Dran

People shit on it but there’s a lot of good open-source tooling that supports it.

There are nist l1 profiles

Tutorials and guides for everything

etc

Part of being a good sysadmin is knowing when not to reinvent the wheel. Ubuntu has a lot of options for vetted, hardened, “other people’s wheels.”

Also, for posterity, the competent ones are running the headless, server version of Ubuntu. (As opposed to the bloated mess that is Ubuntu Desktop). The server version catches a lot of flack it doesn’t deserve.

Code rewrites are always going to have growing pains. Rewriting gnu-corrutils in rust is a noble effort.

Microvms or containers could give you external control of the networking. Then you would put whatever you want behind warp inside the warp container/vm.

+1 to this observation. I run zfs arrays at both home and work and it’s way more likely that your controller is flaking than you have that many simultaneous drive failures.

The unfortunate reality though is that you can’t trust the current copy of this data, even the snapshots, unless the restore passes a scrub post-restore.

Depending on when you were born: Class of '09

I’m not sure how it would hit for non-millenials but if you went to school in the early aughts the entire series is great.

The simpler the arbitrary string/blob parsing logic the less this happens

https://app.opencve.io/cve/?product=grub2&vendor=gnu

I agree with you that it’d be nice if the cuts were a little shallower and allowed for an encrypted boot partition, but you could still have the system reasonably secure by encrypting the data partitions and signing the entire boot process to detect and abort decryption if the boot partition doesn’t match signatures. You already have to do this with the efi partition if you’re particularly paranoid about that attack vector, so this really isn’t a new one.

If caddy is acting as a proxy for anything, you should not need to forward that port externally. Local host firewalls allowing traffic on your local network is sufficient.

Depending on your physical host layout you may be looking at an issue with nat reflection.

You have not given us enough about your topology to assist in troubleshooting.

There are a few devs who seem to do it right. Slay the spire 2 is stable, complete, and reasonably balanced in it’s current state.

If the game didn’t get another update after today id still feel like I got my money’s worth.

It definitely can be disabled post-install but is much simpler to install without it at install-time, and has the added benefit of not pulling 2-5gb of other things that won’t be relevant to your use case. It’s not that the disk waste is that big of a deal, but any issues you run into will be that much easier to troubleshoot with fewer moving parts.

That wasn’t quite the takeaway I was going for. You can get a lot done on 8gb of ram. I was just trying to point out that it would probably be your first bottleneck as you started to scale out, and that you should consider using the server headless to make the ram you have go that much further.

All of those would be perfectly cromulent nodes for small containers. The first issue you’ll run into is the low ram. Some homelab projects would cause you to exceed 8gb, but the good news is if you’re using an external backend via NFS, you can always scale out (more nodes) or up(more compute per node,) later with minimal headache.

If you’re going to be memory constrained, don’t waste 1-2gb on a gui, install Ubuntu/Debian/whatever headless

Have you played Baulder’s gate 3 and expedition 33 yet?

What is the flag for this?

CGNAT does have a designated range by spec. 100.64.0.0/10, which covers addresses from 100.64.0.0 to 100.127.255.255. Technically they could be using any other private address space but it would be very uncommon in a modern ISP.

I suspect the difference in experiences is more due to x11/pulse(my custom systems) vs Wayland/pipewire(bazzite) than it is any particular GPU vendor or driver branch. Which I guess is a roundabout way of saying

Maybe?

Judging by the protondb entry on CS2 I strongly suspect I would have at least the audio issue regardless of gpu.

Appreciate the recommended fixes. I did find similar and was able to work through some of the issues with CS2 but I did that on instinct, and it wasn’t until I was halfway through troubleshooting game 2 of 2 attempted that I realized it wasn’t where I needed it to be for a remote support hand-me-down.

I did briefly entertain the idea of setting up rustdesk on it but the atomic nature + Wayland made unattended (read: “help I broke it and I can’t log in”) not really viable. By the time I got to “hrm, I could probably set up a reverse ssh tunnel into my homelab for persistent support?” I decided windows was probably the play here.

Like the other guy said I think this is a bazzite-induced problem. I have other Linux systems at home. My daily driver and my wife’s daily driver are both highly custom Ubuntu server derivatives, we both have Nvidia GPUs (3050, 5070), and neither of us have similar issues.

The reason I wanted to try bazzite was that I didn’t want to remotely support something super custom.

I just went to repurpose some old hardware for my nephew (4790k + 32gb ddr3 + rtx 3050) which I thought would make a very passable bazzite box. I put 2 drives in the test rig, one with bazzite Nvidia + kde and one with win11 running with the rufus tpm bypass hacks.

CS2 ran at ~40fps in bazzite with no sound once you got in game, win11 ran at ~100

Helldivers2 ran at ~50fps in bazzite with constant frame drops even after letting it precompile shaders. On windows it was a very playable 70fps.

I mainline Linux myself and I wanted bazzite to be the set-and-forget answer but it really wasn’t. I can’t in good faith hand that build over to an 12 year old with bazzite and that was super disappointing.

It’s much simpler than that actually. Nvidia makes a lot of money in feature licensing, particularly GRID/vgpu. If they fully open-sourced the driver they would have no method of enforcing license restrictions.

Unattended-upgrade does security-only patching once every 4 hours (in rough sync with my local mirror)

Full upgrades are done weekly, accompanied by a reboot

I find that the split between security patching and feature/bug patching maintains a healthy balance knowing when something is likely to break but never being behind on the latest cve.