I have a Talos k8s setup now and I’m trying to add various services. I have discovered that my old htpasswd file won’t cut it for auth.
I want to host the following,
Should I go with keycloak? Are there better auth services?
I chose Keycloak because it seemed the most battle tested and least likely to just stop receiving updates and die and that is worth a lot to me. The most annoying thing for me was their storing usernames in lower case but after I figured out how to create custom SPI plugins I got that sorted out.
I’m on Keycloak + lldap for user provisioning and services that don’t support OIDC or SAML. I have yet to find a OAuth or SAML feature it doesn’t have. It does have a steep learning curve tho, so Authentik is maybe a better solution to get started with. I personally hit a wall with Authentik when I was trying to get different signature key algorithms for different services (some services have different supported set of key algorithms than others) and custom plugins for custom JWT fields and user attributes. I believe Authentik has something for extensions as well, but Keycloak is just Java, which has a much better development and deployment experience than throwing a .py or .js file in some directory and hoping it works.
Do humans also have an afterlife in lotr like elves? For that matter, what about dwarfs, hobbits (non fellowship) …orcs?
What do you think the orcs are? Like, which would be your preferred answer to the question, since there appears to be no singular one according to the youtube clip? Or could they be like a group of all four creation myths? :)
based on the text of The Silmarillion, I’d have to say that, being originally Elves, and Melkor having no power to create spirits or imbue living brings with spirits (not even the other Valar can do this, only Ilúvatar; this is demonstrated when Aulë creates the Dwarves), then the Orcs must still have Elven spirits, and thus go to Mandos when they die. but again, that’s assuming The Silmarillion is authoritative on the matter, which it may not be
Welcome to the glorious kingdom of DE wetshaving! I also suffer from eczema, maar I’m really digging Proraso Refreshing/Green (IT) and Tabac Original (DE) shave soaps. Palmolive cream in a pinch (Kruidvat). I’ve tried so many shave soaps over the past 20+ years, but Proraso and Tabac are great for my use case.
Badgerandblade.com is a great resource to delve into, specifically the Kyle’s Prep write-up.
When I’m visiting family, I’ll sometimes cook a huge breakfast.
Bacon, scrambled eggs, french toast (with cinnamon), etc
Chili and corn bread. My chili uses beans, but I’m not from Texas, so it’s fine. I use two kinds of beans (pinto, and dark red kidney) and two kinds of meat (ground beef, and hot Italian sausage).
If I wanted to make Texas chili, I wouldn’t use ground meat, I’d use stew beef, and I’d have peppers (Bell and jalapeño) and I’d omit the masa. I could make decent Texas chili, but my regular chili is awesome if you don’t hate beans.
Part A) write a 3 page essay about Sumerian slavery.
This isn’t an exaggeration
Looks pretty good here’s the trailer:
You know what doesn‘t disclose your viewing habits with third parties because it doesn‘t even require you to have an account to watch streams? Aye.
You answered it yourself. When hasn’t Amazon tried to eliminate competition?
Disney Star Wars was pretty much doomed the moment they decided to make a trilogy without having any plan for a trilogy.
They were initially able to mask that fact with early financial success that was based entirely on the strength of the brand that they purchased, and not their creative output.
The only real exception was The Mandalorian season 1, which I think primarily speaks to the talent of Jon Favreau, but Baby Yoda doomed that show with its massive merchandising success.
Maybe making a show about a crime lord that doesn’t do crimes wasn’t a good idea
Hey guys, so I’ve been self hosting for 2 years, making small upgrades until I reached this point where I replaced my router with one of those Chinese fanless firewalls running Intel n150 and running a proxmox homelab.
I am self hosting headscale with many of my buddies connected, including ny own services. Everything was working great until I setup OPNsense.
The firewall was not easy to setup, but after I set it up, I discovered odd behaviors from tailscale.
The firewall was blocking all connections from the ip 100.60.0.0/24, I had to explicitly allow it and change the forewall state to hybrid
What happens is that my LXC containers running tailscale would receive requests from tailscale0 interface but respond via LAN.
Apparently as I understood, consumer routers have assymetric NAT so that works fine, but not with opnsense.
Every guide I read online talks about installing tailscale on the opnsense router directly but I do not want to expose it to the tailscale network.
For now temporarily I set an ip route to tailscale0 and resolved it that way temporarily, but I still cannot get a solution that can help without compromising the firewall.
It’s also very cumbersome to do this for 50+ LXC containers over and over, even with running systemd scripts a problem might happen in the future
If you guys have any experience with this it would help a lot.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
| Fewer Letters | More Letters |
|---|---|
| IP | Internet Protocol |
| NAT | Network Address Translation |
| VPN | Virtual Private Network |
| VPS | Virtual Private Server (opposed to shared hosting) |
[Thread #136 for this comm, first seen 6th Mar 2026, 09:50] [FAQ] [Full list] [Contact] [Source code]
I might have a solution for you by doing what I’m doing. I’m running OPNSense as my firewall as well. I have one NAT:Port Forward rule for torrents (I really am seeding linux iso torrents) and that is it. Any services I’m hosting outside the network are done using Cloudflare tunnels from either a Cloudflared instance or from the LXC itself. This method has fixed my issues with Plex outside of my network since I was able to turn off “Remote Access” and make it available to my friends/family through a “Custom server access URL” (in the network settings, looks like: https://plex.domain.url,http://192.168.1.xx:32400/). No messy NAT rules to complicate things.
I am also using tailscale, but I don’t terminate it on my firewall. I terminate Tailscale on another host inside my network, you could probably use an LXC container. It’s a Debian system with Tailscale installed, routing enabled (https://tailscale.com/docs/features/subnet-routers), and set up as an exit node and subnet router. On OPNSense, I set up a Gateway on the LAN interface pointing to my Debian Tailscale router node. Then I pointed the remote networks of my family to the Tailscale router using the routes in OPNSense. Fortunately, for me (and because I set them up), they are all different networks.
The benefit to this method is also that when remotely reaching my services, the traffic looks to the services on my network as if they are coming from the Tailscale router and so return there instead of trying to go out my firewall. Tailscale maintains the tunnel through the firewall so it really isn’t a participant in the tailnet. The only issue I’ve really had had been DNS with the Tailscale Magic DNS wanted to respond instead on my internal DNS servers. I’ve got MagicDNS disabled. but it always messed stuff up. The way I fixed it was to put tailscale on my Adguard container and make it’s tailscale IP the first DNS server, followed by the internal IP addresses of my DNS servers (192. addresses). This has worked for me pretty well.
Please let me know if you want any follow up info. I’ve been doing this for a long time. It’s my main hobby (and directly congruent to my job).
I love to hear about a Canadian alternative.
Detect is way too expensive because of the amount of unique visitors you get. When you federate and post, you’ll see your unique visitors climb fast.
Lemmy.ca gets it free I think because they are a non profit and deflect is being generous.
