@aynish I never really update anything, except once and a while. Just install debian once and leave it until I get a new computer. Works great. You can see the log here. (my docker-based equivalent of a nixos config) https://git.sequentialread.com/forest/sequentialread-caddy-config/commits/branch/master
To make it easier to parse, here's the log of how many days I've worked on that project in the past 4 years. Repeated Ws mean consecutive days working on it, and the numbers represent # of days I did not work on it.
WW 10 W 7 WWWWWWW 45 W 25 W 7 W 7 W 5 W 27 W 27 WWW 13 WW 12 W 28 W 20 WW 2 W 27 W 9 W 60 W 16 W 30 W 45 W 7 W 10 W 81 W 110 W 11 W 308 W 35 W 133 W
There's only one time I was working on it for a whole week, and the amount of time its gone without being touched has only increased over time, peaking at 308 days without a commit (!!!)
Sure, I've worked on other things, but this represents most of what I build myself for myself to depend on.
---
I mostly self-host because I wanted to self-publish, so to me, it feels wholly justified that I have to maintain my server.
I also feel like doing this stuff at home has made it easier for me to aquire money by working for corporations, and easier for me to also quit and have some level of confidence I can re-enter the job market when I want to.
I think laziness (and inertia) is really a virtue when it comes to this stuff, like, I mentioned I never updated my debian. I never set up proper backups. I just put my docker-compose file, secrets, and all of the persistent docker volumes in one single folder and `tar` it to a hard drive periodically.
My phone is kinda the same way, its not the best setup by any means, no play store, no bank app, no bootloader lock, etc. Backing up my phone was a major pain when my last one's display died, and I almost lost my signal account, which would have really stung.
I've been carrying around a phone with a badly cracked screen for months now because I've been too busy to back it up again so I can feel confident taking it in for repair. Eventually all the glass shards that are going to come out will come out. The display will either start dying or it wont. In this case, it seems to live on. So here I am, and I'm content with that.
@aynish I almost always use defaults and never configure anything, I figure that way if I ever have to do a demo, the thing I show to other people will be as relate-able as possible.
The things I do configure are usually big ticket items that I can't do without. For example, I remap my keys on my computers so that ctrl c and ctrl v are always in the same place no matter what OS I use.
And on Docker, I turned on the UID namespace remapping feature, which allows me to run everything as root inside containers, which seems to be the default for a lot of docker containers, without them being root on the host.
And I made a security gateway for the docker API so I could mount the docker socket.
Those two things alone get rid of 99+% of docker related critical vulnerabilities afaik. Yes it means I have to type deranged things like `chown -R 231072:231072 .` to set up the file permissions correctly on that One Folder To Rule Them All that I mentioned earlier. But I think thats a low price to pay for simple, secure management of my server.
