It’s not just any Notepad, it’s “Microsoft’s 365 Ai-Enhanced Notepad+++ Pro Edition (New Version)”. Unlike every other notepad software, this one sucks.

it’s the 30mm GAU-8 rotary cannon that goes brrrrt

Man I wish I spent time actually learning Proxmox, instead dumped everything into a headless Debian VM and called it a day.

deleted by creator

Oh yeah I’m aware, if people don’t want to use a VPN then I suggest this but give them the advisory warning.

Actually, recently I’ve been using a fork of IPAllowList which accepts DDNS addresses, but that usually is for more technical folk who would probably rather use a VPN then purchase a domain and associate it with their network.

Pangolin is based off of Traefik if I’m not mistaken, should be able to use Traefiks IPAllowlist middleware to blacklist all IP addresses and only whitelisting the known few, that way you can expose your application to the internet knowing you have that restriction in place for those who connect to your service.

What good does changing the headline do?

Well that’s interesting,

I ran journalctl -xe expecting not to get much of an output however, my log is full of:

Mar 24 16:50:37 debian kwin_x11[2914]: kwin_effect_blur: Failed to create an offscreen framebuffer
Mar 24 16:50:37 debian kwin_x11[2914]: kwin_scene_opengl: 0x501: GL_INVALID_VALUE error generated. <levels>, <width> and <height> must be 1 or greater.
Mar 24 16:50:37 debian kwin_x11[2914]: kwin_scene_opengl: Invalid framebuffer status:  "GL_FRAMEBUFFER_INCOMPLETE_ATTACHMENT"
Mar 24 16:50:37 debian kwin_x11[2914]: kwin_effect_blur: Failed to create an offscreen framebuffer
Mar 24 16:50:37 debian kwin_x11[2914]: kwin_scene_opengl: 0x501: GL_INVALID_VALUE error generated. <levels>, <width> and <height> must be 1 or greater.
Mar 24 16:50:37 debian kwin_x11[2914]: kwin_scene_opengl: Invalid framebuffer status:  "GL_FRAMEBUFFER_INCOMPLETE_ATTACHMENT"
Mar 24 16:50:37 debian kwin_x11[2914]: kwin_effect_blur: Failed to create an offscreen framebuffer
Mar 24 16:50:37 debian kwin_x11[2914]: kwin_scene_opengl: 0x501: GL_INVALID_VALUE error generated. <levels>, <width> and <height> must be 1 or greater.
Mar 24 16:50:37 debian kwin_x11[2914]: kwin_scene_opengl: Invalid framebuffer status:  "GL_FRAMEBUFFER_INCOMPLETE_ATTACHMENT"
Mar 24 16:50:37 debian kwin_x11[2914]: kwin_effect_blur: Failed to create an offscreen framebuffer
Mar 24 16:50:37 debian kwin_x11[2914]: kwin_scene_opengl: 0x501: GL_INVALID_VALUE error generated. <levels>, <width> and <height> must be 1 or greater.
Mar 24 16:50:37 debian kwin_x11[2914]: kwin_scene_opengl: Invalid framebuffer status:  "GL_FRAMEBUFFER_INCOMPLETE_ATTACHMENT"
Mar 24 16:50:37 debian kwin_x11[2914]: kwin_effect_blur: Failed to create an offscreen framebuffer
Mar 24 16:50:37 debian kwin_x11[2914]: kwin_scene_opengl: 0x501: GL_INVALID_VALUE error generated. <levels>, <width> and <height> must be 1 or greater.
Mar 24 16:50:37 debian kwin_x11[2914]: kwin_scene_opengl: Invalid framebuffer status:  "GL_FRAMEBUFFER_INCOMPLETE_ATTACHMENT"
Mar 24 16:50:37 debian kwin_x11[2914]: kwin_effect_blur: Failed to create an offscreen framebuffer
Mar 24 16:50:37 debian kwin_x11[2914]: kwin_scene_opengl: 0x501: GL_INVALID_VALUE error generated. <levels>, <width> and <height> must be 1 or greater.
Mar 24 16:50:37 debian kwin_x11[2914]: kwin_scene_opengl: Invalid framebuffer status:  "GL_FRAMEBUFFER_INCOMPLETE_ATTACHMENT"
