u/Ecstatic-Panic3728

I just added a server to my homelab using Talos Linux. It is amazingly easy to configure it and put pods there. So far I'm doing the same I usually do on my day job, and everything is working alright. The question that I have now is the following, how to make it secure?

What are the steps that I need to take to execute containers, that I don't trust, on my cluster? I have Cilium installed and I already have network policies to reach the containers I need, on this part I think I'm good. But what about execution?

I know that one big step is to remove root execution, but then some images/helm are based on root. For that I was thinking on running something like gVisor or Kata.

I have Immich running on my homelab and I have the mobile app on my phone, and on my wife's. This solved a huge problem for us because now we can share our photos, so she can see the photos I'm taking from our sons when I'm alone with them, and the other way around. So no more "you did not sent me this photo".

The issue is, our sons have this tendency to pick our phones from time to time to see the photos. He loves it, and I think that's nice because he can come back in time and revive some memories like "daddy, who was on the beach with us this day?", but I fear that they could be deleting some photos by accident. I know, I can recover from the trash, but still, not the best.

There is any permission that I could set for a user to be kind of upload and read only? Or maybe a "destructive" mode that a user could get in once adding again it's login.

This is the only thing I'm missing from Immich to say it's the perfect photo management for me.

I really can't code in Go anymore. I love the simplicity, but I can't code without option/result, enums, ADT, ... But getting something better than Go, on this area, creates a hard decision to make in terms of how far should the type system goes. For example, Gleam is FP and typed, but the type system, of course is better than Go's, but it's no where near something like Haskell/Scala. Since I did not worked with Haskell before, and did just basic things on Scala, does it really matters?

On my current view, the biggest improvements in correctness come from using ADT, immutability, and errors as values. But there is also typeclasses, phantom types, linear types, GADT, .... to what degree where talking about syntax sugar or actual modeling features. I think I could live without all the syntax sugar, and write a little more code, or even some boilerplate, given the years coding in Go, but I would like to correctly express the constraints at the code.

I hope this question is understandable.

Let me start saying that I don't believe on perfect languages. But I quite think that Gleam may be what I was looking for for quite some time. But I'm confused with it's position on the Beam ecosystem.

I do program a lot in Go, and I do value the simplicity of the language, but at the same time the type system is so damn simplistic, to a point I can't program on it anymore. The issue is, a better type system becomes way too complicated as it tries, but it's not required, to add all features under the sun. For example, I was working with Scala using Cats on a previous job, and oh my God, indeed, very powerful, but the complexity is just unbearable.

From my experience this is what makes a good language to me:

• Simplicity. This is so subjective, but think on this like: can I learn the language in a weekend or does it take a full year? Go x Haskell
• Compiled
• Errors as values
• Async by default and without function coloring
• ADT
• Immutability
• Good visibility control of fields, structs, functions, and packages
• No nulls and rely on Option/Result types

I think Gleam checks all of this, right? Just the compilation that is not there, but I could live without it by having everything else.

The question now in my head is, why Gleam when Elixir is getting a type system? I did program a little in Elixir, I find it amazing, but being dynamic was such a deal breaker for me. I was very excited to know that José was working on a type system, but I still don't understand to which degree it will extend. From what I was able to read, and understand, it will fill kind of progressive typing and it will not be as strong as Gleam is right now.

Right now I'm working with Rust, despite it's complexity, but dealing with all those lifetimes/borrowing is something that I really don't like. I'm not building a billion requests per second service.

First of all let me start saying that I love this service. But, since I've installed Tailscale at my phone my battery looks like to be draining so fast. It's an iPhone and from the Battery settings I can see that it draws something like 15% of my battery, but it feels like more.

Maybe something that gets injected or runs at the OS level and then it's not reported there? Also, I don't know if I could do anything to mitigate this battery usage.

I'm using an always on VPN and the exist node is my router at my home.

I've been programming on mainstream languages for quite some time, but since I started to use more Scala and Rust my mindset has completely shifted and I can't put the genie back in the bottle. But I'm facing some philosophical dilemas now. I really can't decide on what to use, and I don't want to be a jack of all trades. Not that I'll not learn new languages, but I would like to go deep in one.

In terms of type system I think Rust nails the idea of "make invalid states unrepresentable", at least on, let's say, reasonable adopted languages. What is bothering me is that I'll not write any sort of systems code and I'm totally fine with a GC, which would massively simplify the code. But I don't think there is anything on this space today and maybe Rust is the best we have?

For example, OCaml would be a good alternative, but very very very little adoption and missing libraries. Scala would be the biggest contender but such a mess language and ecosystem, and the idea of "best effort" effect handlers don't feel good to me.

Please, share your ideas and opinions, specially if you've faced this question before.