Containers within a pod can use localhost to access each other. Containers outside of the pod needs to use the pod name to access the containers in the pod.
I looked up when pasta became the default networking backend for rootless and it seems to have been with podman 5.0. I do remember using podman 5.x versions, so I was most likely using pasta.
The reason why I seperated each app into their own network was indeed for security. The only container with access to all the networks is the reverse proxy.
I made a comment on another post a while ago, talking a bit about inter-container/pod networking.
Do you actually need to move the admin ui off of port 80/443 if you are just forwarding ports? I don’t think you need to. That said I actually don’t know much about port forwarding since I use Tailscale because of CGNAT.
My understanding of port forwarding is that you are forwarding connections to your WAN IP/port to a LAN IP/port. Since the router admin ui is available only on LAN by default, you don’t need to change it’s port from 80/443.
You don’t need 2 reverse proxies as others have said. What I did is just add a DNS rewrite entry in my adguardhome instance to point my domain.tld to the LAN IP of my reverse proxy.
I use some generic names.
Yeah obsidian’s pretty nice. I use the daily notes feature built into it for my journal.
I ran a podman quadlet setup as a test some time ago. My setup was a little like this:
If you create a new network in podman you can access other containers and pods in the same network with their name like so container_name:port or pod_name:port. This functionality is disabled in the default network by default. This works at least in the newer versions last I tried, so I have no idea about older podman versions.
For auto-updates just add this in your .container file under [] section:
[Container]
AutoUpdate=registry
Now there’s two main ways you can choose to update:
podman-auto-update.timer to enable periodic updates similar to watchtowerpodman auto-update manually# Check for updates
podman auto-update --dry-run
# Update containers
podman auto-update
If you run adguard home it’s pretty easy. Just add a DNS rewrite to your local IP.
How are you running nginx and immich exactly? With containers or on the host?
I don’t know nixos that much but that looks like nixos configuration to me, so it’s running on the host I assume?
Some feeds I follow
Obsidian with syncthing for syncing between my phone and PC.
For Tailscale you can disable key expiry on select devices.
I use traefik with a wildcard domain pointing to a Tailscale IP for services I don’t want to be public. For the services I want to be publicly available I use cloudflare tunnels.
I think you have a misunderstanding. Restic and Borg checks the integrity of the backup repository and not the files being backed up.
i call it “butter FS”
Yeah quadlets are pretty cool. I have them organized into folders for each pod. podman auto-update is also another pretty nice feature. I don’t use the systemd timer for auto-update. Instead I just do podman auto-update --dry-run to check for updates and update my quadlet files and configs if any changes are required then I run the updates with podman auto-update.
podman-generate-systemd is outdated. The currently supported way to run podman containers using systemd services would be Quadlet files.
https://docs.podman.io/en/latest/markdown/podman-systemd.unit.5.html
Edit: I just saw that you use debian so idk if Quadlets are a thing with the podman version on debian.
Any reason why you use compose and not quadlets?
Here’s another tool to import music metadata to musicbrainz.
https://harmony.pulsewidth.org.uk/