Can’t believe noone mentioned this yet:
Any good password manager encrypts and decrypts your password file client side. The server should not even have the ability to read your passwords.
Even in the case of a leak of all of the server’s data, as long as your password for the manager was good, you’ve got nothing to worry about.
I’d say pick a PW manager where both client and server are open source. Pick a strong passphrase. Enjoy.
Yeah, but no dark magic involved.
The only “magic” parts are two nix modules for handling proper networking and hardware setup, and exposing required attributes to the script.
Works really well, zero manual config (beyond the services you want to run…) required on nix or proxmox side.
Nothing. People fearmonger
Funny - same thing here. Got 3 proxmox hosts running, all virtual machines are NixOS though.
I’d love to go full Nix, but between my GF and I, we kinda split the responsibilities: hardware is hers, applications are mine. And there’s not a chance she’ll give up her Proxmox hosts 😄
Got it automated to a single “provision” command though that will spin up any of my nix VMS unanttended, so I’m happy with that.
Think about it like this:
with ansible, you are responsible for making sure that executing the described steps in the described order leads to the desired result
with nix, you describe what you want your system to look like, and then figuring out how to get there is nix’s problem (or rather, is obvious to nix thanks to nixpkgs)
Better open a package request (or pull request :D) then 😄
No but you see those are people
Yeah but they can at least buy their bullshit, i.e. “we help gut overspending and Make America Great Again”. What’s the supposed mission here? “We help you fap to people that don’t want to he fapped to”?
Oh god I had not even thought about the last part.
Their staff is either 100% male, or a disaster waiting to happen. Probably both. I would not feel safe there that’s for sure.
the Wernher von Braun club
LMAO. Except even dumber, they’re the von Brauns of the “fake illegal nude” world
For some people, definitely. But finding an entire startup worth of those people is (IMO) more difficult/unlikely than at least some of those starting there and talking themselves into not feeling guilty (if not for us, someone else would do it; we are not being as terrible as those others would be; it’s a tool, it’s not our fault people are applying it to minors etc.!; …)
I can not imagine the mental gymnastics of people working for Clothoff
I host it publicly accessible behind a proper firewall and reverse proxy setup.
If you are only ever using Jellyfin from your own, wireguard configured phone, then that’s great; but there’s nothing wrong with hosting Jellyfin publicly.
I think one of these days I need to make a “myth-busting” post about this topic.
OK, add step above: use wildcard certificate for your domain.
Terminating the TLS connection at your perimeter firewall is standard practice, there’s no reason your jellyfin host needs to obtain the certificate.
Actual answer for 3:
All the fear-mongering about exposing jellyfin to the internet I have seen on here boils down to either
(Not saying YOU say that; just preempting the usual folklore typically commented whenever someone suggests hosting jellyfin publicly accessible)
A photo of yourself, naked, in that very shower. With your dick enlarged to a comical size. (Or shrunk.) (Yes this is a gender neutral suggestion.)
Yes. No case. Why would I? I specifically got the phone because it’s quite small, and feels nice in the hand. A case would ruin that.
I also have not dropped any of my phones once in the past ~10 years.
Btw, nice read OP. Always great to see more Nix “in the wild”.