KDE Connect and SyncThing

(Edit: Fixed image)

Honestly, don’t use hobby distros unless it’s just for testing purposes. They will fail you in the end, always.
That being said, if you want to check out another hobby distro, PikaOS is pretty fucking cool: https://wiki.pika-os.com/

I trust Valve not to exfiltrate my Steam credentials or account details (credit card number, home address). I wouldn’t trust a third party with that.

This suggests passing through dbus to the container. I will take a look at that.

If true that’s somewhat disturbing, but I still care about verified publishers nonetheless…

AFAIK no such configuration options exist for distrobox. It’s intentionally designed to not offer any isolation.

Then I have to pass my GPU to the VM exclusively. There are also memory latency problems. Plus I have to reserve ressources from my host system. I’ve been a user of VFIO setups in the past.

Distrobox basically has no isolation at all. Giving it another home directory doesn’t restrict access to the real home directory. Other directories are also not restricted (/media, /mnt, /var/log).

In case you haven’t noted, this isn’t about ease of use. (Also Steam isn’t verified on Flathub and I only use verified apps.)

Proprietary software bad.
Proprietary software in containment not so bad.

I tried running chromium, removing :home and was still able save and open webpages in ~/test.html. However, this happened through the native file picker dialog.

It’s not proprietary, though.

your firewal

Well, blocking inbound traffic from these countires is part of my firewall. I have some services that are exposed on the internet, but I don’t want the whole world to hammer these services, scrape them and potentially exploit vulnerabilities on them. I know a VPN would be more effective here, but that’s not an option for every service.

$ grep -i "dns" /etc/letsencrypt/renewal/enter.domain.here.conf

authenticator = dns-netcup
dns_netcup_credentials = /path/to/netcup/credentials.ini

AFAICT it is using DNS challenges, unless the cerbot netcup plugin somehow does stuff it shouln’t need to do.

enter.domain.here is simply a redaction of my real domain as I did not want to doxx myself.

Outbound traffic has never been blocked, so it’s not a matter of me or my “certificate manager” being able to reach Let’s Encrypt.

I’ve been using DNS challenge for this domain from the start. I’m not sure what you mean by external DNS hosting. The domain is from netcup, the certbot host runs in my local network (as does the HTTP server that the domain points to).

Netcup is a German hosting company, I live in Germany, inbound traffic from Germany is NOT blocked on my router, outbound traffic isn’t blocked at all.

I have an old Debian 11 “bullseye” installation running on one of my servers. It’s stuck at nginx 1.18.0, but it should theoretically still be covered by Debian 11 LTS security updates, right? https://wiki.debian.org/LTS/Using
nginx/oldoldstable-security,now 1.18.0-6.1+deb11u5

Huh?