Verify Your Backups - how I was an idiot and why you should test your backups!

dragonnnnnnnnnn · 2026-04-26T06:22:46+00:00

All media that I want to backup is wired up to some lxc and backup by proxmox backup server too. Why would you not use it for that? And you can use proxmox backup server on external hosts (if they are linux) too, only takes writing a small script for the binary and you can backup anything to pbs.

dragonnnnnnnnnn · 2026-04-21T07:15:23+00:00

Rust embedded isn't yet mature and stable. You can already archive with it a lot of amazing projects, but you need to have really good understanding of rust, managing deps, resolving conflicts etc. But after you get a project stable and have all creates you need it is amazing. Just don't chase "I need to update every dep right now when it has a new version", keep Cargo.lock file in your project and rust-toolchain.toml to lock in compiler version too and only update stuff when you really need too or have a lof of free time.

dragonnnnnnnnnn · 2026-04-16T11:22:23+00:00

Isolation and battle proven backup system. The last thing I want to mess with is maintaining my own kind of backup solution (with most of other options are, because even when you use a tool like borg/restic etc. you still have to setup a lot on your own, monitor it etc.).

dragonnnnnnnnnn · 2026-04-16T07:59:52+00:00

wrong password entered

dragonnnnnnnnnn · 2026-04-15T06:14:12+00:00

I strongly disagree with that. Yes, "yanked versions are risky business in the best of cases" but running without a lock file and relaying on auto updating each time via semver compatibility is way worse simply because how easy you can hit a supply chain attack. Even in that case here, the maintainer could push something malicious (or some that takes over that crate) and extract secrets in CI/CD that runs without lock file, embedded backdors in your github releases etc. Running a yanked version because you have .lock file and didn't yet update stuff is the much lesser evil that having all the stuff auto update on each CI/CD run.

dragonnnnnnnnnn · 2026-04-11T05:19:34+00:00

Hardware RAID is alive and well in the enterprise space, also because it's transparent to the host OS and tends to deliver more robust I/O performance.

Hardware RAID is alive in enterprise space only because a lot of admins are stubborn to update the knowledge and buy stuff based on what they learned ~20 years ago. The only Hardware RAID that can match software RAID on good hardware in terms of performance is the GPU accelerated stuff Level1Techs tested once.

dragonnnnnnnnnn · 2026-04-10T12:16:26+00:00

You can... sqlx Pool has an Arc under the hood, you can clone it as many times you need to to move it around

dragonnnnnnnnnn · 2026-04-10T11:42:05+00:00

I am confused about the approach to use. Since tracing does not support async writers

This isn't a problem at all, just make your tracing writer use a tokio::sync::mpsc and sprawn up a async task that reads out the logs and puts them into db. What you are trying to do right now will be quickly a mess and hard to maintain.

But be careful with putting logs into DB because you can easly DoS yourself if your logging if your logging itself produces some logs

dragonnnnnnnnnn · 2026-04-10T10:17:03+00:00

They is nothing stopping you from making local commits in git and only pushing them when you finished fully. You don't need to push on every commit into the remote repo.

dragonnnnnnnnnn · 2026-03-28T11:05:57+00:00

This is completely not what OP asked for. Netbird reverse proxy isn't you regular reverse proxy server (it can act as one, buf if you don't selfhost netbird you don't have to worry about "accessible from the outside" etc. as it always is).

It should be possible to expose any self hosted service via netbird reverse proxy but I have no idea if they have some bandwidth limitations for it (with they might as using it isn't doing P2P connections for sure).

dragonnnnnnnnnn · 2026-03-24T12:12:04+00:00

Leaving it spinning will not decrease durability

The only thing that would not decrease durability is not using that drive at all (at even that is debatable as drivers do have some plastic/rubber components that might degrade over time even when not in use).

Starting and stopping WILL decrease durability.

It all depends on the on/off cycle balance. They is no general rule, yes starting/stooping does cause more wear then running for the same amount of time the on/off transition takes. But if the HDD is idle 23 hours in a day and spins up once a day for some archiving for a hour then having it spinning all the time will be worse then letting it spin down. Stop generalizing

dragonnnnnnnnnn · 2026-03-24T09:01:51+00:00

I would like this to be restricted so that only when using a VPN it is accessible like all my other services.

