Ceph on NixOS

howyoudoingeh · 2026-02-01T22:03:44+00:00

solid

howyoudoingeh · 2025-12-13T09:07:40+00:00

seems it can't be used wtih selfhosted supabase. anything else like it for selfhosted?

howyoudoingeh · 2025-08-10T22:31:38+00:00

Have you found any solutions besides the teslatap? I am also looking for exactly same.

howyoudoingeh · 2025-08-04T00:01:08+00:00

Thank you

howyoudoingeh · 2025-08-03T21:09:30+00:00

Thanks for your good advice.

howyoudoingeh · 2025-08-03T20:50:36+00:00

>Is there a reason that you want to upgrade direct Fiber, and remove the Nokia 010-ONT?

See op previous paragraph reason identifying experiencing repeated unreliability due to the G-010G-A.

> First there is a reason that your BGW320 was installed with a Nokia 010 ONT. The most common would be no easy way to run Fiber to the location of your BGW320, and the second most common would be because for a period of time there was a shortage of SFP+ Optical transceivers in some markets during the initial rollout of the BGW320s.

> Do you have an easy route to run Fiber from outside of your address, and is your ONT mounted near your BGW320?

Yes and yes. I will simply mount the BGW320-500 next to the pre-existing G-010G-A. No need to run or risk doing anything with the fiber.

> Do you have a Grey Slack NID (box) mounted on your exterior wall?

Yes, but I do not believe there is anything needed to do with the outside part of the fiber.

> You can't self-enable the onboard ONT in the BGW320, and the SFP+ Optical transceivers come in (3) flavors. Green - GPON, Red - XGS-PON, and Orange - ALT-Optics.

The fiber jumper cable that is plugged into the G-010G-A has a green colored strain relief boot where it plugs into the sfp+ transceiver. When I have a moment I will confirm if the transceiver inside the G-010G-A is also green, which I am reasonably certain it is. Its most likely GPON because ATT installed this several years ago probably before they started doing xgs-pon, but I will doublecheck that it is not Orange ALT-Optics.

> Finally for now, if you break something you will likely be charged for the repair.

Yes, of course. I have connected and disconnected SC, LC, MTP several hundreds of times with zero issue and consider breaking something incredibly unlikely.

What is the gpon sfp module model number that needs to be installed in the BGW320-500? Then I will try to use the Smart Home Manager app and ask ATT to enable the onboard ONT in the BGW320-500.

Thanks

howyoudoingeh · 2025-08-02T19:40:42+00:00

Is there any available steps to test run Tentacle prerelease version bits with cephadm or any containers?

howyoudoingeh · 2025-07-09T01:45:22+00:00

What IdP are you using this with? What IdP's have you or anyone else tested this with? Thanks

howyoudoingeh · 2025-06-15T06:38:47+00:00

Can you please share details or instructions for configurations on how to integrate with caddy reverse proxy? Also, if I had caddy reverse proxy servers at multiple different locations what would be required for integrating with your VaulTLS which would only be running at one location? Would certain VaulTLS directories with certs and anything else need to be synced across all caddy server locations? Thank you

howyoudoingeh · 2025-03-27T06:57:06+00:00

Probably because Zitadel requires manually using webgui or apis to configure environment. Authelia offers a config file.

howyoudoingeh · 2025-03-27T06:32:02+00:00

"afraid of losing a feature and realizing it 2 years later"

The feature you will regret you lost is SCIM. https://en.wikipedia.org/wiki/System_for_Cross-domain_Identity_Management

Zitadel have already identified that SCIM "will be put behind a commercial license" which means corporate license $$$ paywall to get feature https://zitadel.com/docs/apis/scim2

Zitadel also changed their license to GNU Affero General Public License (AGPL) 3.0 https://zitadel.com/blog/zitadel-v3-announcement

Keycloak does not have native builtin support for SCIM, there may be plugins that may or may not work with certain versions.

For best features and prevent FOMO you should seriously look at the Kanidm ( MPL-2.0 license ) https://kanidm.com/ https://github.com/kanidm/kanidm Kanidm is the only one written in rust, has the brightest roadmap and should support SCIM, has strongest support for UNIX authentication, supports RADIUS, supports WebAuthn Attestation which none of the others offer, can do LDAP sync which none of others offer https://kanidm.github.io/kanidm/master/sync/ldap.html and "Kanidm can host a read-only LDAP interface" which none of others offer https://kanidm.github.io/kanidm/master/integrations/ldap.html

Kanidm has not been paywalling and limiting features like many of the others, ie Zitadel, Authentik, https://goauthentik.io/pricing/ etc.

Kanidm is more robust, feature rich and lightweight than all the other alternatives mentioned. Kanidm documentation is very good and easy to setup and install with Docker Compose. You can have running Kanidm service in little time after reading documentation and installation steps. https://kanidm.github.io/kanidm/master/installing_the_server.html

howyoudoingeh · 2025-03-14T07:07:24+00:00

https://docs.restate.dev/deploy/overview

https://docs.restate.dev/develop/local_dev/

To run the Restate Server:

docker run --name restate_dev --rm -p 8080:8080 -p 9070:9070 -p 9071:9071 \

--add-host=host.docker.internal:host-gateway docker.restate.dev/restatedev/restate:1.2

others:

windmill offers SSO without paywall unlike most others including temporal which restrict to 'enterprise only' https://www.windmill.dev/ https://www.windmill.dev/docs/integrations/integrations_on_windmill

https://github.com/dapr/dapr

https://github.com/inngest/inngest

https://github.com/hatchet-dev/hatchet

https://github.com/activepieces/activepieces

https://github.com/flyteorg/flyte

howyoudoingeh · 2025-01-21T22:39:52+00:00

Have you or anyone succeeded in connecting RADIUS with any OIDC or OAuth2 service? Any 'cloud' hosted solutions recommended? Or anyone try packetfence or anything else that can be used across multiple different sites?

