the most important bits will be those less valuable today: the ones nobody will care to actually preserve.

Citing Alessandro Barbero, a top notch Italian current historian, he would kill no know what a common passant had for breakfast in the tenth century. We know nothing about that, while we know a tiny little more about kings.

Fellow Gentoo user! Kudos.

Well, here is the relevant part then, sorry if it was not clear:

• Jellyfin will not play well with reverse proxy auth. While the web interface can be put behind it, the API endpoints will need to be excluded from the authentication (IIRC there are some examples on the web) but the web part will stil force you to double login and canot identify the proxy auth passed down to it.
• Jellyfin do support OIDC providers such Authelia and it’s perfectly possible to link the two, in this case as i was pointing out, Jellyfin will still use it’s own authentication login window and user management, so the proxy does not need to be modified.

TLDR: proxy auth doesnt work with Jellyfin, OIDC yes and it bypassess proxy, so in both cases proxy will not be involved.

https://laviadiannibale.it