Original artist: https://x.com/CenturiiC

Solid advice. Good to mention too: use btrfs as filesystem for a better experience with Timeshift.

If you have an interest in Arch, I'd recommend starting with a derivative distro like EndeavourOS. It'll give you an easy installation process and a desktop that's ready to use.

Then just use it as your daily driver. You'll eventually run into the occasional issue when package X or Y upgrades and breaks something, learn to fix that, and eventually learn the "ins and outs" of Arch. That's how I started, I went from Mint to Antergos, used that for a while, then when Antergos was discontinued (RIP) I converted my install to "pure" Arch and never looked back.

Suggest your friend to give Eturnal a try maybe. I have it running on an Oracle free tier instance, and I use it daily to have video calls with my family using Synapse/Element (and Jitsi inside Element for group calls), and it works great. The documentation is very good too.

Edit: this is my Eturnal config, for reference:

eturnal: listen: - ip: "::" port: 3478 transport: udp enable_turn: true - ip: "::" port: 3478 transport: auto enable_turn: true - ip: "::" port: 5349 transport: tls enable_turn: true realm: turn.<MY_DOMAIN> tls_crt_file: /etc/letsencrypt/live/turn.<MY_DOMAIN>/fullchain.pem tls_key_file: /etc/letsencrypt/live/turn.<MY_DOMAIN>/privkey.pem tls_options: - no_tlsv1 - no_tlsv1_1 - cipher_server_preference

And the compose file: services: eturnal: container_name: eturnal image: ghcr.io/processone/eturnal:latest environment: ETURNAL_RELAY_MIN_PORT: 49160 ETURNAL_RELAY_MAX_PORT: 59160 ETURNAL_RELAY_IPV4_ADDR: <REDACTED> ETURNAL_RELAY_IPV6_ADDR: <REDACTED> ETURNAL_SECRET: <VERY LONG RANDOM STRING> volumes: - ./eturnal.yml:/etc/eturnal.yml:ro - /etc/letsencrypt:/etc/letsencrypt:ro restart: unless-stopped read_only: true cap_drop: - ALL security_opt: - no-new-privileges:true network_mode: host

I have a bunch of ST6000NM0095 (which are similar specs) in my NAS, and despite already being well used when I got them, so far only one needed to be replaced in nearly 5 years of (my) usage.

My only advice with these is: if you notice a maddening noise coming from them when they're idle, update them to the latest firmware and it'll go away.

Amazing work, these look great!

I don't have the source right now, but I had the same idea not long ago, and the tl;dr is swap on a zvol is a very bad idea. If your system ever runs low on memory and actually needs to do heavy swapping, you're setting yourself up for a catastrophe.

My streaming service (Jellyfin) always has all the seasons of everything. 😉

If they take long or don't resolve it, try the live support chat. I used the chat inside their app to request it and it was unlocked pretty much instantly.

O2 has an on-by-default security filter that blocks all sorts of "bad stuff". For me, it was preventing connecting to any PIA VPN servers. Ping their customer support and they can disable it for you.

Assuming this is an option for you, convert your ext4 partition to btrfs (can be done without data loss) and enjoy having proper snapshot support. Timeshift makes it really easy to automate and manage btrfs snapshots.

This looks about right, I have a similar setup for unauthenticated services here, with the difference that I'm using NGINX Proxy Manager instead of Caddy. The things I would try/check are:

• Make sure you've enabled the proxy provider in the local outpost config in Authentik.
• Declare a common network between the two containers, so that they can communicate without having to go out through the host's IP. This way you can reference the VS Code container directly by its service name in Authentik.
• I'm not familiar with Caddy, but I would also try changing the code.test.example.com entry to point directly to Authentik's IP and port (in other words, both entries would look the same). In the config your posted, it seems like Caddy is redirecting through itself.