Yeah, I only put specific things there. Management and monitoring things. The services are still local.

I’ve been using a VPS for a while now. I still maintain it, so it’s very much like self hosting.

Self hosting can be stretched to mean you’re hosting your own services on a cloud provider.

Defense in depth for one. It looks like this project is made for protecting your data on cloud storage. I’ve noticed right now there seems to be a lot of projects around using relatively cheap S3 storage solutions.

Just self host the whole thing with Forgejo. I run a few github actions on runners all on my own stuff.

I haven’t used it, but this project looks interesting: https://github.com/dkorecko/PatchPanda

It doesn’t just update you containers, it checks the release notes too.

In a critical environment the UPS only has to last as long as it takes to switch over to a backup generator.

Yeah, people that brag about uptimes are just bragging about the fragility of their infrastructure. If designed correctly you should be able to patch and reboot infrastructure while application availability stays up.

I’ve been using Linux for decades and I’ve never tried Gentoo. Kudos and welcome.

It’s really not. They handle authentication but then everything is sent to your server.

A lot of companies. Don’t forget that IBM was ahead of the game with Watson and Watsonx. Also, don’t forget that Red Hat is owned by IBM and OpenShift is getting big in the AI space allowing GPUs to be pooled and workloads to be scheduled dynamically.

Sure but they’re in the business of consulting on how to build out that AI platform and the business of providing an AI platform.

Okay, you’re missing out on one of the best new self hosted services because of a knee jerk reaction in that case.

Yes, but then you’re on that specific version of nginx. A lot of containers are built using a multi stage build process where the first stage uses a container with build tooling to build the application, then a second stage installs the result. So your end image doesn’t have the build tooling and no way to update. That’s intentional for security reasons. Images are meant to be immutable.

Back into an OCI image? I don’t know if lxc can do that, but podman can. I think it is podman save that allows you to save your current container as an image. Or, even better would be to use buildah. With buildah your expected workflow is to kind of run a container, run a script against that container, then save it at the end. In fact I’m specifically thinking of images I’ve created with buildah as being almost completely useless with this LXC technique. I’ve used the RHEL UBI micro image before and it doesn’t even have a package manager. You actually mount the container to the host and use the host’s package manager to install what is needed and then unmount it to save. It makes a super slim image with as little attack surface as possible.

Right, but these containers are usually not designed to be updated like that. It totally defeats the nature of the OCI image and delivering something that has been tested to work. I’m sure there is a use case for this, but it seems more like a gimmick than a useful feature.

OCI images is very exciting. But, I don’t see any way to keep them updated. You don’t normally do an update on the applications inside an OCI container, you usually rebuild the container on a new image.

Yeah, normally. But I will use their generous free tier at their expense.

Had mine for years at this point. No such problem.

You could have done it for free and easier if you used Oracle Cloud’s free tier and netboot.xyz

https://netboot.xyz/docs/kb/providers/oci