@bordam As far as I noticed, related to AI boom the prices for RAM and SSDs could be get more higher.
Also, the end of Windows 10 could also trigger more selling of PCs and Notebooks, which also would make pressure on RAM prices.
So I think, it is better not to wait and to buy, when it is possible.
There are some articles from a german computer publication about RAM and Flash prices, unfortunately in german only.
https://heise.de/-11066715
https://heise.de/-11073558
@bordam Personally I would suggest, take so much Ram as you have money available.
If you have services relying on databases like Nextcloud (Valkey / Redis, MariaDB / PostgreSQL) more RAM could be helpful.
My current not finished setup with podman containers already takes 2 GB Ram.
Also prices for Ram and SSDs are predicted to rise or are already rising, so if you buy now, I would suggest to buy maximal large hardware parts.
I don't know the exact agreement with your friends, but to avoid security issues I personally would use following way:
- deny usage of all ports by firewall
- allow only necessary ports by firewall
- enable privileged ports by sysctl
So it reduces additional layers and complexity.
If one of your friends would provide a service on a specific port it has to be discussed with you.
And if this is a privileged port, it is also possible.
Or you can handle e.g. a web request with a rule in caddy.
@SinTan1729 Thank you, now I can better understand why you want to avoid to open the privileged ports for non-root users which makes sense for your scenario.
I'm in the easy situation, that I don't have to think about such a scenario, because my selfhosting system is exclusive for me.
@SinTan1729 How many user do you have on your machine, which could open and run a service on a privileged port?
And when there is no application, which is providing a service on a privileged port, then there is no security issue from my point of view.
And if you want to get absolutely secure, then you can restrict the access only to specific ports based on firewall rules.
https://www.digitalocean.com/community/tutorials/ufw-essentials-common-firewall-rules-and-commands#how-to-allow-all-incoming-http-and-https
@SinTan1729 Using privileged ports can be activated with a sysctl setting:
https://access.redhat.com/solutions/7044059
@filister I don't have an arr stack running, but I'm using several podman quadlets for running successfully e.g. PostgreSQL, Nextcloud, HomeAssistant and some more.
Did you checked the journal with
journalctl --identifier=\<container name\> for possible errors?
@Eldritch @poVoq
The architecture may also be problem, when you want to use Containers (Docker, Podman). Some images are not available for all architectures.
The 3B has a 64bit ArmV8 CPU, there is a better support.
I have some Odroid devices with 32bit ArmV7 CPU, where often images are not available for.
https://wiki.geekworm.com/Raspberry/_Pi/_3/_Model/_B