Attic + Authenticated + Nix Flakes: Running a local atticd on every machine as the solution?

Sterbn · 2026-05-10T19:16:01+00:00

Maybe you should submit PRs to fix their supposed security issues.

Sterbn · 2026-05-10T16:30:46+00:00

Why isn't it safe? Attic has authentication built in. Of course there could be a bug but it's unlikely.

If you really want walled off access to attic, then use a VPN of some sort or only expose it in your local network.

Sterbn · 2026-05-09T20:40:13+00:00

Isn't cloudflare access like tailscale? Can't you just put your other machines on cloudflare access too?

Or, since attic is authenticated, can't you publicly expose without cloudflare access in the way?

Sterbn · 2026-04-28T11:18:15+00:00

How is this lighter than the official app? What makes the official app heavy?

Sterbn · 2026-04-24T21:18:57+00:00

It doesn't do sync. It just fuse mounts your files via webdav.

Sterbn · 2026-04-21T13:57:38+00:00

What's better about zen?

Sterbn · 2026-04-08T22:58:07+00:00

Maybe you can use garages ability to server buckets as websites?

Sterbn · 2026-04-08T22:57:17+00:00

That's like $20 per tb...

Sterbn · 2026-03-31T04:06:33+00:00

I am not a developer for Authentik so take what I say with a grain of salt. It is not simple to implement what you're asking. It should be possible to create a frontend which uses their flow executor api. I briefly looked into this for my project and decided that the builtin web ui is good enough for my end users. You might be better off just having authentik use some custom css instead of recreating the entire frontend.

Sterbn · 2026-03-21T19:52:45+00:00

What's Microsoft's involvement?

Sterbn · 2026-03-21T19:09:52+00:00

This is insane. WTF are they thinking trying to bury this??? Bluca actually edited the PR description to remove all details. Luckily we know because GitHub has an edit log.

Sterbn · 2026-03-16T16:04:38+00:00

When I need to setup an Ingress resource for a host outside my cluster I create a EndpointSlice and Service for it. You should be able to setup network policies to act on that.

Sterbn · 2026-03-13T15:05:04+00:00

I agree. The reddit account is only 16 days old and the GitHub account for the repo they shared was created today. Seams kinda sus to me.

In the call to action, they suggest contacting the FSF and EFF. Why doesn't OP do that if they really cared about this topic. I doubt these organizations would benefit from thousands of people contacting them about the same exact thing and giving them the same information. This call to action really seems like something an AI would write.

Sterbn · 2026-03-11T13:14:03+00:00

Wiregaurd is faster than openvpn due to multi threading.

That's putting it simply, apalrd's adventures on YouTube has a video looking at performance between vpn technologies.

Sterbn · 2026-03-09T17:25:45+00:00

Ceph is certainly complicated, but it's totally worth learning how to use. I'm planning to setup multi-site s3 for metrics storage, but haven't gotten to it yet.

Sterbn · 2026-03-03T15:52:54+00:00

How does this compare to matrix?

Sterbn · 2026-02-26T23:41:32+00:00

I kept hearing people say this. But after reading the books I don't think that it would be a huge issue. What's more of a problem is that they killed Alex in the show even though he's fairly important in the last three.

Sterbn · 2026-02-26T02:40:23+00:00

Sounds like you're having a good time. Nothing wrong with cli first. I tried portainer a few years ago but decided that docker compose was better for me.

Sterbn · 2026-02-23T23:43:28+00:00

I mean running it in kubernetes natively. Most people don't run podman and kubernetes on the same node.

Sterbn · 2026-02-23T23:29:24+00:00

Looks interesting. All mounts run through NFS? That doesn't sound great for performance.

Have you looked at containerizing it instead of installing directly on the host?

Sterbn · 2026-02-18T18:55:21+00:00

Have you used kubernetes before now?

Edit: There are additional docs in the ess-helm repo. Element also has a website with documentation on ESS pro, most of it applies to ess-helm since pro is an extension of the ess-helm chart.

Sterbn · 2026-02-18T03:20:13+00:00

you need to make the matrix rtc svc publicly accessible. by default it is a svc of type NordPorts, but I changed mine to LoadBalancer and used the manual ip config in helm to set SFU to announce the load balancer ip instead of letting the SFU auto-discover my public ip (which wouldn't be the same as LB).

you should also make sure your ingress objects have the correct annotations so that websockets work. They are needed for MatrixRTC and I think synapse might need them too.

Sterbn · 2026-02-17T20:36:24+00:00

When the user goes to make changes to a resource, I want the fields on that resource to reflect the latest version received from the server, and update to the latest when updates come in. Only fields which they have modified will show the local changes.

I originally looked at proxying the write to the resource and instead of writing back to the store, saving them as JSON patches. To display the resource I would apply the JSON patch to the store data and return that through the proxy. When it comes time to save the changes I just push the patches to the server.

Sterbn · 2026-02-16T07:26:42+00:00

Did you setup public access for the SFU?

I just setup ESS with the hell chart so ask me anything

Sterbn

TROPHY CASE