sunstoned

sunstoned, 16 days ago

Ma-trix! Ma-trix!

sunstoned, 18 days ago

A rich person runs NixOS (for the military contracts apparently)

sunstoned, 18 days ago

Wrong™ in 100 seconds

sunstoned, 17 days ago

Wild how you happened to have this totally original idea days after this exact diagram structure was in a video posted by a channel with 3M subscribers :) crazy coincidence

sunstoned, 18 days ago

There’s something to practicing with the operating system family that most big commercial outfits use. Plus SELinux is neat, and there’s no Canonical ads.

I use Fedora with home-manager, btw. After using Arch and Debian for years I really think Fedora (or adjacent like Nobara) is on its way to being the de facto starter distro.

sunstoned, 18 days ago

I was going to say Guix but I’ve always been a little Gentoo curious

sunstoned, 18 days ago

My favorite line in the fireship video this is from goes something like “FreeBSD is the real answer but I like being able to Google things”

sunstoned, 24 days ago

Avoid AMD? Why do you say that?

sunstoned, 1 month ago

You beat me to it! I have the same setup. Did you have any issues with the 39->40 update? It broke my icons in plasma

sunstoned, 1 month ago

I use my Framework 13 (Intel 12th gen) for some heavy CPU workloads and it’s been a champ! For the balance of quality, performance, cost, and repairability I really don’t think it can be beat.

sunstoned, 1 month ago

Does anyone know of a good alternative for Android?

Right now I just use Antennapod, but it would be nice to get chapters and whatnot built in.

sunstoned, 1 month ago

Ooh, I’ll definitely check out Voice!

I’m more of a desktop Jellyfin container person myself, but all roads lead to Rome in this case :) thanks for the input!

sunstoned, 1 month ago

My solution is to use Rathole. I rent a wildly cheap (2 core, 4GB memory) VPS and basically just run Traefik there. Then I use Rathole to make some services hosted on my desktop available to Traefik.

I like this solution better than Wireguard for my application. It reduces attack surface to services you’ve explicitly set up, rather than a full data layer trunk between your machine and a potential malicious actor.

sunstoned, 1 month ago (edited 1 month ago)

To add on to this already good description, wanted to give my $0.02 on the notion of apps.

The only way it might seem like you lose app(lication shortcut)s might be if a tool other than GNOME’s built in search is looking in a different directory, likely based off of an environment variable.

By default, hyprland doesn’t come with an equivalent to GNOME search. I use wofi to get similar functionality, but there are many tools that can do the job. Just make sure they’re looking in the right place or launch things manually from a terminal and you’ll be all set!

sunstoned, 1 month ago

Agreed. That said, with a few remotes and a cron job git could facilitate “duct tape and zip ties” federation.

sunstoned, 1 month ago

I tend to not use the webui, so I prefer the similarly useful combination of Debian + Incus (spawned from the LXC project).

Sure, HA isn’t baked into Incus (to my knowledge) but similar to OP I only have one physical box and don’t necessarily care to manage multiple.

That being said, Proxmox is a good solution in the scheme of things and generally a good recommendation.

sunstoned, 1 month ago

My $0.02:

NixOS is excellent, and actually pretty easy if you’re not trying to do anything fancy (running all services under a single user, etc.). Personally this is my pick because I primarily host services for myself, so down time in exchange for learning a new thing is acceptable.

As I mentioned elsewhere, Debian + Incus is a great minimal and rock solid solution for longer standing services. Although, it’s not composeable :(

More directly to your preferences, I would also recommend considering Rocky. Being in the RHEL ecosystem has its perks (especially with rootless support for podman and podman-compose). I’m also generally a fan of SELinux. Rocky is a little less bleeding edge than Fedora with many of the same conveniences and recent packages. In my mind, for my purposes, that makes it a better choice than Fedora for a server OS.

sunstoned, 1 month ago

Agreed! I’m pretty psyched about their transparency and the overall model. Especially in the universe where this Apple lawsuit results in Beeper being allowed to connect to iMessage again.

Would love to hear any results you find with hosting! I’ll give it a try too and maybe do a follow on post with what I learn.

sunstoned, 1 month ago

That’s a cool solution! I’d be interested in making a nix flake to do something similar to that Ansible project. Thanks for linking!!

sunstoned, 1 month ago

Hm, so it’s encrypted from your beeper client to the bridge, decrypted, then re-encrypted with the outgoing platform’s protocol. Seems like a good reason to host your own bridge, and a good call on it being a glaring attack surface.

