cross-posted from: https://feddit.org/post/30198502

System:

Debian 13 KDE (actually MX Linux, but doesn't seem to matter)  
Wayland (xwayland installed as well)  
Docker 29.5.2

Dockerfile:

FROM debian:trixie

ENV DEBIAN_FRONTEND=noninteractive
ENV LANG=en_US.UTF-8
ENV LANGUAGE=en_US:en
ENV LC_ALL=en_US.UTF-8

# Set locale
RUN apt-get update && apt-get install -y --no-install-recommends \
        locales && \
    apt-get clean && \
    sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen && \
    locale-gen

# Install Wayland-specific packages
RUN apt-get update && apt-get install -y --no-install-recommends \
        dbus \
        libwayland-client0 \
        libwayland-egl1 && \
    apt-get clean

# Install X-specific packages
RUN apt-get update && apt-get install -y --no-install-recommends \
        dbus-x11 && \
    apt-get clean

# Add contrib, default is only main
RUN sed -i 's/^Components:.*/Components: main contrib/g' /etc/apt/sources.list.d/debian.sources

# Add 32-bit arch for Steam libraries
RUN dpkg --add-architecture i386

# Install Steam
RUN apt-get update && apt-get install -y --no-install-recommends \
        steam-installer \
        pciutils && \
    apt-get clean

# Additional
# TODO: What is really needed?
RUN apt-get update && apt-get install -y --no-install-recommends \
        vulkan-tools \
        mesa-utils \
        x11-xserver-utils \
        libvulkan1 \
        mesa-vulkan-drivers && \
    apt-get clean

# TODO: Does `-storebeta` even work?
# https://developer.valvesoftware.com/wiki/Command_line_options_(Steam)
CMD ["/usr/games/steam", "-storebeta"]

To run the container:

xhost +
sudo docker run -it --name steam \
    -e XDG_RUNTIME_DIR=$XDG_RUNTIME_DIR \
    -e WAYLAND_DISPLAY=$WAYLAND_DISPLAY \
    -v $XDG_RUNTIME_DIR/$WAYLAND_DISPLAY:$XDG_RUNTIME_DIR/$WAYLAND_DISPLAY \
    -e DISPLAY=$DISPLAY \
    -v /tmp/.X11-unix:/tmp/.X11-unix \
    --privileged steam:trixie

(The --privileged part is only temporary until I found out which capabilities are actually needed. Please don't run your containers with --privileged.)

I get the GUI dialogs to download Steam just fine, so at least some display forwarding is working:

The installation works fine, but when starting Steam it seems like it's not able to find Vulkan devices and then doesn't open any Steam window. (The container is not stopping and I'm seeing repeated ./steamwebhelper output after this.)

[...]
Running query: 1 - GpuTopology
CVulkanTopology: failed create vulkan instance: -9
CVulkanTopology: failed to create vulkan instanceFailed to query vulkan gpu topology

Failed to query vulkan gpu topology
Response: 
Exit code: -2
[...]
Vulkan missing requested extension 'VK_KHR_surface'.
Vulkan missing requested extension 'VK_KHR_xlib_surface'.
BInit - Unable to initialize Vulkan!
[...]

However, Vulkan is clearly working fine in the container, as this commands displays the cube rendering just fine:

$ sudo docker exec -it steam vkcube
Selected WSI platform: xcb
Selected GPU 0: AMD Radeon RX 550 / 550 Series (RADV POLARIS12), type: DiscreteGpu

(I've also tried it on another (pure) Debian machine with a 2080Ti, but I've got the same issue.)

I've created other GUI containers in the past (Firefox for example) and didn't have these problems.

Does anybody have an idea and can point me in the right direction?

