O have a very similar setup but have a couple of questions if you don’t mind me asking, what did you used for OAuth? and where is it running? I tried athelia on the VPS but had some problems I can’t remember now and decided it wasn’t worth the time at the time, but probably should set it up.
I’ll try to ELI5, if there’s something you don’t understand ask me.
Op has a home server where he’s running immich, that’s only accessible when he’s at home via the IP, so something like http://192.168.0.3:3000/, so he installed Tailscale on that server. Tailscale is a VPN (Virtual Private Network) that allows you to connect to your stuff remotely, it’s a nice way to do it because it is P2P (peer-to-peer) which means that in theory only he can access that network, whereas if he were using one of the many VPNs people use for other reasons, other people on the same VPN could access his server.
Ok, so now he can access his immich instance away from home, all he has to do is connect to the VPN on his phone or laptop and he’ll be able to access it with something like http://my_server:3000 since Tailscale adds a DNS (Domain Name System) which resolves the hostnames to whatever IP they have on the Tailscale network.
But if you want to give your family access it’s hard to explain to them that they need to connect to this VPN, so he rented a VPS (Virtual Private Server) on some company like DigitalOcean or Vultr and connected that machine to the Tailscale network. He probably also got a domain name from somewhere like namecheap, and pointed that domain name to his VPS. Só now he can access his VPS by using ssh user@myserver.com. Now all he needs to do is have something on the VPS which redirects everything that comes to a certain address into the Tailscale machine, Caddy is a nice way to do this, but the more traditional approach is ngnix, so if he puts Caddy on that VPS a config like this:
immich.myserver.com {
handle {
reverse_proxy my_server.tailscale.network.name:3000
}
}
Then any requests that come to https://immich.myserver.com/ will get redirected to the home server via Tailscale.
It is a really nice setup, plus OP also added authentication and some other stuff to make it a bit more secure against attacks directly on immich.
It’s not required, but probably OP has a home server with Immich and a VPS which exposes it to the internet. In that setup you need Tailscale for the VPS to access your home server. Sometimes you can’t directly expose your home server for different reasons, e.g. ISP doesn’t give you an external IP directly (I’ve had this, where my router would get a 10.x IP so I couldn’t port forward because the internet IP was being shared between multiple houses), or the ISP gives you a dynamic IP so there’s no guarantee that your IP won’t change next time you reset the router, etc.
Also it provides an extra layer of separation, so for example a DDOS would hit the VPS which probably has automatic countermeasures, and even if someone were to gain access to the VPS they still need an extra jump to get to the home server (obviously if they exploit something on immich they would get direct access to the home server).
Thanks, this looks awesome, last one I tried was tandoor but didn’t really liked it, the import/export capabilities of this one make it a lot more interesting for me, to ensure I can recover the recipes or build them into markdown files if I ever want to migrate away from it.
The pictures are different, so it’s hard to evaluate them the same. Objectively the bowtie makes it all too crowded around his face. On a more subjective note, it might be because of the lighting, but the necktie looks like a distinguished gentleman, whereas the bowtie is giving me serial killer vibes.
While I also strongly recommend Dead Cells like others, I think it’s best if you first play Rogue Legacy. Let’s put it this way, if Rogue Legacy is like a good cup of coffee, dead cells is cocaine, or maybe crack.
All of that sounds really awesome, but I think I still stand by the conclusion I had even if some/most of my assumptions were wrong, it might be too much for a new person. I get that for you it wasn’t, but I’ve also seen people whose first distro was Gentoo. The rollback to a working state feature is really cool and I definitely could have used that back in the olden days when I first started using Linux and broke my system periodically, but those were different times (be glad you don’t know what a Xorg file is hahaha).
Overall in theory it seems that Bazzite is a system I would like to use, but I thought the same of NixOS and couldn’t get used to it. But I’ll definitely try it in the future.
As an anecdotal point I have in fact ran rm -rf /etc in the past, you are correct that the system doesn’t boot (had to do a full reinstall that time). And as a completely unrelated note be very careful with pressing enter in the middle of typing a command, for example trying to delete a folder inside /etc hahahaha.
My experience with Bazzite is very limited, so I appreciate the corrections. Since you seem to know a lot about it let me ask you a couple of things:
Assuming it is immutable:
Regardless of that, yes one’s first intuition should be to go for the docs for your distro, but we know that’s not the case and that most people will just Google their problems with Linux in front because we keep telling them that all distros are the same (which they are, once you know what you’re doing).
I am fairly sure Gabe expected this, in fact I think he expected more. See, back when Windows95 was first released people were skeptical that Windows would be a good platform for gaming, they cited non-existent technical issues (similar to how they do with Linux now) that drove the employees at Microsoft mad, so one particular employee had the idea to port the most advanced game at the time to Windows, they contacted ID software, and got in an agreement that they would write the Windows port of Doom and give them the code back, ID agreed and after Doom was released for Windows more and more people started to port their stuff over since it was clearly possible. So essentially Windows being a gaming platform was only possible thanks to that employee, who after working with games liked it so much that he quit Microsoft to create his own gaming company which he called Valve. Yup, Gabe Newell is responsible for both Windows and Linux being seen as a gaming platform.
