Yes, OP I highly recommend a GL.iNet device. It’s pocket sized and always does the job.

It’s also great for shitty wifi that tries to limit how many devices you can connect. The router will appear as one MAC and then all your other devices can route traffic through it.

As someone who has owned enterprise servers for self-hosting, I agree with the previous comment that you should avoid owning one if you can. They might be cheap, but your longterm ownership costs are going to be higher. That’s because as the server breaks down, you’ll be competing with other people for a dwindling supply of compatible parts. Unlike consumer PCs, server hardware is incredibly vendor locked. Hell, my last Proliant would keep the fans ramped at 100% because I installed a HDD that the BIOS didn’t like. This was after I spent weeks tracking down a disk that would at least be recognized, and the only drives I could find were already heavily used.

My latest server is built with consumer parts fit into a 2U rack case, and I sleep so much easier knowing I can replace any of the parts myself with brand new alternatives.

Plus as others have said, a 1U can be really loud. I don’t care about the sound of my gaming computer, but that poweredge was so obnoxious that despite being in the basement, I had to smother it with blankets just so the fans didn’t annoy me when I was watching TV upstairs. I still have a 1U Dell Poweredge, but I specifically sought out the generation that still let you hack the fan speeds in IPMI. From all my research, no such hack exists for the Proliant line.

Assuming that the disk is of identical (or greater) capacity to the one being replaced, you can run btrfs replace.

https://wiki.tnonline.net/w/Btrfs/Replacing_a_disk#Replacing_with_equal_sized_or_a_larger_disk

I’d recommend BTRFS in RAID1 over hardware or mdadm raid. You get FS snapshotting as a feature, which would be nice before running a system update.

For disk drives, I’d recommend new if you can afford them. You should look into shucking: It’s where you buy an external drive and then remove (shuck) the HDD from inside. You can get enterprise grade disks for cheaper than buying that same disk on its own. The website https://shucks.top tracks the price of various disk drives, letting you know when there are good deals.

What you’re looking for is a revocation key. You can generate one in GPG at the same time that you generate your identity key. The method of securing it is up to you. In your example, a simple way would be to encrypt it with the 5 sequential keys. Or you could break the revocation key up into K parts with Shamir’s secret sharing algorithm.

This example assumes that you’re using existing Web of Trust PKI to manage your public keys: https://stackoverflow.com/questions/59664526/how-the-correct-way-to-revoke-gpg-on-key-server#62644875

Haven’t used it yet, but I’ve been researching authentik for my own SSO.

BTRFS should be stable in the case of power loss. That is to say, it ought to recover to a valid state. I believe the only unstable modes are RAID 5/6.

I’d recommend BTRFS in RAID1 mode over mdadm RAID1 + ext4. You get checksumming and scrubs to detect drive failures and data corruptions. You also have snapshotting, in case you’re prone to the occasional fat-fingered rm -rf.

For backup, maybe a blu-ray drive? I think you would want something that can withstand the salty environment, and maybe resist water. Thing is, even with BDXL discs, you only get a capacity of 100GiB each, so that’s a lot of disks.

What about an offsite backup? Your media library could live ashore (in a server at a friend’s house). You issue commands from your boat to download media, and then sync those files to your boat when it’s done. If you really need to recover from the backup, have your friend clone a disk and mail it to you.

Do you even need a backup? Would data redundancy be enough? Sure if your boat catches fire and sinks, your movies are gone, but that’s probably the least of your problems. If you just want to make sure that the salt and water doesn’t destroy your data, how about:

1. A multi-disk filesystem which can tolerate at least 1 failure
2. Regular utilities scanning for failure. BTRFS scrubs, for example.
3. Backup fresh disks kept in a salt and water resistant container (original sealed packaging), to swap any failing disk, and replicate data from any good drives remaining.
4. Documentation/practice to perform the aforementioned disk replacement, so you’re not googling manpages at sea.

This would probably be cheapest and have the least complexity.

I wouldn’t trust anything like that to the open internet. It would be better to access the system over a VPN when you’re outside the network.

Barony is fun as hell. Engine is FOSS, but the default game assets require purchase.

You’ve laid out one potential development cycle: FOSS from the get-go, and open collaboration welcome.

However, that’s not the only way that a FOSS game might be developed. The code could be freely licensed, but the upstream developers refuse to accept outside patches. In that case, there’s one “original” and then if you don’t like it, build your fork.

