eupolicy.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
This Mastodon server is a friendly and respectful discussion space for people working in areas related to EU policy. When you request to create an account, please tell us something about you.

Server stats:

225
active users

#container

1 post1 participant0 posts today

This weekend I finally went through the dev => deployment pipeline:
Spawning a #rust #container to build my bin for release
Creating a #docker image to run my release bin
Creating a docker-compose.prod.yaml to run the deployment version of my current dev.
Seeing my server staying steady around 20MB RAM usage makes me happy already. I know that with #javascript for the job I'm doing here I'd be above 100MB to start with.

#weeklyreview 25/2025

COVID

Finally got me. After ditching it (at least according to tests) for the whole pandemic I finally watched COVID last week. The first two days were the “worst”. Felt like a flu for me. But fortunately subsided quickly just leaving a bit of sniffles and occasional coughing. But the annoying part is, that I’m still testing positive. So have to confine myself to home office and wear mask all around to not spread the stuff. Let’s see how long this takes…

Wallabag

Since Mozilla is shutting down “Pocket” many people are seeking alternatives. I stopped using Pocket ages ago and instead was using LinkDing for my bookmarks. But there seems to be an additional use case in Pocket that people like… the reader view. And since my dear friend Slamr is looking for a Pocket replacement I took a look at Wallabag as recommended by Gemlog.

There is a docker container… so how hard can it be to install …

As usual… harder than one expects… The default installation comes with its own Database container. But I’m using a central DB container and don’t want to give the Wallabag app the full root permissions. So I had to create the database manually myself upfront (described in this issue: https://github.com/wallabag/docker/issues/412 ). That was the easy part. Now the app also needs to send eMail. They are using the PHP Symfony framework for sending eMail and that’s using a single string for username, password and host of the Mailserver. Yes, that’s technically possible…but comes with a whole lot of challenges. All the special characters of a password will need to be URL escaped. Since that String needs to be passed from Docker compose to the Containers ENVIRONMENT and then be parsed by PHP to be eventually used for the actual connection there is a lot of moving parts that need handle these strings correctly. Took me a while to find https://github.com/wallabag/wallabag/issues/6927 which tells me that one has to double escape “%” … quite annoying.

So the rule is… special characters need to be URL encoded. That would make an @ look like %40 and a blank space like %20. Now the literal % is also a special character for SYMFONY and needs to be escaped with a % in front. So an @ for the Wallabag DSN string in the Docker config would look like %%40

But now Wallabag is working. The web interface is a bit simple, but works. The mobile client for the iPhone is nice though and offers an optional (payed) AI integration that suggests tags automatically and also provides summaries. One click saving of URLs from the Browser via bookmarklet and also from the iPhone share dialog forks nice.

What’s also pretty convenient is that Wallabag provides its own ATOM feed that one can use to consume with your favourite RSS reader. I’ve integrated that into my FreshRSS setup.

Gemma3 no Vision

With a school intern we were playing around with image description generation using local #LLM tools (Ollama) and Python Flask. I spend quite some time filling around with the Gemma3 model as that supports text and vision and was small enough to fit into the memory of the MacBook Air of the school intern. Gemma did provide image description… but they were always wildly off and totally made up. Didn’t had anything to do with the actual image content. No matter how I massaged the prompt to avoid hallucination Gemma would happily make up random image descriptions. Very weird and scary. We eventually found moondream:latest model which is small and does a good enough job.

Apple Containers + Pihole

Apple recently released their own Container engine for macOS which can consume OCI images. So far containers do not run natively on macOS. Docker Desktop uses the trick of bringing up a single virtual machine under the hood and run the containers inside that VM. This comes with a whole bunch of limitations when it comes to networking and volumes. Despite the fact that it’s a commercial app.

Apple uses a different approach. The support for OCI images is a big step forward. The containers obviously still do not run natively on macOS as the OS kernel is too different. But Apple now starts a very lightweight virtual machine for every container. This allows the use of x86 Docker images as well as Rosetta takes care of the translation. It consumes less memory than the Docker Desktop approach and is pretty fast as well.

I’ve wanted to give this a try although it’s still in a very early stage. I’m constantly running a virtual machine via UTM with a Pihole instance to have ads and trackers blocked. I thought it would be nice to just use the official Pihole Docker container for this purpose.

The installation of Apple Container is pretty straightforward. Just download the pre-compile package from https://github.com/apple/container/releases/tag/0.1.0 and follow the instructions on their README.

The hurdle I had to take was reconfiguring the container networking so I can actually reach the user interface of Pihole. Moellus pointed me into the right direction here. For some reason the container network was not bound to the bridge interfaces on my host. I had to reconfigure that and now it’s working.

Just pulled the Pihole Container and started it. Works

Hetzner Object Storage

pondering about the cost of my network setup again. I’m running the object storage for some of my services (Mastodon, Pixelfed, Bookwyrm) on my home server connected to my Synology NAS. As I have still plenty of disk space on the NAS and additional disk space at Hetzner is relatively expensive. But of course it’s annoying when the images are temporarily gone whenever my DSL provider at home has a hiccup. So was looking at Hetzner Object storage. For about 6 EUR/month I’d get 1TB of storage and 1TB of data transfer. That’s actually more than enough for my current usage. I’ve got around 500GB of object storage usage currently on my Minio setup. The traffic is much less than that according to my FritzBox stats (which also includes all other network traffic we cause in the household).