System:

Debian 13 KDE (actually MX Linux, but doesn't seem to matter)  
Wayland (xwayland installed as well)  
Docker 29.5.2

Dockerfile:

FROM debian:trixie

ENV DEBIAN_FRONTEND=noninteractive
ENV LANG=en_US.UTF-8
ENV LANGUAGE=en_US:en
ENV LC_ALL=en_US.UTF-8

# Set locale
RUN apt-get update && apt-get install -y --no-install-recommends \
        locales && \
    apt-get clean && \
    sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen && \
    locale-gen

# Install Wayland-specific packages
RUN apt-get update && apt-get install -y --no-install-recommends \
        dbus \
        libwayland-client0 \
        libwayland-egl1 && \
    apt-get clean

# Install X-specific packages
RUN apt-get update && apt-get install -y --no-install-recommends \
        dbus-x11 && \
    apt-get clean

# Add contrib, default is only main
RUN sed -i 's/^Components:.*/Components: main contrib/g' /etc/apt/sources.list.d/debian.sources

# Add 32-bit arch for Steam libraries
RUN dpkg --add-architecture i386

# Install Steam
RUN apt-get update && apt-get install -y --no-install-recommends \
        steam-installer \
        pciutils && \
    apt-get clean

# Additional
# TODO: What is really needed?
RUN apt-get update && apt-get install -y --no-install-recommends \
        vulkan-tools \
        mesa-utils \
        x11-xserver-utils \
        libvulkan1 \
        mesa-vulkan-drivers && \
    apt-get clean

# TODO: Does `-storebeta` even work?
# https://developer.valvesoftware.com/wiki/Command_line_options_(Steam)
CMD ["/usr/games/steam", "-storebeta"]

To run the container:

xhost +
sudo docker run -it --name steam \
    -e XDG_RUNTIME_DIR=$XDG_RUNTIME_DIR \
    -e WAYLAND_DISPLAY=$WAYLAND_DISPLAY \
    -v $XDG_RUNTIME_DIR/$WAYLAND_DISPLAY:$XDG_RUNTIME_DIR/$WAYLAND_DISPLAY \
    -e DISPLAY=$DISPLAY \
    -v /tmp/.X11-unix:/tmp/.X11-unix \
    --privileged steam:trixie

(The --privileged part is only temporary until I found out which capabilities are actually needed. Please don't run your containers with --privileged.)

I get the GUI dialogs to download Steam just fine, so at least some display forwarding is working:

The installation works fine, but when starting Steam it seems like it's not able to find Vulkan devices and then doesn't open any Steam window. (The container is not stopping and I'm seeing repeated ./steamwebhelper output after this.)

[...]
Running query: 1 - GpuTopology
CVulkanTopology: failed create vulkan instance: -9
CVulkanTopology: failed to create vulkan instanceFailed to query vulkan gpu topology

Failed to query vulkan gpu topology
Response: 
Exit code: -2
[...]
Vulkan missing requested extension 'VK_KHR_surface'.
Vulkan missing requested extension 'VK_KHR_xlib_surface'.
BInit - Unable to initialize Vulkan!
[...]

However, Vulkan is clearly working fine in the container, as this commands displays the cube rendering just fine:

$ sudo docker exec -it steam vkcube
Selected WSI platform: xcb
Selected GPU 0: AMD Radeon RX 550 / 550 Series (RADV POLARIS12), type: DiscreteGpu

(I've also tried it on another (pure) Debian machine with a 2080Ti, but I've got the same issue.)

I've created other GUI containers in the past (Firefox for example) and didn't have these problems.

Does anybody have an idea and can point me in the right direction?

Debian 13:

$ uname -r
6.12.88+deb13-amd64

$ snap debug sandbox-features|grep confinement
confinement-options:  classic devmode

$ snap debug confinement
partial

$ aa-enabled
Yes

Ubuntu (24.04):

$ uname -r
6.8.0-117-generic

$ snap debug sandbox-features|grep confinement
confinement-options:  classic devmode strict

$ snap debug confinement
strict

$ aa-enabled
Yes

What does this mean, you ask? Well, basically every Snap package you thought was running isolated in it's own little sandbox were running unconfined the whole time. The prorpietary app you removed the :home connection from, so it wouldn't be able to access your home directory? Well, it could have exfiltrated all our private files in the meantime.

How is this not a bigger deal and how are Snaps ever to become mainstream when even today, more than 10 years after the introduction of snaps, you can't run them sandboxed on a huge portion of Linux distros?

