this post was submitted on 16 Mar 2025
191 points (98.0% liked)

Selfhosted

60074 readers
766 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam.

  3. Posts here are to be centered around self-hosting. Please ensure it is clear in your post how it relates to self-hosting.

  4. Don't duplicate the full text of your blog or git here. Just post the link for folks to click.

  5. Submission headline should match the article title.

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
ayyy@sh.itjust.works
curbstickle@anarchist.nexus
curbstickle_lw@lemmy.world
191
What's up, selfhosters? It's selfhosting Sunday! (lemmy.nocturnal.garden)
submitted 1 year ago by tofu@lemmy.nocturnal.garden to c/selfhosted@lemmy.world
125 comments fedilink hide all child comments
 

I know for many of us every day is selfhosting day, but I liked the alliteration. Or do you have fixed dates for maintenance and tinkering?

Let us know what you set up lately, what kind of problems you currently think about or are running into, what new device you added to your homelab or what interesting service or article you found.

This post is proudly sent from my very own Lemmy instance that runs at my homeserver since about ten days. So far, it's been a very nice endeavor.

you are viewing a single comment's thread
view the rest of the comments
[โ€“] refreeze@lemmy.world 3 points 1 year ago (1 children)

I'm curious how this goes for you. I run all my machines on NixOS except my k8s cluster which is Talos for now. I have been thinking of switching to Nix for that too.

[โ€“] tux7350@lemmy.world 2 points 1 year ago

I followed along the nixos wiki for kubernetes and creating the "master" kublet is super easy when you set easyCerts = true. Problem is, it spits out files to /var/lib/kubernetes/secrets/ that is owned by root. Specifically, the cluster-admin.pem file. If I want to push commands to the cluster using kubectl I have to elevate to a root shell. I could just chmod or chown the file but that seems like a security risk.

Now I'm not familiar with k8s at all. This is my first go through, so I could be doing something wrong or missing a step. I saw something about the role based security but I haven't jumped down that rabbit hole yet. Any tips for running kubectl without root?