• 0 Posts
  • 46 Comments
Joined 1 year ago
cake
Cake day: July 13th, 2023

help-circle


  • I use Nextcloud with Nginx Proxy Manager and just use NPM to handle the reverse proxy, nothing in Nextcloud other than adding the domain to the config so it’s trusted.

    I use Plex instead of Jellyfin, but I stream it through NPM with no issues. I can’t speak to the tunnel though, I prefer a simple wireguard tunnel for anything external so I’ve never tried it.

    Edit: unless that’s what you mean by tunnel, I was assuming you meant traefik or tailscale or one of the other solutions I see posted more often, but I think one or both of those use wireguard under the hood.


  • The issue is that the docker container will still be running as the LXC’s root user even if you specify another user to run as in the docker compose file or run command, and if root doesn’t have access to the dir the container will always fail.

    The solution to this is to remap the unprivileged LXC’s root user to a user on the Proxmox host that has access to the dir using the LXC’s config file, mount the container’s filesystem using pct mount, and then chown everything in the container owned by the default root mapped user (100000).

    These are the commands I use for this:

    find /var/lib/lxc/xxx/rootfs -user 100000 -type f -exec chown username {} +;
    find /var/lib/lxc/xxx/rootfs -user 100000 -type d -exec chown username {} +;
    find /var/lib/lxc/xxx/rootfs -user 100000 -type l -exec chown -h username {} +;
    find /var/lib/lxc/xxx/rootfs -group 100000 -type f -exec chown :username {} +;
    find /var/lib/lxc/xxx/rootfs -group 100000 -type d -exec chown :username {} +;
    find /var/lib/lxc/xxx/rootfs -group 100000 -type l -exec chown -h :username {} +
    

    (Replace xxx with the LXC number and username with the host user/UID)

    If group permissions are involved you’ll also have to map those groups in the LXC config, create them in the LXC with the corresponding GIDs, add them as supplementary groups to the root user in the LXC, and then add them to the docker compose yaml using group_add.

    It’s super confusing and annoying but this is the workflow I’m using now to avoid having to have any resources tied up in VMs unnecessarily.





  • IIRC from running into this same issue, this won’t work the way you have the volume bind mounts set up because it will treat the movies and downloads directories as two separate file systems, which hardlinks don’t work across.

    If you bind mounted /media/HDD1:/media/HDD1 it should work, but then the container will have access to the entire drive. You might be able to get around that by running the container as a different user and only giving that user access to those two directories, but docker is also really inconsistent about that in my experience.












  • Yes, Apple, like many other corporations, uses FOSS components in their closed source software because it saves them money from free labor. There are also parts that make sense for them to distribute under a free license because they need developers to implement them in their software to work with their OS or browser.

    That doesn’t mean they’re actually benefitting the FOSS community in any way, it just means the FOSS community is benefitting their closed source software for free.