Alternatively, a game could be developed entirely in-house under proprietary licenses, and then only made FOSS upon commercial release. Contributor patches could improve the project, but conception of the game would be entirely the domain of its original developers.

Yeah, I believe there’s some kind of bridge mode you must enable on the host’s interface.

As others have said, a reverse proxy is what you need.

However I will also mention that another tool called macvlan exists, if you’re using containers like podman or docker. Setting up a macvlan network for your containers will trick your server into thinking that the ports exposed by your services belong to a different machine, thus letting them use the same ports at the same time. As far as your LAN is concerned, a container on a macvlan network has its own IP, independent of the host’s IP.

Macvlan is worth setting up if you plan to expose some of your services outside your local network, or if you want to run a service on a port that your host is already using (eg: you want a container to act as DNS on port 53, but systemd-resolved is already using it on the host).

You can set up port forwarding at your router to the containers that you want to publicly expose, and any other containers will be inaccessible. Meanwhile with just a reverse proxy, someone could try to send requests to any domain behind it, even if you don’t want to expose it.

My network is set up such that:

• Physical host has one IP address that’s only accessible over lan.
• Containerized web services that I don’t want to expose publicly are behind a reverse proxy container that has its own IP on the macvlan.
• Containerized web services that I do want to expose publicly have a separate reverse proxy container, which gets a different IP on the macvlan.
• Router has ports 80 and 443 forwarding only to the IP address for my public proxy

Ooh! Thanks for the tip! Been looking for some affordable drives for my next system.

I bought a LFF Dell Poweredge back in the fall, and have been waiting on a good deal for 3.5" disks. My current machine is a SFF HP Proliant, and I hate how much a 2.5" drive with good capacity costs.

I’m in a Burning Wheel campaign right now where the main focus has been political intrigue. Burning Wheel has a duel of wits system that’s been a very fun substitute for physical combat. There’s strategy in planning out your turns to counter your opponent. Our characters are all conniving egoists looking after their own personal gain. The DoW system has been a good in-universe system for resolving different character goals inside the party.

There is the Mournhold clutter collector, who gives you a quest to bring him random knick-knacks from around Vardenfell.

As someone who hasn’t played much DnD, but has a bit of experience with other systems: What’s the reason behind not splitting the party? Maybe it’s just the mechanics and rules of the systems I have played, but splitting the party has led to cool emergent stories and opportunities for unexpected drama.

I’ve been trying to include failure techniques from DungeonWorld’s suddenly ogres in my game. It proposes a few neat ideas for consequences of failure that are broadly applicable to many RPG systems.

Eg, in the example above, maybe the Rogue (truthfully or not) blabs that their source was [ancient evil tome forbidden by the paladin’s order]. Now the complication is not that the Paladin disbelieves the rogue’s claim, but that they might question the rogue’s true intentions.

Edit: Or in the example given about landing a plane. An experienced pilot won’t crash 1/20 times, but what if Air Traffic Control did a bad job managing things today? It will take 1h for the plane to be assigned to a gate, but you need to catch the train to Borovia in 1h15.

An award winning surgeon rolls a 1 while giving a routine lecture? The presentation is so fucking boring that half the students fall asleep. Now the surgeon has to deal with the extra office hours of students who don’t understand this part of the curriculum.

Unless they specifically asked me to do this, it would feel like twisting a knife in the player. If they tell me that they feel like the character is too connected to their IRL personality, then turning them into an NPC would make the problem worse. Not only might they still feel like the character is a reflection of themselves, but now they can’t even exercise control over the actions of that character, thus possibly internalizing those actions negatively on themselves. Best case scenario: they think I’m an asshole. Worst case scenario: they take it personally.

There’s some setting in sonarr/radarr, I think it’s called “remote path mapping” or something. If you have different mounted volume paths between the torrent container and sonarr, you need to set this:

Suppose:

• Baremetal host has directory /mnt/myfiles

• Your torrent container mounts /mnt/myfiles/torrent_downloads to /downloads

• Your sonarr container mounts /mnt/myfiles/torrent_downloads to /data/torrent_downloads and /mnt/myfiles/shows is mounted to /data/shows (for copying completed files)

You need a directory mapping to tell sonarr that the path in the torrent container is different from the path sonarr should look. Torrent client says “I have a new show to copy, it’s in /downloads”. Sonarr doesn’t have /downloads, but if you set up the path mapping, it knows that /downloads on the torrent client is actually equivalent to /data/torrent_downloads in sonarr. Thus, in the sonarr container, it copies the file from /data/torrent_downloads to /data/shows.