So the big question is, is the 6 EUR/month cheaper than the existing home setup? According to my measure the server + the NAS and FritzBox are consuming around 100W. That doesn’t sound much… but this run’s 24×7. It sums up to 2.4kWh per day … 365 days. At a price of about 0,39 EUR/kWh I’m clocking in at ~ 340 EUR/year. That’s roughly 28 EUR/month ….

So I’m looking into moving that to Hetzner now. First steps are done, but I’m still struggling to get the Reverse Proxy properly talking to the Hetzner endpoints. Still getting an access denied via the ReverseProxy, while a direct access to the Hetzner Endpoint via cURL works fine. So it’s not an object permission problem. Must be something weird with the Headers.

Cleaning Up

Needed to clean up the spare room for have in our big flat in Berlin. Will rent that out for the next year as it’s a waste of space and we can use the money for #project25

Self-hosted bookmark manager that is designed be to be minimal, fast, and easy to set up using Docker. - sissbruecker/linkding
GitHubGitHub - sissbruecker/linkding: Self-hosted bookmark manager that is designed be to be minimal, fast, and easy to set up using Docker.Self-hosted bookmark manager that is designed be to be minimal, fast, and easy to set up using Docker. - sissbruecker/linkding

#Nordnachrichten

#Stadtreinigung stellt neue #Altkleider-#Container in #Hamburg auf

Stand: 29.06.2025 18:29 Uhr

Statt auf dem #Recyclinghof landet kaputte #Kleidung in Hamburg immer öfter bei Containerbetreibern wie dem Roten Kreuz oder im Hausmüll. Die Stadtreinigung will das nun mit neuen Altkleidercontainern ändern.

ndr.de/nachrichten/hamburg/sta

ndr.de · Stadtreinigung stellt neue Altkleider-Container in Hamburg aufBy ndr.de

Brand an Müllcontainern – Polizei nimmt Verdächtige fest

Brennende Container und Dixi-Toiletten Polizei erwischt „Feuerteufel“ auf frischer Tat 23.06.2025 – 15:16 UhrLesedauer: 1 Min. Abgebrannter Müllconta…
#Braunschweig #Deutschland #Deutsch #DE #Schlagzeilen #Headlines #Nachrichten #News #Europe #Europa #EU #"Brandserie" #100137924 #Brandstiftung #Container #Feuerteufel #Feuerwehr #Germany #Herzogin-Elisabeth-Straße #Müllcontainer #Niedersachsen #Polizei
europesays.com/de/212998/

Die halbe Grundschule zieht für OGS-Ausbau in Container

Wenn nach den Sommerferien die neuen i-Dötzchen an die Sonsbecker Johann-Hinrich-Wichern-Schule kommen, werden sie ihre Klassen…
#Aachen #Deutschland #Deutsch #DE #Schlagzeilen #Headlines #Nachrichten #News #Europe #Europa #EU #"Bolzplatz" #2026 #Container #Containern #Germany #Grundschulklassen #Klassen #Klassenräume #Nordrhein-Westfalen #Pauls #Provisorium #Räume #Schulgebäude #Sommerferien #Sonsbeck
europesays.com/de/210713/

Zoll Hamburg entdeckt 600 Kilo Kokain in Fruchtcontainer aus Südamerika

Nach Tipp aus Karibik Zoll beschlagnahmt Koks im Wert von 24 Millionen Euro 16.06.2025 – 18:46 UhrLesedauer: 1…
#Hamburg #Deutschland #Deutsch #DE #Schlagzeilen #Headlines #Nachrichten #News #Europe #Europa #EU #100137924 #Container #Drogen #Fruchtcontainer #Germany #hamburg #hamburgerhafen #Karibik #Kokain #Koks #Rauschgiftspürhund #Südamerika
europesays.com/de/195194/

Migrated my Git forge (Forgejo) and my personal website (hofstede.io) to a new server, running on Red Hat Enterprise Linux 10 (RHEL) :redhat: .

All services running as Podman containers :podman:
- Traefik reverse proxy
- PostgreSQL Datebase
- Littlelink (my website)
- Forgejo

During the migration, I did several optimizations:

1. Converting all container definitions to quadlet files (/etc/containers/systemd/*.container)
2. Modernizing my Traefik configuration according to good practices (global TLS redirect, modern ciphers, etc)
3. Securing the system with firewalld, SELinux (enforced mode) and Anubis (Anti AI Crawler filter)
4. Using podman secrets for all sensitive informations (DB credentials)

Very satisfied with the result. My container definitions are now much clearer, follow a structure and are pretty consistent :-)

Wie ihr Online-Dienste selbst betreibt, zeigen wir euch im @ct_uplink. Ganz gleich, ob Smarthome auf dem Raspi, Nextcloud auf dem Homeserver oder auf einem angemieteten Server im Rechenzentrum. Selber machen ist angesagt.

Die Folge könnt ihr ganz einfach hier im Fediverse schauen, über unsere #PeerTube Instanz.

peertube.heise.de/w/djrpQYtR1p

#Apple Quietly Launches #Container On GitHub To Bring #Linux Development To #MacOS In A Native Way
Unlike Docker or Podman, this tool is designed to feel at home in the Apple ecosystem and hooks into frameworks already built into the OS
Container runs standard #OCI images, but it doesn’t use a single shared Linux VM. Instead, it creates a small Linux VM for every container. That sounds heavy at first, but the VMs are lightweight and boot quickly.
NERDS.xyz nerds.xyz/apple-quietly-launch

NERDS.xyzNERDS.xyz - Real Tech News For Real NerdsReal Tech News for Real Nerds