What did you not like about Headscale? I started using it recently and it seems fine so far. Works identically to Tailscale.

Sure, but that’s much harder to do undetected. Don’t let perfect be the enemy of good. Secure Boot still prevents against particular types attacks.

If you have to choose between one, then yes; full disk encryption is superior. But they should ideally be used in tandem.

Without secure boot, you are vulnerable to evil maid attacks. A bad actor can modify your bootloader (which has to remain unencrypted) in a way that allows them to steal your encryption keys. Secure Boot prevents running unsigned bootloaders, which negates this risk.

DXVK was the last (IMO) major key in enabling proper Linux gaming.

Here’s a short interview with the creator of DXVK.

Prior to this Wine was able to run some simple Windows applications, but games (which heavily rely on GPU acceleration) lagged quite a bit behind since DirectX is a Windows exclusive graphics API. Instead, on Linux we have Vulkan which is similarly feature rich, but an open standard. DXVK translates DirectX API calls to Vulkan, which GPUs on Linux can understand, similar to how Wine translates Windows syscalls to the Linux alternatives. Even though Wine existed for a long time, DXVK’s development started quite a bit later.

Entire Linux gaming happened because one guy wanted to play Nier Automata on it. Don’t underestimate some one guys.

Nice. Unfortunately, it does not offer choosing Immich as an image viewer. I guess this is on Immich to fix, though.

Oh, didn’t know Forgejo was ever intended to have federation. That’s so cool!

Welcome to the club! Enjoy the freedom

Where meme

Fortunately, no. I played after a few years.

One of my favorites is Batman: Arkham Knight. It uses Unreal Engine 3 and looks shockingly good despite it. Goes to show how much art direction matters.

I run it in a rootless Podman container using Quadlets. Instead of opening the server’s ssh port, I only port-forward the container’s ssh port (e.g. 22 -> 2222). I have sign-ups enabled, since I want people to be able to contribute (or just create issues). But I have configured the server so that nobody can create a repository. They can still fork my repos and send a pull request.

I have yet to experiment with Actions. I assume the safest option would be to only enable it for my own commits, but I am not sure.