Why do you want SteamOS though? Unless you’re making a Steam Machine there are better options out there for desktop usage.
Exactly, they said desktop use to replace Windows that is more than gaming, by your own phrase:
If you want more than gaming as the central focus then sure look elsewhere.
They should look elsewhere.
Isn’t Bazzite an immutable OS with very limited package availability outside of gaming? At least that’s what I remember from a while back. If so it’s an excellent distro for getting a Steam Machine just like ChimeraOS, but I’m not sure it would be a good experience for someone just getting into Linux, since most of the help he will get online will direct him to edit config files which would get overwritten on update.
For example, say the person wants to install Skype, or something that is not in the graphical UI store on Bazzite. Most guides they would find for Linux would tell him to add a PPA, or download a .Deb, or if he manages to find something that works it would be to download an RPM and they would need to redo it every update, or they could find a guide on how to install it via flatpak (but for that they would need to know what flatpak is) or snap (and go into a lot of troubleshoot figuring out why he doesn’t have snap). We take a lot of Linux knowledge for granted, but people using it for the first time won’t know all of this.
If you want more than gaming as the central focus then sure look elsewhere.
That’s exactly my point, OP talked about replacing Win 10 desktop, not about a gaming machine (for which I agree SteamOS is an excellent choice).
Cool, so did I a while back, what’s your point? It’s still not a great replacement for Windows as it’s not the intended use of the OS, and will be frustrating for someone without Linux experience.
Yes, for you and me who understand what that means it’s just the same, but for someone with no Linux experience is going to be very different. Googling any issue he has will direct him to alter config files or install packages, neither of which would be permanent on SteamOS, while the OS is the same the usage of it is completely different, so for a person with no Linux experience to try to use it as their daily desktop system it would be frustrating because none of the help online would apply to him.
Don’t use SteamOS as a desktop OS, that’s not what it’s meant to. You might be used to Windows and think that a different distribution of Linux is just a different customization of the OS, but it’s almost an entirely different OS that happens to run the same binaries.
If you’re interested in getting an alternative to Windows, try some beginner friendly Linux distros on a Virtual Machine or an old laptop. I recommend Linux Mint to newcomers, but if you’re used to the desktop mode on SteamOS maybe Kubuntu. The closest you can get is Bazzite but that’s also not a desktop OS so I wouldn’t use that unless it was for a Steam Machine. The second closest (that’s also somewhat beginner friendly) is Manjaro K DE version, but being Arch based I don’t tend to recommend it to new Linux users, but of you’re dead set on getting something as close as possible to SteamOS that’s it.
Wine was in a great state, it just wasn’t integrated on Steam so it was clunky to get it working. Long story short Steam Machines only had a handful of games available (those with native binaries) unless you jumped through hoops to install steam on wine and launch steam from steam or something of the sort.
At the time we thought that the steam machines would make devs port their games, but that didn’t happen, so Valve invested heavily on Wine to make the games come to Linux regardless of the game devs. If Valve hadn’t invested most games that run today would still run, wine has always been an amazing piece of technology, their investment was mostly on a library called dxvk which translates directX calls to Vulkan instead of OpenGL, for technical reasons this was needed for any game that only supports DX12, but also gave some performance boost to other titles. I’m not trying to downplay Valve’s hand, dxvk was a much needed piece of the puzzle that Valve singlehandedly financed, not to mention all of the other stuff they’ve done that benefitted Linux gamers over the years, but if they had integrated wine on Steam without dxvk 99% of cases would be mostly the same (but that 1% are heavy hitters).
In that sense it is a bit of scripting, it’s a templating language similar to Jinja, so you put things you want to display between {{ }}, for example {{name}} will get rendered as the content of the name variable. [[ ]] is the way Silverbullet habgles links, so [[Something]] is a link to the file Something.md, so [[ {{ name }} ]] is a link to the file with the name from the variable.
Also that’s because I wanted a custom view, a very similar thing could be done with:
\```query
recipe
\```
BTW, you can have a table of contents on Silverbullet by just putting a block named toc, i.e. ```toc and closing it on the next line.
No scripting involved in the above example though.
First of all let me make this absolutely clear, docker is not expected to be secure to that level. While they try to make it hard for someone to escape a container, it’s not their main concern so expect that there are vulnerabilities that would allow an attacker to escape.
Now the second thing, the Overseer login screen might be secure enough for your case, the problem is that login is hard to do right, and Overseer are doing several other stuff as well, so they might not give it enough emphasis, and even if they do, maybe Immich devs don’t, or any one of the dozens of other services, so there are dozen of possible points of failure. Things like Authelia or Google OAuth are focused on authentication, so they do that absolutely right, and then they become the only point of failure for authentication.
To be fair, if you keep things updated it’s unlikely not having auth would be a problem. Mostly because most hackers won’t even know of your server to begin with. And most systems are secure enough for most casual hacks. But it’s an investment worth the time if you plan on making something available to the internet.