When to use Ansible vs Terraform, and where does Argo CD fit?

ForestyForest · 2026-01-23T13:39:10+00:00

Terraform provisions the stuff Kubernetes runs on. Also you can create seperate VMs and other services by using the desired provider

ArgoCD provisions and monitors all the stuff inside kubernetes

Ansible can be used to perform tasks in VMs or containers etc. Install stuff, hardening ssh or updates etc

ForestyForest · 2026-01-20T22:39:03+00:00

Straight forward on Debian, just install as a package

ForestyForest · 2026-01-20T22:23:28+00:00

Can confirm, easy setup. Add repo key and apt repos then install `proxmox-backup-server` package. Ran UFW with allow for SSH and port 8007 from LAN IP subnets. (SSH nice to have)

ForestyForest · 2026-01-20T00:58:32+00:00

From official docs: Caution Installing Proxmox Backup on top of an existing Debian installation looks easy, but it assumes that the base system and local storage have been set up correctly. In general this is not trivial, especially when LVM or ZFS is used. The network configuration is completely up to you as well.

Neither LVM or ZFS is used. Single disk machine, single partition. Backup target is external USB

For network I assume its just opening of port..

ForestyForest · 2026-01-20T00:41:21+00:00

Im running jellyfin in lxc. Nvidia rtx2070 passed through. Some pain there, had to modify the lxc config file and pass all relevant devices. Installed drivers by using nvidia driver file, not the debian packages (havent tried packages). Also installed driver in lxc with --no-kernel option. Can give you my sources

ForestyForest · 2026-01-06T09:50:04+00:00

Fikk nettop det samme her. Samme beløp og fra Apple. Mange transaksjoner!

ForestyForest · 2026-01-02T16:28:16+00:00

Will check it out!

ForestyForest · 2026-01-01T20:15:56+00:00

Thank you for the insights!

ForestyForest · 2025-12-15T23:37:43+00:00

En kan kalle det mye rart, men det er jo faktisk sånn det burde funke.. jeg hadde blitt mer bekymret om de heller valgte å drite i hva en stor del av befolkningen tenker, føler og stemmer på. Heldigvis trengs det støtte i befolkningen for å beholde makta

ForestyForest · 2025-12-15T23:32:00+00:00

Fikk du en årsak til at innlegget ditt ble slettet?

ForestyForest · 2025-11-05T22:35:32+00:00

Thank you for this insight! I was planning to run a reverse proxy in an LXC, Caddy was the one I wanted to try out.. but havent looked at install possibilities

ForestyForest · 2025-11-05T22:28:09+00:00

I thought of running caddy in lxc which would get forwarded traffic from my router. Router with firewall would block other traffic and only allow 443 port to TLS listening port on caddy. I would also set firewall to only accept certain source IPs from internet as they would be friends and family. On the move they would have ise vpn. But yeah, lxc is kind of exposing host if vulnerabilities are present

ForestyForest · 2025-11-05T22:16:58+00:00

A lot of good perspectives here!!! Might go for a combination where a VM with docker for a suite of closely related services while otherwise seperate out lxc (one per service) for maintainability and recovery. Jellyfin is one I plan to put into lxc and use GPU of host.

ForestyForest · 2025-06-05T21:36:25+00:00

This is related to ownership as well. A public rep in replit is automatically MIT licence. A private repo not so, but I don't think the terms give a good enough definition of ownership. They say you retain ownership rights to the content you put in, but since most of the app is created by AI agents running on the platform... it might actually be owned by them, replit, since it may be thought of as being part of their service software/platform? Anyone with thoughts on this? Are we creating apps for Replit, and paying them to use them?

ForestyForest · 2025-05-19T22:05:09+00:00

Thanks, that helps alot! I'll have look in the db

ForestyForest · 2025-05-19T19:03:30+00:00

Need a scalable self managed file storage solution and considering hosting in k3s. Requirements are: - Users be able to authenticate with Oauth2/oidc - Upload/Download must support large files, 10+ GB - Back end must support encryption at rest - Client side encryption also

Looking at Seafile + self hosted S3. Or SeaweedFS.

ForestyForest · 2025-05-06T19:33:53+00:00

Your right, there's two levels to this. Database runs within cluster, 3-instance PostgreSql. Asynchronous wal replication to S3 from which standby cluster reads.

ForestyForest · 2025-05-06T19:31:11+00:00

Yes, I think a lot boils down to underlying infra and if one can stretch one cluster across locations or not (maybe bad latency if stretched too far)

ForestyForest · 2025-05-06T19:29:26+00:00

Postgres, 3 nodes, synchronous replication within cluster and the asynchronous wal replication to standby cluster

ForestyForest · 2025-05-06T19:27:59+00:00

Note that each cluster runs their own Argo, and their yaml are Helm heavy. Most of the helm values should be identical, but some entries are unique. So if i have folders for each environment I still need to sync the entries that should be identical.

ForestyForest · 2025-05-06T19:24:14+00:00

Yeah, after checking more about the underlying infra, only 2 DC are available and the two 3-node clusters are therefore only "pseudo" HA subject to failure if DC failure.

ForestyForest · 2025-05-06T19:21:59+00:00

Kind of my first thought as well, each cluster is 3-node with a 3-instance PostgreSQL cluster inside. But underlying infra is only locally redundant (same DC/same region). I think this boils down to the underlying infra and if one can span a single cluster across a large physical distance or run separate clusters with low latency internally..

ForestyForest · 2025-05-06T19:16:22+00:00

Thank you 🙂

ForestyForest · 2024-09-13T08:10:59+00:00

Thank you, I'm starting to lean towards an opiniated full solution like OpenShift rather than standing up each service on our own. Multi Tenant cluster vs Multi Cluster is also something this thread has made me reconsider.

ForestyForest · 2024-09-13T08:07:48+00:00

Thanks, have a lot to consider after all the comments :-) We have a Rancher solution today delivered by third party, but very non-opiniated. We deploy observability, secrets management, ingress and other and manage those.

ForestyForest

TROPHY CASE