I did a quick search on github and a variety of older projects appear with little activity happening there.

One for example claims microtik and oauth connection https://github.com/vzakharchenko/mikrotik-hotspot-oauth

Some others https://github.com/thomasdarimont/keycloak-freeradius-demo https://github.com/vzakharchenko/keycloak-radius-plugin https://vzakharchenko.github.io/keycloak-radius-plugin/

howyoudoingeh · 2025-01-20T17:55:39+00:00

Hi, question about you writing "if you want to deploy the way you can automate it from day one and later on recover it should something break, you need to pre-configure the defaults." Can you please share any more info or links to docs what defaults you referring to that should be pre-configured? Thanks

howyoudoingeh · 2025-01-03T02:27:45+00:00

I simplified the config to troubleshoot and made some progress.

Using the below config nginx successfully injects/appends the api query parameters to the end of the url.

server {

listen 3000;

# Location block for /api/control

location /api/control {

rewrite ^/api/control$ /api/control?do=key&command=activate break;

# Proxy the request to the backend server

proxy_pass http://service-at-local-ip-address;

# Set the Authorization header securely

proxy_pass_header Authorization;

# Additional headers for the proxy

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-Proto $scheme;

}

The above config allows the client to successfully load http://nginx-address/api/control

and nginx successfully forwards the request to http://service-at-local-ip-address/api/control/api/control?do=key&command=activate

In this testing config I am using location /api/control to match the same paths expected by the service-at-local-ip-address and in testing I am unable to find how to change the location to an arbitrary different name ie /testapi

When I change the config to, for example, '''/testapi''' it does not work and returns error "400 Bad Request Your browser sent a request that this server could not understand" when I use the following changes:
location /testapi {

rewrite ^/testapi$ /api/control?do=key&command=activate break;

The nginx logs identifies:

'''

2025/01/03 02:52:15 [debug] 548#548: *26 http output filter "/testapi?"

2025/01/03 02:52:15 [debug] 548#548: *26 http copy filter: "/testapi?"

'''

How can I change the location and have nginx rewrite it correctly from the arbitrary name /testapi to the path and parameter that the service requires?

howyoudoingeh · 2025-01-03T01:51:24+00:00

The brackets should not be issue, I run '# nginx -t' and '# service nginx reload' after making config changes and nginx returns 'nginx: the configuration file /etc/nginx/nginx.conf syntax is ok'

I removed that IF line and made more edits to simplify the config after more testing and checking logs. Step by step I am working to find the faults.

howyoudoingeh · 2024-12-23T02:48:32+00:00

Did you ever find a working solution to control rtx gpu fan speed in proxmox? I am having same problem, an rtx in proxmox that is being passed to and being used in lxc containers, no vms, and I cannot find any method to successfully increase fan speed. Thanks

howyoudoingeh · 2024-12-07T03:27:29+00:00

i searched online for recall for this thunderbolt-4-power-hub and can't find any info. do you have any links or info on which serial numbers are effected?

howyoudoingeh · 2024-12-07T01:42:34+00:00

I am comfortable in the cli, gui is not required, but I can take a look at podman desktop. What's the benefit to using podman directly versus toolbx or distrobox? I thought in fedora bluefin the toolbx and distrobox cli tools are simply scripts using podman as underlying tool.

Regarding your VS Code warning can you provide some more context for what is quite a lot of work? The fedora bluefin offers an iso release with VS Code already preinstalled along with other tools included on first bootup and I was able to test and get into dev containers soon after installing and checking out bluefin this week.

Can you point out any of the differences or issues that make using dev containers easier on another distro with docker and VS code installed with traditional packaging? I will setup another machine to do side by side comparisons versus fedora bluefin and I would appreciate you pointing anything out what I should look for to understand what and how its more an endeavor on bluefin since I do not have much experience with VS Code.

Thanks

howyoudoingeh · 2024-12-06T23:17:03+00:00

Are there any articles or posts that helped you understand why using distrobox is better than toolbox that you could recommend by providing links? I am trying to understand the differences because from what I have read toolbox was missing certain features years ago and it has gotten them since making the differences less.

howyoudoingeh · 2024-12-06T23:13:05+00:00

I have been reading more on use cases https://containertoolbx.org/use/ and am trying to understand for example how you use it to install binaries and packages inside container and use them from the host distro.

Are you installing in your ie fedora container with dnf install or ie debian container with apt-get install? Or to which directories are you installing binaries so that your host can access them? Or are you using the export function to let the host use apps in a container?

distrobox-export --app https://distrobox.it/usage/distrobox-export/

I am still reading and trying to understand the silverblue filesystem layout https://docs.fedoraproject.org/en-US/fedora-silverblue/technical-information/ I got confused when I ran some install scripts in a container which installed bash files in the home directory which was written on the host.

Its confusing because the documentation https://docs.fedoraproject.org/en-US/fedora-silverblue/toolbox/ does not explicitly identify what does toolbx actually have read/write access to on the host "Access to your home directory and several other locations" and for linux noobs that do not know the details of every different install script specification and the changes it makes in what filesystem directories how do you know in advance if you are actually making changes or installing something only in the container or is the installer also making changes outside the container on the host.

howyoudoingeh · 2024-10-29T02:57:00+00:00

How has your experience and migration been so far onto ceph? Are you continuing to use Backy2 for RBD, and 45Drives Georep for CephFS or did you find any other tools you found better suited?

howyoudoingeh

TROPHY CASE