@vegetaaaaaaa@lemmy.world avatar

vegetaaaaaaa

@vegetaaaaaaa@lemmy.world

gitlab.com/nodiscc/ · github.com/nodiscc/

This profile is from a federated server and may be incomplete. For a complete list of posts, browse on the original instance.

vegetaaaaaaa , (edited ) to Selfhosted in Now that vmware is over, what should I move to?
@vegetaaaaaaa@lemmy.world avatar

In my experience and for my mostly basic needs, major differences between libvirt and proxmox:

  • The "clustering" in libvirt is very limited (no HA, automatic fencing, ceph inegration, etc. at least out-of-the box), I basically use it to 1. admin multiple libvirt hypervisors from a single libvirt/virt-manager instance 2. migrate VMs between instances (they need to be using shared storage for disks, etc), but it covers 90% of my use cases.
  • On proxmox hosts I let proxmox manage the firewall, on libvirt hosts I manage it through firewalld like any other server (+ libvirt/qemu hooks for port forwarding).
  • On proxmox I use the built-in template feature to provision new VMs from a template, on libvirt I do a mix of virt-clone and virt-sysprep.
  • On libvirt I use virt-install and a Debian preseed.cfg to provision new templates, on proxmox I do it... well... manually. But both support cloud-init based provisioning so I might standardize to that in the future (and ditch templates)
vegetaaaaaaa , to Selfhosted in Now that vmware is over, what should I move to?
@vegetaaaaaaa@lemmy.world avatar

/thread

This is my go-to setup.

I try to stick with libvirt/virsh when I don't need any graphical interface (integrates beautifully with ansible [1]), or when I don't need clustering/HA (libvirt does support "clustering" at least in some capability, you can live migrate VMs between hosts, manage remote hypervisors from virsh/virt-manager, etc). On development/lab desktops I bolt virt-manager on top so I have the exact same setup as my production setup, with a nice added GUI. I heard that cockpit could be used as a web interface but have never tried it.

Proxmox on more complex setups (I try to manage it using ansible/the API as much as possible, but the web UI is a nice touch for one-shot operations).

Re incus: I don't know for sure yet. I have an old LXD setup at work that I'd like to migrate to something else, but I figured that since both libvirt and proxmox support management of LXC containers, I might as well consolidate and use one of these instead.

vegetaaaaaaa , to Selfhosted in How would I automate (VM/LXC)-agnostic templates in Proxmox without creating golden images?
@vegetaaaaaaa@lemmy.world avatar

I see, agree with you that it should be supported by the terraform provider if it is at the VM .conf level... maybe a new attribute in https://registry.terraform.io/providers/Telmate/proxmox/latest/docs/resources/vm_qemu#smbios-block? I would start by requesting this feature in https://github.com/Telmate/terraform-provider-proxmox/issues, and maybe try to add it yourself? (scratch your own itch, fix it for everyone in the process). Good luck

vegetaaaaaaa , to Selfhosted in How would I automate (VM/LXC)-agnostic templates in Proxmox without creating golden images?
@vegetaaaaaaa@lemmy.world avatar

I was under the impression that cloud-init could only really be used to run commands inside the guest?

Yes that's correct, I didn't realize you had something to do outside the guest to enable it. What exactly? How do you solve it manually for now?

vegetaaaaaaa , to Selfhosted in How would I automate (VM/LXC)-agnostic templates in Proxmox without creating golden images?
@vegetaaaaaaa@lemmy.world avatar

I would have liked for this to be possible directly through Terraform

Is it this proxmox provider? It does allow specifying cloud-init settings: https://registry.terraform.io/providers/Telmate/proxmox/latest/docs/resources/cloud_init_disk. So you can use runcmd or similar to do whatever is needed inside the host to enable Intel SGX, during the terraform provisioning step.

AppArmour support for VMs, which is a secure enclave too (if I understand correctly).

Nope, Apparmor is a Mandatory Access Control (MAC)) framework [1], similar to SELinux. It complements traditional Linux permissions (DAC, Discretionary Access Control). Apparmor is already enabled by default on Debian derivatives/Ubuntu.

vegetaaaaaaa , to Selfhosted in How would I automate (VM/LXC)-agnostic templates in Proxmox without creating golden images?
@vegetaaaaaaa@lemmy.world avatar

I would check enabling it from cloud-init and/or during an initial provisioning step using ansible

vegetaaaaaaa , to Selfhosted in A list of Free Software network services and web applications which can be hosted on your own servers
@vegetaaaaaaa@lemmy.world avatar

awesome-selhosted maintainer here. This critique comes up often (and I sometimes agree...) but it's hard to properly "fix":

Any rule that enforces some kind of "quality" guideline has to be explicitly written to the contribution guidelines to not waste submitters' (and maintainers) time.

As you can see there are already minimal rules in place (software has to be actively maintained, properly documented, first release must be older than 4 months, must of course be fully Free and Open-source...). Anything more is very hard to word objectively or is plain unfair - in the last 7 years (!) maintaining the list I've spent countless hours thinking about it.

For example, rejecting new projects because an existing/already listed one effectively does the same thing would give an unfair advantage to older projects, effectively "locking out" newer ones. Moreover, you will rarely find two projects that have the exact same feature set, workflow, release frequency, technical requirements... and every user has different needs and requirements, so yeah, users of the list are expected to do some research to find the best solution to their particular needs.

This is of course, less true for some categories (why are there so many pastebins??). But again, it's hard to find clear and objective criteria to determine what deserves to be listed and what does not.

If we started rejecting projects because "I don't have a need for it" or "I already use a somewhat equivalent solution and am not going to switch", that would discard 90% of entries in the list (and not necessarily the worst ones). I do check that projects being added are in a "production-ready" state and ask more questions during reviews if needed. But it's hard to be more selective than we already are, without falling in subjective "I like/I don't like" reasoning (let's ban all Nodejs-based projects, npm is horrible and a security liability. Let's also ban all projects that are so convoluted and impossible to build and install properly that Docker is the only installation option. Follow my thoughts?)

Also, Free Software has always been very fragmented, which is both a strength and a weakness. The list simply reflects that.

Another idea I contemplated is linking each project to a "review" thread for the software in question. But I will not host or moderate such a forum/review board, and it will be heavily brigaded by PR departments looking to promote their companies software.

A HTML version is coming out soon (based on the same data) that will hopefully make the list easier to browse.

I am open to other suggestions, keeping in mind the points above...

250+ self hostable apps

1268 exactly.

You can help cleaning up the list of unmaintained projects by working on this issue

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • test
  • worldmews
  • mews
  • All magazines
    •