apt-get clean will clear the apt cache and should give you enough temporary storage headroom on /var to do things, but if you’re bumping up on this limit often, you’ll need to reconfigure your storage.

/var is often where processes dump a lot of data (logs, databases, etc), and subpartitioning of /var sets a cap so that when too much data is dumped there, the application crashes instead of the whole system. /var/log is often recommended to be subpartitioned separately as well, so that logging can still go on if the application data fills up and crashes.

These kinds of overruns can be intentional DOS attacks, also, so the subpartitioning is often a security recommendation. NIST 800-171 requires separate partitions for /var, /var/log, /var/log/audit, and /var/tmp

Forgejo (Gitea fork used by codeberg.org) is a lightweight self-hostable option, and has a web-ui-based file editor. It’s got an official docker image, and it’s packaged for freebsd, as well, which makes it very easy to deploy and maintain either containerized or on a server.

With the size of modern linux kernels, I think 1GiB for a /boot partition is the absolute minimum I would go for a current full-sized distributuon. You’ll run into these out-of-space issues on updates all the time otherwise.

I’ve used an old, out-of-support phone as a permanently plugged-in homeassistant control panel. Not quite self-hosting as in phone-server, but a fun easy project and a great way to keep an old device in use.

The bang syntax makes duckduckgo easily the best search engine - it’s a shortcut to everything, the perfect gateway to the internet.

Can you give us the full output of the following commands?

ip addr

sysctl net.ipv6.conf.all.disable_ipv6

Four Weddings and a Funeral is a movie I adore entirely for the side characters, and pretty much ignore the two main characters and storyline completely.
The main friend group feels so real and alive and lovely, they’re charming and funny, and watching them be friends at their weddings and funeral feels like optimistic slice-of-life escapism. And beyond that, pretty much every other side character is memorable and funny and a joy to watch, especially Rowan Atkinson as the anxious priest. Great movie, 10/10, can’t remember the main characters at all.

Yep exactly! Setting up a raspberry pi low-performance computing cluster with secondary usb nics, going slowly insane trying to figure out why the vlan interfaces wouldn’t work when their base interfaces worked just fine, and going down all of the wrong rabbit holes along the way.

ifupdown2 has a 15-character interface name limit, and the systemd predictable interface naming system uses the mac address for usb nics (giving them a 15-character name), so if you try to create a vlan subinterface of a usb nic using the standard interface.vlan naming scheme on a systemd host, it will fail, and you’ll have to set up systemd network link files to rename the base interfaces to something shorter.

The ups has data output to my firewall/router via usb, which the baremetal servers all connect to via apcupsd. When the ups loses or regains AC power, it broadcasts a message to all of them and they’re each scripted to act accordingly: laptops run on their own batteries, vms migrate over to laptops, non-vital hardware shuts down, etc.

Some laptop battery firmware allows you to force discharge even when connected to AC, and if your laptop can use the tlp recalibrate or tlp discharge commands then yours is supported.

I use this to power my thinkpad servers off of their own batteries during a power outage, to reduce load on my UPS. Great feature.

In my experience, mounting some thinkpad servers to the wall above the rack gives the homelab a very International Space Station feel.

I switched a workstation to Secureblue for the very specific security priorities targeted by that project, but I think for the majority of users, the main reason for not switching to atomic is one you mentioned: why fix what isn’t broken? The main selling point promoted to potential new users seems to be that updates don’t break anything, but I can’t remember a single time since Debian Sarge that an update broke anything for me, and I actually find the rpm-ostree package layering and updating process to be far more of a headache than otherwise.

Unless it’s prepackaged like a steam deck, moving from the traditional way of doing things to atomic is a major change. Like any major change, people need a good reason to make it, and I think right now the only compelling ones are either hyper-specific (switching to okd and needing to build it on coreos, wanting to move to a specific atomic project, etc.), or just general curiosity.

Band of Brothers. The intro is so long, but feels like an important part of the whole experience.

That’s why you can adjust swappiness, or designate a different high-endurance storage device for it.

Courts have ruled that cops can damage property in the course of their duties with no accountability or compensation required, so they’d probably just bulldoze it out of the way and destroy it. And then insurance would say they don’t cover official acts of cops, and then the cops would send a bill for damaging their bulldozer.

There’s probably more fun and effective ways to go bankrupt obstructing ICE.

Being sequestered into the oil sounds pretty nice at this point.

Unless “read-only” is being enforced by hardware (reading from optical media, etc), a compromised sudo user can circumvent anything, and write anywhere. A read-only flag or the root filesystem being mounted from somehwere else are just trivial extra steps in the way.

Improved security != extremely secure, is all I’m saying. There are a lot of things that go into making a system extremely secure, and while an immutable root filesystem may be one of them, it doesn’t do the job all on its own as advertised in this post.

The root filesystem is being read from somewhere, and if it’s being read from, it can be written to. Having an extra step or two in the way doesn’t make it “extremely secure”.