This is no longer true as of Podman 5 and Quadlet?
You can define rootless containers to run under systemd services as unprivileged users. You can use machinectl to login as said user and interact with systemctl.
You see, my issue with this is that it suggests using the quadlets with lingering users... Which is the same annoying case as with the article. It is not as with other systemd services that you just instruct systemd to take a temporary uid/gid and run the service with it.
To add a data point here, my Framework laptop is 3 years old and I have no plans to change the mainboard anytime soon.
Also, you don't change its motherboard, you change the mainboard (for my laptop, it's the CPU/integrated GPU + memory sockets); this is unlike changing the entire computer. Then, you can reuse the replaced mainboard as a server if you wish to.
This pales with my experience using a Macbook Air whose motherboard failed. I did have to replace the entire computer.
I would be interested in that as well! I've been kind of obsessed with fermentation for a couple of years now, but it's all based on research driven by my own interests (I learn best when I immerse myself in a subject, in Dutch we call this "autodidact"). It would be nice to read along with what others are doing!
Embrace nature and go live in the jungle without clothes, tools, fire, water, food, medicine. Calling it brutal after such an experience wouldn’t be dismissed as a value judgement.
That is what I ended up doing, I wrote a blog post about it some months ago [0].
The gist of it is using private dns and exposing services only on the private network. Implementation details can vary, you decide whether to use tailscale or bare wireguard, and any reverse proxy and dns server will do. In my case, I use Tailscale, NextDNS, and Caddy.
I rsync the files in the directory that I specified Thunderbird should store all the folders and associated data. I restore it any time I rebuild my OS, also with rsync. That backup goes to a NAS which then gets backed up to multiple external SSD/NVME and one of those goes in my vehicle as a low-effort off-site backup.
Every case is different but as a baseline, you could use Ubuntu or Debian for automatic security upgrades via unattended-upgrades[0], harden ssh by allowing only pubkey authentication, disallow all public incoming connections in the firewall except for https traffic if you're serving a public service, everything else (ssh, etc) can go over wireguard (tailscale makes this easy).
Use a webserver like nginx or caddy for tls termination, serving static assets, and proxying requests to an application listening on localhost or wireguard.
I set up Fedora for family but I still use Arch myself, because there is no good alternative to AUR on Fedora and there are more packages that I need for software development.
Sometimes Arch saves so much time, that even the infrequent necessary manual maintenance after updates makes it worth it.
And even when trying to run stuff on distros other than Arch, I frequently look up instruction on Arch Wiki and in AUR PKGBUILDs.
As I founnd out myself, there is almost no tinkering involved once you get the initial Arch setup done. Just update once a week. Fedora repos have considerably fewer packages than Arch or Debian. For some reason Redhat land has always been off putting for me. SELinux, dropping docker in favor of podman, CentOS debacle are just a few things that make me look elsewhere. I'm glad you found your sweetspot though. Just a friendly banter from a fellow Linux user.
Fedora was almost required on AMD framework for a while, because hardware was brand new and Debians were too old. Now with Mint updated, I'd recommend take Fedora or Mint and Cinnamon.
Beware, I just realized my AMD does not support S3 sleep. Too late to return.
Mint was the worst experience for me. The trackpad acceleration curves are bad and there's no easy configuration for it. I was willing to either toy with sliders or copy an already tuned config into a file. But the best I found was how to go into a config file and disable the acceleration entirely.
