Depending on the nature of the sim, it could probably even be done with ~80 GB or less of existing SSD space using zram w/ zstd.

deleted by creator

Please tell me more, which firewall would you recommend that plays nice with Docker?

Firewalld

No NAT?

Another user in this thread suggested DMZing, so combine your advice with theirs and boom. It’s not uncommon, and it’s fine if you firewall the box yourself. Most people don’t knowingly choose to use a firewall that they don’t intend to work, like you would.

why would you copy paste a docker compose without reading it?

There’s more than one way to use docker. Spinning up an official mysql image using the official docker run OR docker compose calls suggested by the docs would start up a server wide open to the entire internet if DMZ’d.

Just to throw out an easy option: if the music is well-labeled on Youtube, you can get pretty close to that full suite with just yt-dlp by using --embed-thumbnail as a stand-in for album art, dumping your files with an “Artist - track - album” naming structure using the --output-template flag — then using an awk or python script as a second pass to add the artist/track/album names to each file as tags.

E: and in case it isn’t self-evident, you don’t have to give yt-dlp a URL for each track; it’ll work fine with a playlist URL.

Yt-dlp is the gold standard for that.

https://github.com/yt-dlp/yt-dlp

Tag cleanup and album art are their own beast that you’ll wanna tackle post-download, but beets is another gold standard tool that can help with that layer.

https://beets.io/

You shouldn’t suggest UFW at all then. There are other firewall options that can be used just fine with docker.

It does have real potential to cause issues, e.g. if OP were to put their server in DMZ mode on their router and later copy some docker setup instructions that don’t explicitly bind to localhost.

This is dangerous advice because docker is well-known for undoing UFW’s iptable rules. It’s mitigated by binding to localhost, but still way too easy for people to shoot themselves in the foot by using the two together.

No need to cargo-cult security practices here, chief. You’re not gonna get pwned by publishing your hardware specs. If you’re planning to build some kinda webapp for yourself, that’s a different story - but you have to fuck up hard to get hacked while hosting raw HTML.

Use an SSH key, disable password auth, make sure you’re firewalled (i.e. test with nmap), and call it a day.

Is there a buried lede here? What’s noteworthy about an RC of a minor version release?

While I’m sure there’s a pre-canned tool out there for you, if you have basic software experience (which you seem to), this is one of those times where it’s usually most efficient to hack together a dumb CGI script and call it a day.

This prompt should get you most of the way there, using your llm of choice:

Write a minimalist cgi script to help upload files to a server. Upon a GET request, serve a light page with a centered form that takes in a file and a submission code. Submission codes will be stored on individual lines of a plaintext file. Adding new codes to this file is out of scope - but the codes will be 8-char hex strings (do validate that submission strings are not empty!). The script should accept the submission as a POST, and save the file to an upload dir if the submission code is valid.

Vet the output, harden as needed, setup a systemd service to serve with busybox httpd, and optionally reverse-proxy. If you’ve done this sorta thing before, you can probably knock it out in a half hour.

This is @Shimitar@downonthestreet.eu‘s work, not mine - but it’s pretty similar to how I’d set things up:

https://wiki.gardiol.org/doku.php?id=networking%3Assh_tunnel

This is a great suggestion!

Lest anyone miss the buried lede, this approach means that traffic is pre-encrypted as it passes through the gateway VPS - so even if your VPS gets hacked, it’s way harder to steal credentials and break into the services running on your home network.

If you’re looking for sympathy, you got it. Fuck the state.

If you’re looking for solutions, use a cheap $5/mo VPS that exists purely as your gateway host. Run everything you want on your home machines, then tunnel the traffic to your gateway and reverse-proxy it there. Your data stays in your hands, you can spin up and expose new services publicly in a matter of minutes, AND your home IP isn’t vulnerable to doxxing or DoS.

Object storage is indeed a specialized filesystem in a trenchcoat.

Object storage is typically (but not always) associated with non-hierarchical key-value lookups, as opposed to the directory tree pattern most file systems use. Object storage systems are also typically (but not always) designed with sharding and distribution in mind.

This is a Jellyfin problem; not a beets problem. You can easily solve it with beets config if you’d like to, though.

The distinction between what you want vs. what you’re getting is that Jellyfin is grouping by the “Artist” tag instead of the “Album Artist” tag. I haven’t touched Jellyfin in years, but look for a builtin setting or alternative view to group by album artist - you’ll almost certainly find it.

If you want to solve it in beets, you can do that through a custom script, the FtInTitle plugin, or a combo of the inline + advancedrewrite plugins. Remember to run a re-import on the Jellyfin side after making your tweaks to the beets pipeline to make your changes show up without duplication.

You are not hosting csam on purpose. And most likely try to moderate as good as possible.

Look up what “strict liability” means in a criminal law context.

You didn’t start by asking a question. You needlessly trashed a helpful suggestion from a place of ignorance, then asked a naive question defensively to mask a lack of knowledge.

That is rude and trollish behavior.

Since it seems like you don’t know much about bash at all, I promise the book will help you.

You can be someone who actually knows what they’re talking about instead of making embarrassing, snarky comments that expose your lack of education on the topic at hand.

Bash has had some nice minor features and syntax sugar added, but the fundamentals are entirely the same. All the examples in the book work just the same today as they did when it was written.

What was added in 4.X or 5.x that you can’t live without? What do you think has changed that merits inclusion?

It’s a 36 y/o language, mate. I still reference my copy all the time, and found it to be a great definitive resource when I was learning.

How many bash 4/5 features are you seriously using on a regular basis? What do you think is out-of-date?