Yes, even IPv4 was intended to give each device in the world their own IP, but the address space is too limited. IPv6 fixes that.
Actually, each device usually has multiple IPv6s, and only some/one are globally routable, i.e. it works outside of your home network. Finding out which one is global is a bit annoying sometimes, but it can be done.

Usually routers still block incoming traffic for security reasons, so you still have to open ports in your router.

If you go with IPv6, all your devices/servers have their own IP. These IPs are valid in your LAN as well a externally.

But it’s still important to use a reverse proxy (e.g. for TLS).

Many places don’t enforce those laws for simply torrenting.

Some countries (US) ask the ISP to send warning letters and might disable the internet. In other countries law firms get personal details from the ISP and send a costly letter of a thousand Euro for a single infraction like in Germany.

I would ideally like to convert the library to h.265 or even AV1 if I can make it work.

Unless you’ve downloaded remuxes (which I doubt), I’d seriously recommend redownloading instead of converting your existing files.

h.265 and especially AV1 take a long time to encode by CPU, and hardware encoding won’t give you any space savings, unless you’re okay with losing much details.

Redownloading is most definitely faster, will result in more space savings for the quality you’ll get. PS: Unless you’ve got data volume limits, but even then I’d recommend slowly upgrading over time. It’s quite simple with TRaSH guides and giving h.265 a higher score.

• ActualBudget for finances.
• Radicale for calendar/contacts.
• Immich for photos/videos.
• Redlib as a frontend for Reddit (LibRedirect ftw).
• TheLounge as an IRC client.
• Bitwarden/Vaultwarden as a password manager.
• paperless-ngx for documents

NixOS in LXC works great, although I switched to bare metal NixOS a few months ago. I didn’t see the need for proxmox as it hindered my ability of declaring the whole system.

Creating NixOS LXC’s is a bit of a pita. Some links that helped me two years ago:

• https://wiki.nixos.org/wiki/Proxmox_Virtual_Environment#LXC
• https://web.archive.org/web/20230818134729/https://blog.xirion.net/posts/nixos-proxmox-lxc/

Regular btrfs scrubs is a good idea to detect data loss/drive failure early. I have a monthly sytemd timer run it automatically.

Btrfs balance can also free up space but I don’t run it regularly.

“given the same source code, build environment and build instructions, any party can recreate bit-by-bit identical copies of all specified artifacts”

NixOS does not guarantee bit-by-bit identical results. NixOS hashes the inputs and provides a reproducible build environment but this does not necessarily mean the artifacts are identical.

E.g. if a build somehow includes a timestamp, each build will have a different checksum.

It’s great to see another open source OIDC provider (with more features). I’ve set up Pocket ID which is awesome because of it’s simplicity and it’s great.

I found the guide/examples on their website a bit irritating at first (that’s on me) but it works well once understood and configured.

Yes. 127.0.0.0 is the localhost. This is the IP the container is listening on. Even if there was no firewall it wouldn’t allow any connection except from the host. If it’s set to 0.0.0.0 it means it’ll allow connections from any IP (which might not be an issue depending on your setup).

The reverse proxy runs on localhost anyway, so any other IPs have no reason to ever have access.

It’s mostly to allow the reverse proxy on localhost to connect to the container/service, while blocking all other hosts/IPs.

This is especially important when using docker as it messes with iptables and can circumvent firewall like e.g. ufw.

You’re right that it doesn’t increase security on case of a compromised container. It’s just about outside connections.

Some I haven’t yet found in this thread:

• rootless podman
• container port mapping to localhost (e.g. 127.0.0.1:8080:8080)
• systemd services with many of its sandboxing features (PrivateTmp, …)

I do the same, but with Wireguard instead of OpenVPN. The performance is much better in my experience and it sucks less battery life.

Trying to actually restore is the best way to ensure the backup works. But it’s annoying so I never do it.

I usually trust restic to do it’s job. Validating that files are there and are readable can be done with restic mount, and you’ve mentioned restic check.

The best way to ensure your data is safe is to do a second backup with another tool. And keep your keys safe and accessible. A remote backup has no use of the keys burned down.

Hopefully this change actually helps Element to make money. It was always a problem how entangled Matrix and Element are, simply because Element finances most of Matrix. This seems to change now with the Matrix Foundation having an employee.

Conduit is also licensed under Apache 2.0, so it could also be taken closed source at any point in time. The reason this wouldn’t impact Conduit as much is that there’re other contributors, whilst Synapse and Dendrite are almost exclusively developed by Element.

The CLA is necessary since Element funds the development of their servers by contracting with companies, governments and institutions which have special needs. Publishing those patches might be against their customers wishes.

The AGPL ensures no one else can make proprietary changes but Element because of their CLA. This makes it unattractive for companies and volunteers to contribute to Element’s servers, which isn’t a problem because those contributors didn’t exist in the first place.

As I understand it, the people who feel strongly about this change feel like their trust was betrayed by Element. The others are probably corporation’s like reddit who don’t want to contribute anyway but are now not able to profit off of Elements work.

My opinion is split. On the one hand I like the change to AGPL, since it forces forks to continue to be foss. On the other hand, Element continues to be allowed to license the code differently, so it doesn’t really change that the code could be closed off at any point in time.

The most important question is whether this change will benefit Element. Status quo is companies taking without giving back. Now corporations and volunteers won’t contribute code because of the CLA and AGPL. This means Element hopes those corporations will contract with Element to get access to differently licensed code for a monetary contribution.

I think reddit will just develop their own server, but maybe smaller companies (like in the health care sector) will pay Element.