Mar 24 16:50:37 debian kwin_x11[2914]: kwin_effect_blur: Failed to create an offscreen framebuffer
Mar 24 16:50:37 debian kwin_x11[2914]: kwin_scene_opengl: 0x501: GL_INVALID_VALUE error generated. <levels>, <width> and <height> must be 1 or greater.
Mar 24 16:50:37 debian kwin_x11[2914]: kwin_scene_opengl: Invalid framebuffer status:  "GL_FRAMEBUFFER_INCOMPLETE_ATTACHMENT"
Mar 24 16:50:37 debian kwin_x11[2914]: kwin_effect_blur: Failed to create an offscreen framebuffer
Mar 24 16:50:37 debian kwin_x11[2914]: kwin_scene_opengl: 0x501: GL_INVALID_VALUE error generated. <levels>, <width> and <height> must be 1 or greater.
Mar 24 16:50:37 debian kwin_x11[2914]: kwin_scene_opengl: Invalid framebuffer status:  "GL_FRAMEBUFFER_INCOMPLETE_ATTACHMENT"
Mar 24 16:50:37 debian kwin_x11[2914]: kwin_effect_blur: Failed to create an offscreen framebuffer
Mar 24 17:00:00 debian systemd[2614]: Started drkonqi-sentry-postman.service - Submitting pending crash events.
░░ Subject: A start job for unit UNIT has finished successfully
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░ 
░░ A start job for unit UNIT has finished successfully.
░░ 
░░ The job identifier is 4486.
Mar 24 17:00:00 debian drkonqi-sentry-postman[9023]: org.kde.drkonqi.sentry: QNetworkReply::ConnectionRefusedError "Connection refused"
Mar 24 17:00:00 debian drkonqi-sentry-postman[9023]: org.kde.drkonqi.sentry: QNetworkReply::ConnectionRefusedError "Connection refused"
Mar 24 17:00:00 debian drkonqi-sentry-postman[9023]: org.kde.drkonqi.sentry: QNetworkReply::ConnectionRefusedError "Connection refused"
Mar 24 17:00:00 debian drkonqi-sentry-postman[9023]: org.kde.drkonqi.sentry: QNetworkReply::ConnectionRefusedError "Connection refused"
Mar 24 17:00:00 debian drkonqi-sentry-postman[9023]: org.kde.drkonqi.sentry: QNetworkReply::ConnectionRefusedError "Connection refused"
Mar 24 17:04:12 debian plasmashell[2938]: KPackageStructure of KPluginMetaData(pluginId:"org.kde.merkuro.contact.applet", fileName: "/usr/share/plasma/plasmoids/org.kde.merkuro.contact>
Mar 24 17:04:13 debian kmenuedit[3266]: QThreadStorage: Thread 0x55c784c1f8d0 exited after QThreadStorage 8 destroyed
Mar 24 17:04:13 debian systemd[2614]: app-org.kde.kmenuedit@c3c9752c88b040738079b63d23e609ee.service: Consumed 3.486s CPU time, 34.4M memory peak.

Appears to be related to my wallpaper, perhaps the KDE Wallpaper Engine plugin i use borked, however i never did mention in the main post but i did backup and reset my desktop environment following Debians documentation and that didn’t resolve the hanging issue either so i am hesitant to say the desktop itself is borked, seems more like a dependency that’s failing to talk with plasma.

Edit: After doing some digging it appears others have encountered the same kwin error message along with comments of freezing and crashing. Appears to be a driver issue and is patched in 580.xx versions which Debian 13 does not ship on its stable branch.

systemd-analyze Can tell you about how long thing took to start, and the -blame flag can help pinpoint hangs and so on.

I ran this command the output is as such:

Startup finished in 7.208s (firmware) + 2.336s (loader) + 3.601s (kernel) + 15.279s (userspace) = 28.426s 
graphical.target reached after 15.279s in userspace.

Which is weird, i timed how long it took from rebooting to landing at the desktop and i got between 5-6 minutes, 30 seconds to reboot and land at SDDM but another 4.5-5 minutes actually loading the desktop itself.

