Something like this. This is a compose.yml that only allows ips from the local host 8080 to connect to the container port 80.

services:
  webapp:
    image: nginx:latest
    container_name: local_nginx
    ports:
      - "127.0.0.1:8080:80"

Excuse me have you heard about our lord and savior, NixOS?

Ooo I do love me some Nix modules. Any particular options to look out for in order to configure something like that?

Edit:

It’s programs.chromium.extraOpts isnt it? Lol

Did you allow the containers to talk to eachother with ufw after setting it up?

Did you watch ‘I am Legend’? This is exactly what starts the apocalypse lol

Side note, book was waaaayyyyy better

:3

Im at the compose2nix phase of this pipeline. Ive got a bunch or sevices in Docker compose files and all of my systems have been running Nix for over a year now. Ive gotten the hang of my repo and made a couple modules for my specific uses and im hooked.

What would you suggest to migrate all my compose files into a nix friendly environment? I use flakes as well.

Ya got three options.

Option A is to create your own certificate that is self-signed. You will then have to load the certificate into any client you want to use. Easier than people realize, just a couple terminal commands. Give this a go if you want to learn how they work.

Option B is to generate a certificate with Let’s Encrypt via an application like certbot. I suggest you use a DNS challenge to create a wildcard certificate.

Option C is to buy a certificate from your DNS provider aka something like cloudflare.

IMO the best is Option B. Takes a bit to figure it out but its free and rotates automatically which I like.

I like helping and fixing stuff, if you’d like to know anything just ask :D

I wish I had setup an identity management system sooner. Been self-hosting for years and about a year ago took the full plunge into setting up all my services behind Authentik. Its a game changer not having to deal with all the usernames and passwords.

In a similar vein, before Authentik, I used Vaultwarden to manage all my credentials. That was also a huge game changer with my significant other. Being able to have them setup their own account and then share credentials as an organization is super handy.

Right? My flake is pretty complex at this point. I use it for over 6 computers, my storage server, compute servers, VPS etc etc. Been perfectly stable for over 3 years. I update with the release cycle every 6 months. Never needed more than a small change here or there and it usually warns me of the depreciations ahead of time.

Thankfully I’ve only needed to roll back twice and it was perfect. Lost no data and kept working while I waited for a fix. If my flake ever blows up completely I’ll switch… but I dobt that will happen lol

Lol how funny. I was also very into modding the PSP growing up. I had a couple of Pandora batteries. The only reason I caught onto it was because my name is also Alex haha hello fellow Alex!

… are you the DaX from the PSP modding scene?!

Oh boy I went down this same rabbit hole awhile ago. Here is a git repository that will explain why this happens and also offers a fix on how to modify your IP tables to ensure that docker respects the UFW.

Docker and UFW

Running Plex in a docker container will be your best bet. After installing docker you can run a docker compose file that has your /config folder mapped to a separate location. Here is a sample compose file from the linuxserver.io group, which I highly recommend.

---
services:
  plex:
    image: lscr.io/linuxserver/plex:latest
    container_name: plex
    network_mode: host
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Etc/UTC
      - VERSION=docker
      - PLEX_CLAIM= #optional
    volumes:
      - /path/to/plex/library:/config
      - /path/to/tvseries:/tv
      - /path/to/movies:/movies
    restart: unless-stopped

Pay special attention to the section marked “volumes” you’ll see the first line is a mapping for the plex config from the host to inside the container. The left side of the “:” is the path as the host sees it, the right side is from inside the container. You can use this compose file in each installation of linux to share your config and watch history as plex will always find it in the /config folder. That’s the beauty of containerization!

That being said I wouldn’t run two containers at the same time. That could have unintended consequences as each may try to write to the same file at the same time. As long as only one instance of plex is using the config at a time you’ll be alright. You can find more info about the compose file here!

If you have any questions, feel free to ask! 😁

Lol it’s from Narcos. Great show if you haven’t seen it.

Indian guy sitting? That’s Pablo Escobar!

Can you tell me more?

It’s really not that hard to use a local account. When it askes for a Microsoft account just hit SHIFT+F10 then type in the command “oobe\bypassnro” and the pc will reboot. Now just don’t let the computer connect to internet, and when it askes for internet hit “I don’t have an internet connection” and then it will let you continue with a local account.

…I admit though… as I typed that out its pretty annoying lol Not hard, but like… just annoying.

Which switch emulator do you use? I’m pretty savy with Linux and run it on my desktop but haven’t really taken the dive to set any of them up. Metroid has been calling my name lately and I’m thinking it’s now or never. Got any suggestions?