Seems like the secret sauce is in how they deal with messaging platform integrations? Maybe the goal is to avoid another iMessage lawsuit. With Beeper as a proof of concept it would be cool to start adding integrations in a fully open source way (legality permitting)

sunstoned, 1 month ago

Heh, ligma. Nice.

sunstoned, 1 month ago (edited 1 month ago)

nix develop is going to change your workflow. Don’t fear the flake my friend :)

sunstoned, 1 month ago

In my head they’re different use cases. Nix is amazing for a living build. Ansible is more pigeon-holed to production systems where you don’t want (or need) that history baked into every system

sunstoned, 1 month ago (edited 1 month ago)

Try this, friend

Tap for spoilernix { config, pkgs, … }: let lock-false = { Value = false; Status = “locked”; }; lock-true = { Value = true; Status = “locked”; }; in { /* ** ffextid ** Usage: ffextid [install_url] ** Description: simple script to find the extension id from an extension’s manifest ** using the url found by right clicking the install add-on button and ** selecting “copy link” */ home.packages = with pkgs; [ (pkgs.writeShellScriptBin “ffextid” ‘’ #!/usr/bin/env bash $(curl $1 > /tmp/ffext.xpi) 1> /dev/null $(unzip /tmp/ffext.xpi -d /tmp/ffext) 1> /dev/null # If ripgrep exists, use that. Otherwise default to grep if ! command -v rg &> /dev/null; then rg id /tmp/ffext/manifest.json else grep id /tmp/ffext/manifest.json fi rm -rf /tmp/ffext* ‘’) ]; programs = { firefox = { enable = true; package = pkgs.wrapFirefox pkgs.firefox-unwrapped { extraPolicies = { DisableTelemetry = true; # add policies here… /* ---- EXTENSIONS ---- */ ExtensionSettings = { “*”.installation_mode = “blocked”; # blocks all addons except the ones specified below /* Format: “[Manifest id]” = { installation_mode = “force_installed” # will install the extension for you! install_url = “[url]” # found by right clicking the install button on the add-on page }; */ # uBlock Origin: “uBlock0@raymondhill.net” = { installation_mode = “force_installed”; install_url = “https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi”; }; # Privacy Badger: “jid1-MnnxcxisBPnSXQ@jetpack” = { install_url = “https://addons.mozilla.org/firefox/downloads/latest/privacy-badger17/latest.xpi”; installation_mode = “force_installed”; }; # Bitwarden “{446900e4-71c2-419f-a6a7-df9c091e268b}” = { installation_mode = “force_installed”; install_url = “https://addons.mozilla.org/firefox/downloads/file/4225453/bitwarden_password_manager-2024.1.1.xpi”; }; # XBrowserSync “{019b606a-6f61-4d01-af2a-cea528f606da}” = { installation_mode = “force_installed”; install_url = “https://addons.mozilla.org/firefox/downloads/file/3546070/xbs-1.5.2.xpi”; }; # Decentraleyes “{jid1-BoFifL9Vbdl2zQ@jetpack}” = { installation_mode = “force_installed”; install_url = “https://addons.mozilla.org/firefox/downloads/file/4158232/decentraleyes-2.0.18.xpi”; }; # Clear URLs “{74145f27-f039-47ce-a470-a662b129930a}” = { installation_mode = “force_installed”; install_url = “https://addons.mozilla.org/firefox/downloads/file/4064884/clearurls-1.26.1.xpi”; }; #Dark Reader “addon@darkreader.org” = { installation_mode = “force_installed”; install_url = “https://addons.mozilla.org/firefox/downloads/file/4223104/darkreader-4.9.76.xpi”; }; # Cookie AutoDelete “CookieAutoDelete@kennydo.com” = { installation_mode = “force_installed”; install_url = “https://addons.mozilla.org/firefox/downloads/file/4040738/cookie_autodelete-3.8.2.xpi”; }; # I don’t care about cookies “jid1-KKzOGWgsW3Ao4Q@jetpack” = { installation_mode = “force_installed”; install_url = “https://addons.mozilla.org/firefox/downloads/file/4202634/i_dont_care_about_cookies-3.5.0.xpi”; }; # Youtube Sponsor Block “sponsorBlocker@ajay.app” = { installation_mode = “force_installed”; install_url = “https://addons.mozilla.org/firefox/downloads/file/4229442/sponsorblock-5.5.4.xpi”; }; # add extensions here… /* “” = { installation_mode = “force_installed”; install_url = “”; }; */ }; /* ---- PREFERENCES ---- */ # Set preferences shared by all profiles. Preferences = { “browser.contentblocking.category” = { Value = “strict”; Status = “locked”; }; ### BOOLEANS “extensions.pocket.enabled” = lock-false; “extensions.screenshots.disabled” = lock-true; “privacy.donottrack.heater.enable” = lock-true; “browser.compactmode.show” = lock-true; # add global preferences here… }; }; }; /* ---- PROFILES ---- */ # Switch profiles via about:profiles page. # For options that are available in Home-Manager see # https://nix-community.github.io/home-manager/options.html#opt-programs.firefox.profiles profiles ={ sunstoned = { # choose a profile name; directory is /home/<user>/.mozilla/firefox/profile_0 id = 0; # 0 is the default profile; see also option “isDefault” name = “sunstoned”; # name as listed in about:profiles isDefault = true; # can be omitted; true if profile ID is 0 settings = { # specify profile-specific preferences here; check about:config for options “browser.newtabpage.activity-stream.feeds.section.highlights” = false; “browser.startup.homepage” = “https://nixos.org”; “browser.newtabpage.pinned” = [{ title = “NixOS”; url = “https://nixos.org”; }]; # add preferences for profile_0 here… }; }; # add profiles here… }; }; }; }