Can I assume you use https://privacy.com/ for this? If so unfortunately only Americans can utilize that service.

Might be worth a look into.

Alternatively you could check if you have Debian repositories in /etc/apt/sources.list.d because PopOS is based off of Debian at its core, and follow Debian’s guide to installing KDE, I do not recommend adding Debian’s repositories if you do not already have them as you may install conflicting packages/dependencies by mistake.

What desktop environment are you using? That shortcut is already available in KDE Plasma 5/6.

Matrix runs great out of the box but once you start joining large rooms your server has to synchronize with every instance, this is very taxing on the network and in my experience was essentially DDOS’ing me until I started a cache at the reverse proxy level and forced it to use my secondary PiHole.

Huh, swear I’ve seen this somewhereX

Oh I am fully aware it just cosmetic, that’s why I added this line In my original comment:

but be warned if you take this route that the CSS can be re-enabled on the login screen using your browsers element inspect

hence why I also suggest just outright blacklisting all IP’s and only whitelisting the known few at the reverse proxy level.

I’ve been looking at VPNs, but it feels weird, to route everything through my home IP when I’m also trying to use a commercial VPN for privacy / to combat services fingerprinting me based on my IP.

My ASUS WRT router (running Merlin Firmware) forwards my Home WireGuard VPN server through one of my Proton VPN clients, I get all the added bonuses of being connected to my home network, utilizing my PiHole an such, while benefiting from appearing across the world.

I’m currently considering a reverse proxy setup with an authentication provider like authentik or authelia, but as far as I understand, that wouldn’t work well with accessing services through an app on my mobile device (like for jellyfin music for example.)

This is correct, you cannot host an authentication service in front of Jellyfin’s proxy otherwise the Jellyfin Media Player will not connect to your server however, there is a Jellyfin SSO plugin for authentication which is what I use and I disabled the manual login form via CSS but be warned if you take this route that the CSS can be re-enabled on the login screen using your browsers element inspect, I wish you can disable it outright but it’s heavily baked into Jellyfin from what I’ve read.

I suggest setting up a IP-Blacklist for Jellyfin and only whitelisting the known IP’s.

deleted by creator

Jellyfin isn’t the most secure piece of software out there, I would avoid giving it permissions it doesn’t need.

Step 1) Check /dev/dri for the GPU

user@debian:~/compose$ ls /dev/dri
total 0
drwxr-xr-x  3 root root        120 Jan 25 11:50 .
drwxr-xr-x 18 root root       3360 Feb 11 03:03 ..
drwxr-xr-x  2 root root        100 Jan 25 11:50 by-path
crw-rw----  1 root video  226,   0 Jan 25 11:50 card0
crw-rw----  1 root video  226,   1 Jan 25 16:39 card1
crw-rw----  1 root render 226, 128 Jan 25 11:50 renderD128

Documentation indicates renderDXXX typically refers to Intel GPU’s

Make sure at least one renderD* device exists in /dev/dri. Otherwise upgrade your kernel or enable the iGPU in the BIOS.

2. Edit your docker-compose.yaml and add this In your Jellyfin block

devices:
 - /dev/dri/renderD128:/dev/dri/renderD128

3. Start your container and enter it to verify the device is recognized.

sudo docker compose up -d; sudo docker exec -it jellyfin bash

Once inside ls /dev/dri to confirm the GPU is recognized inside the container, once you confirm it then you can exit the container.

user@debian:~/compose$ sudo docker exec -it jellyfin bash
I have no name!@jellyfin:/$ ls /dev/dri
renderD128
I have no name!@jellyfin:/$ exit
exit
user@debian:~/compose$

4. On the Jellyfin dashboard go to the hardware acceleration page and follow the notes left by Jellyfin devs.

For a while my GoAccess instance wasn’t working properly so I couldn’t visualize my access logs from Traefik, got lazy trying to fix it and left it as is, well in the meantime I wasn’t lazy enough to setup Synapse and begin federating on my home network.

Finally fixed my GoAccess today to be surprised to see Synapse hits labelled as crawlers, well over a million hits.