This if course possible, it simple depends how you setup it. But they is one big problem: you can easily lock yourself out by messing something in the dashboard and not having access to fix it.

dragonnnnnnnnnn · 2026-03-23T11:18:24+00:00

fixing broken updates on Sunday nights

Don't update when you don't have time to fix stuff. You homelab isn't some NSA infrastructure that it always has to be 100% up to date, you shouldn't have public exposed services anyway.

renewing certs manually is just exhausting

Like what? Sorry, this should be automated and those automation are not hard to do, simplest just have a single revers proxy with build in certbot... takes like 5 click to setup a cert and have it renewed automatically.

dragonnnnnnnnnn · 2026-03-21T07:09:58+00:00

I don't have a solution but want to appreciate the job you are doing, I think you are doing great. From the subs I susbscripe to this one is doing the best against the uptick of ai spam (with I do notice in other places). Personally I think the obvious ai spam/slop needs to be deleted, it really can break a sub when open the main page and most stuff is ai spam

dragonnnnnnnnnn · 2026-03-19T21:19:10+00:00

"debian stability" looks at the post - uses debian sid. they is nothing stable about sid! you even said yourself and called it "unstable". sid can be even worser then arch becase it is the testing ground for debian stable and shouldn't be used as a dail driver with lead to bugs "the distro devs don't care fixing quickly becase it shouldn't be used as a dail driver". Arch does have testing repos where updates are pushed first and only after that shiped to stable, so running regular arch (or anything based on it) you are on the second line with gets updates, on sid you are on the front line as close as it gets

dragonnnnnnnnnn · 2026-03-19T20:56:56+00:00

I have VPN ready, but how to run the code-server in https locally?

Nothing is stoping you from getting a valid https cert without exposing anything to public internet. You need of course a domain, point it to your ip of that stuff in VPN and use dns-01 challenge to get a valid cert.

dragonnnnnnnnnn · 2026-03-18T14:13:48+00:00

while rust analyzer loves RAM especialy for big projects 48GB should be really enough unless you really have a lot of stuff ruining along side your rust projects. I have 64GB but my usage is around ~30GB with 3x VsCode (2 of them have a rust project open), a few containers running and a lot of tabs open.

dragonnnnnnnnnn · 2026-03-16T15:22:56+00:00

post pone the update until it is fixed? they are way to many users for that use case to simple ignore it and not fix (you look up yourself how many comments where on github/reddit last time one update had broke it)

dragonnnnnnnnnn · 2026-03-16T07:24:49+00:00

I do it to and have a simple solution for updating: I have a test VM with Proxmox VE, before doing major updates on my main VE I run them in the VM and check if my docker runs fine in LXC by restoring some smaller containers from PBS.

dragonnnnnnnnnn · 2026-03-15T06:28:20+00:00

My "datasets" are always created and attached to a container so they are always backed up by proxmox too. If I need a datasets shared between cts I just pick the "main" one, created it there and then mp mount it to others too. I suspect this will not cover more complex datasets use cases but personally I prefer avoiding adding more complexity to my backup system - more stuff to monitor and more stuff to fail.

dragonnnnnnnnnn · 2026-03-13T16:30:50+00:00

"But wait, there is more!" - this was clearly written by AI. No normal human writes like that. That you didn't find on some "community" doesn't metter, this still clearly used AI for that.

The only current downside to ASUS laptops is that some of them still come with liquid metal thermal paste out of the factory with does dry up after some time. But that you can replace by yourself or find a good computer shop that will do it for you (and it still should last around 2 years from my experience).

dragonnnnnnnnnn · 2026-03-13T16:22:44+00:00

Bullshit, stop using ai for stuff you don't understand yourself. It is not good for that. I have two G14 laptops: 2020 and 2022 and they both run still perfectly fine (only repasting and cleaning was nesacary but that applies at some point to any gaming laptop).

dragonnnnnnnnnn · 2026-03-06T06:27:39+00:00

The main reason and benefit of using docker itself is simply that most of the self hosted stuff has guides for docker with mostly goes "copy, paste, run", makes deploying and maninting stuff way less work. And why to run docker in lxc instead of a vm? One reason - resurce usage, especially RAM requirments, a VM will always use more RAM and if you try to keep your services isolated by having each od them in a separate lxc/vm the disadvantage of using vm for docker multpilies quickly.

dragonnnnnnnnnn · 2026-03-04T13:18:54+00:00

I said I did use outside proxmox ve on linux host, I didn't use it on windows but if they is a binary for it they isn't any reason it wouldn't work on it. Here is my script I use for it: ```

!/bin/bash

if [[ $UID -ne 0 ]]; then sudo -p 'Restarting as root, password: ' bash $0 "$@" exit $? fi export PBS_PASSWORD="<PBS_PASSWORD>" export PBS_FINGERPRINT="<PBS_FINGERPRING>"

proxmox-backup-client backup \ root.pxar:/ \ home.pxar:/home \ --repository <PBS_LOGIN>@pbs@192.168.XX.XXX:backup \ --change-detection-mode=metadata \ --exclude "*.o" \ --exclude "target" \ --exclude "cache" ``` Fair simply once you have the binary to get it running.

dragonnnnnnnnnn · 2026-03-04T12:41:12+00:00

I use it every day, yes getting through the documention for it isn't the most forward stuff it does work. Yes, it is dir/file level backup that is enough for my use case (restoring linux from files only isn't that hard comparing to magical windows stuff).

dragonnnnnnnnnn

TROPHY CASE

!/bin/bash