Edit: When you say you did it manually, what do you mean exactly?

Check dmesg output when after the wifi drops and see what the kernel is doing. That could inform your decision. I have an old asus that started having a bunch of wifi bugs too, and I’m pretty sure they made some updates to iwlwifi. No solution though, I dont really care because that machine barely gets any use. Wifi always works perfect if I stay on a tty and don’t enter a graphical session.

That being said I wouldn’t choose fedora for an older relative unless they were really into computers. While it has become more stable in recent years, they do break things from time to time.

If you do decide to keep them on fedora, maybe try an atomic version. That way when things break you can just roll back with no issues and pin the working deployment. Chances are they just want a web browser and libreoffice so the learning curve wouldn’t really matter to them.

I think it’s cool that I can take that config and drop it into kubernetes and it usually just works. I don’t have a cluster anymore, but if I decide to use one in the future, the overhead will be negligible

Sure thing, I’ll edit this reply when I get back to my computer. Just note that I also have a tailscale and nginx container in the pod which are not necessary.

You’ll see my nginx config which reverse proxies to the port the service is running on. On public servers I have another nginx running with SSL that proxies to the port I map the pod’s port 80 to.

I usually run my pods as an unpriviledged user with loginctl enable-linger which starts the enabled systemctl --user services on boot.

All that being said I haven’t publically exposed linkwarden yet, mainly because it’s the second most resource intensive service I run and I have all my public stuff on a shitty vps.

Edit: My opsec is so bad hahaha

Edit2: I just realized the caps I gave were to the tailscale container, not the linkwarden container. Linkwarden can run with no caps :)

I added the tailscale stuff back

files:

linkwarden-pod.kube:

[Install]
WantedBy=default.target

[Kube]
# Point to the yaml in the same directory
Yaml=linkwarden-pod.yml
PublishPort=127.0.0.1:7777:80
AutoUpdate=registry

[Service]
Restart=always

linkwarden-pod.yml:

---
apiVersion: v1
kind: Pod
metadata:
  name: linkwarden
spec:
  containers:
    - name: ts-linkwarden
      image: docker.io/tailscale/tailscale:latest
      env:
        - name: TS_HOSTNAME
          value: "link"
        - name: TS_STATE_DIR
          value: /var/lib/tailscale
        - name: TS_AUTHKEY
          valueFrom:
            secretKeyRef:
              name: ts-auth-kube
              key: ts-auth
      volumeMounts:
        - name: linkwarden-ts-storage
          mountPath: /var/lib/tailscale
      securityContext:
        capabilities:
          add:
            - NET_ADMIN
            - SYS_MODULE

    - name: linkwarden
      image: ghcr.io/linkwarden/linkwarden:latest
      env:
        - name: INSTANCE_NAME
          value: link.mydomain.com
        - name: AUTH_URL
          value: http://linkwarden:3000/api/v1/auth
        - name: NEXTAUTH_SECRET
          value: LOL_I_JUST_PUBLISHED_THIS_I_CHANGED_IT
        - name: DATABASE_URL
          value: postgresql://postgres:password@linkwarden-postgres:5432/postgres
        - name: NEXT_PUBLIC_DISABLE_REGISTRATION
          value: "true"

    - name: linkwarden-nginx
      image: docker.io/library/nginx:alpine
      volumeMounts:
        - name: linkwarden-nginx-conf
          subPath: nginx.conf
          mountPath: /etc/nginx/nginx.conf
          readOnly: true

    - name: linkwarden-postgres
      image: docker.io/library/postgres:latest
      env:
        - name: POSTGRES_PASSWORD
          value: "password"
      volumeMounts:
        - name: linkwarden-postgres-db
          mountPath: /var/lib/postgresql/data

  volumes:
    - name: linkwarden-nginx-conf
      configMap:
        name: linkwarden-nginx-conf
        items:
          - key: nginx.conf
            path: nginx.conf
    - name: linkwarden-postgres-db
      persistentVolumeClaim:
        claimName: linkwarden-postgres-db-claim
    - name: linkwarden-ts-storage
      persistentVolumeClaim:
        claimName: linkwarden-ts-pv-claim

---
apiVersion: v1
kind: ConfigMap
metadata:
  name: linkwarden-nginx-conf
data:
  nginx.conf: |
    #user  nobody;
    worker_processes  1;
     #pid        logs/nginx.pid;


    events {
        worker_connections  1024;
    }


    http {
        include       mime.types;
        default_type  application/octet-stream;


        sendfile        on;

        #keepalive_timeout  0;
        keepalive_timeout  65;

        gzip  off;

        # set_real_ip_from cw.55.55.1;
        real_ip_header X-Forwarded-For;
        real_ip_recursive on;

        server {
            listen       80;
            server_name  _;

            location / {
                    proxy_pass http://localhost:3000/;

                    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                    proxy_set_header X-Forwarded-Port $server_port;
                    proxy_set_header X-Forwarded-Scheme $scheme;
                    proxy_set_header X-Forwarded-Proto  $scheme;
                    proxy_set_header X-Real-IP $remote_addr;
                    proxy_set_header Accept-Encoding "";
                    proxy_set_header Host $host;
            }
        }
    }

I also have a little helper script you might like

copy.sh:

#!/bin/bash

SYSTEMD_DIRECTORY="${HOME}/.config/containers/systemd"
POD_NAME="linkwarden-pod"

mkdir -p "$SYSTEMD_DIRECTORY"
cp "${POD_NAME}".{kube,yml} "${SYSTEMD_DIRECTORY}"/

systemctl --user daemon-reload

So I have mine running in a podman quadlet. It runs as root in the container but it is unpriviledged. Mine has NET_ADMIN and SYS_MODULE but I honestly can’t remember why… SYS_ADMIN seems extreme though

Edit: I’m dumb, and the linkwarden container has no capabilities set. I set them for the tailscale container which definitely needs it.

Holy shit I had no idea until I read your comment. I thought “surely they will have respected all of my opt outs”. I guess this is my last samsung phone lol

Do you know what a shitpost is?

Here’s a cool video about it

https://yewtu.be/watch?v=kbKtFN71Lfs

Edit:

Meant to reply to msfroh, oops

I would 👀

Cause money :(

I’ve put about 100 hours into Pathfinder wrath of the righteous over the past couple months and I think I like it better than BG3 tbh.

They do a great job with the large scale world. I was getting ready to try 40k but I think I’m gonna wait for this.

Clarification: The 9 book series is complete and much better than the show. There are also 9 novellas to fill in the blanks like Amos’s childhood. So fucking good.

I’ve never heard of this comic book you speak of.

There is also a TTRPG that is also quite fun and includes a lengthy section on orbital mechanics for the needs.

osx showed me that windows sucked ass. It showed me that the terminal could be useful. It’s at least UNIX like.

What you want is an OEM install. Ubuntu and mint have them. Note sure what others do.

Damn I had no idea, you made my day

Yes

https://github.com/Pranshul-Thakur/DOOM-in-excel

Today I learned I’m a masochist

The boy is now in residential care without access to social networks, with specialized educators and regular visitation rights for his parents, the prosecutor told AP.

https://wiki.archlinux.org/title/Fcitx5#Integration

You may have an uphill battle here. What DE are you using?

👍

Idk that much about bazzite, but I’ve been running silverblue/kinote for awhile. /home shouldn’t be read only. Same for /etc and /var. Can you create any files in $HOME OR $HOME/.config/ ?