Did you know that a whole two characters can make the difference between removing your entire database when shutting down a service? docker compose down -v will remove the volumes associated with the compose project, even if you specify a specific service that doesn't use the volumes.
Take, for example, a frontend and backend, where the backend has a SQL database that relies on a volume to persist changes.
Suppose for whatever reason the frontend also has a volume (possible a redis database?); suppose you want to remove the volume only for that frontend.
One (I) might (did) assume that specifying the frontend service in the compose down command would only remove the volumes associated with said service (i.e. composing down the frontend should only remove volumes that the frontend uses).
Apparently this was incorrect. Running docker compose down -v frontend removes all volumes declared in that compose file.
This can be absolutely catastrophic to people that aren't prepared; novices that aren't familiar with docker, volumes, or back ups.
Thankfully, however, I setup automatic daily backups (and-conveniently, this happened only two hours after the daily backup), meaning I was able to trivially restore these docker volumes within five minutes.
sudo restic -r /mnt/usb/backups/ restore latest -i "/var/lib/docker/volumes/*" --target foo
Having progressive, frequent, and reliable backups has so far saved me twice from my own fuckups. I once unintentionally removed a .gitignore, which wasn't source tracked for whatever reason; and now this. Thank god for restic.
Recently, I've delved down the rabbit hole of customizing my Framework 13 laptop's software. I originally started out using NixOS, and of course had my configuration files source-tracked. But, I eventually grew tired of its consistency and reliability; I decided I wanted something more exciting, a new hobby and project to truly have to maintain.
Enter Arch Linux; I'm no expert on Linux distributions (let alone Linux), but Arch is known for being somewhat cutting-edge and customizable. Perfect for someone that is bored.
I had a few ideal requirements for my distribution:
- I want a minimal TTY environment by default
- I want to be able to easily launch a DE when desired
- I want it secure, encrypted, and with support for both Yubikey and the Fingerprint reader
Installation
I consider most Linux distributions nowadays to be similar to different chocolate companies: all the same, with very minor flavor differences. Arch, frankly, doesn't seem that much different. The installation process has been fairly streamlined with the archinstall project, though I ended up re-installing and doing the manual install roughly four times just to get it correct.
Security
A tricky part I found was being able to use my Yubikey for encrypting / decrypting the hard drive. Though there are (apparently) better (and more proper) ways of going about this, I ended up simply having 2 LUKS2 keys for my drive. The first one being a passphrase that I've entirely memorized (roughly 32 characters). Of course, having to type this every time I restarted my laptop would get tedious (and I often made a common typo). Thankfully, the Yubikey I have supports having a 'static' password, wherein it acts as a simple USB keyboard and repeats that password.
Thus, the second key for the drive is a much shorter and easier to type password (~16 characters), combined with the static password.
Post-Install
Once I had Arch installed, it was a simpler matter of setting up basic preferences. Dank Linux has recently released 1.0 of DankMaterialShell. Curling and running the install script allowed me to both keep the TTY session by default, and simply running niri-session once logged in quickly booted up the DE.
Bluetooth and Power Profiles
With that, I achieved all three of the things I wanted. To ensure no sane person would try to get into my laptop, I've configured logging in and sudo to require my password and one of either the fingerprint or Yubikey. This is assuming they've decrypted the hard drive in the first place. Lastly, ensuring that whenever I close the laptop lid I'm signed out (either within niri or within the simple TTY) allows me to be fairly confident that my data is safe. Oh, and bind Ctrl + Alt +Del to reboot, just for funsies.
Recently I tried looking into getting Discourse setup on a homelab server. Unfortunately, the project has a heavily customized installation / launcher script, resulting in this venture spanning roughly a week.
I did eventually manage to get it setup behind Cloudflare, and for posterity sake figured I'd detail the troubleshooting I had to go through:
Launcher Refusing to Progress Past Port Check
Launch the setup script with --skip-connection-test (found here).
Website Not Accessible Through Tunnel
Ensure the Rocket Loader is disabled.
Appending - "templates/cloudflare.template.yml" to the templates breaks it
Ensure that you've appended that line; the order of the templates does matter.
MailJet Suspending / Preventing Emails
I couldn't figure this out, but Brevo worked flawlessly.
I've debated whether or not there is any merit in making a blog. Countless times it likely could come in handy, though moreso for myself than others. Nonetheless, it might be a handy place to jot down personal ventures, conquests, and issues. With this platform, I hope to achieve:
- An improvement on my ability to document things
- A knowledge-base of the niche problems I run in to
- A convenient place to post about my life
For those that are interested, great! For those that aren't, also great.