Recently I've installed luci-app-banip on my OpenWrt router and blocked most countries from accessing my services on my network. Not seeing why I would want any of that traffic I also blocked the whole of the ARIN registry, responsible for IP addresses from Canada and the United States.
Edit: Note this is only for inbound traffic. Outbound traffic is allowed no matter the target country.

Fast forward a few weeks and my certbot renewals fail with the following error: Failed to renew certificate enter.domain.here with error: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Read timed out. (read timeout=45)

Confused af I start looking for solutions and as so often only find useless or completely ridiulous solutions (lowering my MTU to 1300, what? WHY?). Finally I find some enlighted figure that says they recently enabled a blocklist for certain countries and that was the issue for them.
Now I make the connection to my use of banIP, re-allow the USA and my cert renewals start working again. Hooray!

However, there are two things bothering me:

1. Why would such a block even interrupt my renewals? I'm using DNS challenges and the ACME servers should only check the DNS entries, not where those entries actually redirect to. The DNS server/root isn't in my home network, so isn't affected by any firewall shenanigans I do here.
2. How can I make an exception for the Let's Encrypt ACME servers while blocking the rest of the ARIN IP space?

I see there's the option for ASN selection and external allowlists:

Does anybody have an idea on how to configure this so that Let's Encrypt continues to work without compromising on my network security?

(Edit: And just for clarity, I do not live in the US or anywhere on the American continent.)

There are a ton of selfhosted bookmark syncing and managing solutions.
In addition to https://github.com/awesome-selfhosted/awesome-selfhosted#bookmarks-and-link-sharing I found these:

• Betula - https://sr.ht/~bouncepaw/betula/
• Link Portal - https://github.com/gkzz/link-portal
• Linkwallet - https://github.com/tardisx/linkwallet
• Nextcloud Bookmarks - https://apps.nextcloud.com/apps/bookmarks (Only makes sense when you've already set up Nextcloud)
• Postmarks - https://github.com/ckolderup/postmarks
• xBrowserSync - https://www.xbrowsersync.org/

I'm sure there are a ton more out there.

Basically all I want is to sync and somewhat categorize/tag bookmarks across my devices. Website archival, sharing and multi-user support is optional.

cross-posted from: https://feddit.org/post/28220728

https://archive.org/details/magipack-games-official-repository-0-9
https://archive.org/details/magipack-games-official-repository-a-f
https://archive.org/details/magipack-games-official-repository-g-k
https://archive.org/details/magipack-games-official-repository-l-p
https://archive.org/details/magipack-games-official-repository-q-u
https://archive.org/details/magipack-games-official-repository-v-z
https://archive.org/details/magipack-games-static-website
https://archive.org/details/magipack-games-torrent

All of the links above are down.
Their IA profile page is cleansed: https://archive.org/details/@magitompg

Message from MagitoMPG:

Let this be a lesson that the Internet Archive isn't a reliable ally in terms of game preservation.

P.S.: I still have a copy of MagiPack_Games_Torrent_Archive_28-July-2025 and MagiPack_Games_Static_28-July-2025.zip. Unfortunately I don't have the official torrent files or magnet links for these anymore or I'd make sure to seed them.

And if so, which distro and how is it?

I've just looked at some tutorials for Keycloak and Authentik and there's definitely a very steep learning curve for these two solutions. I feel like I need something a lot simpler to be able to fully grasp the concept.

What is the easiest solution for beginners to implement Sigle-Sign-On for their selfhosted services?

cross-posted from: https://feddit.org/post/27405929

Yesterday I found Interstellar which has this feature. I assume mainly because it is not only a Lemmy app, but also a PieFed one, which has this feature in the reference frontend (AFAIK).

Are there other Lemmy apps or frontends that support thread merging?

cross-posted from: https://feddit.org/post/27405929

Yesterday I found Interstellar which has this feature. I assume mainly because it is not only a Lemmy app, but also a PieFed one, which has this feature in the reference frontend (AFAIK).

Are there other Lemmy apps or frontends that support thread merging?

Yesterday I found Interstellar which has this feature. I assume mainly because it is not only a Lemmy app, but also a PieFed one, which has this feature in the reference frontend (AFAIK).

Are there other Lemmy apps or frontends that support thread merging?

Back in my teenage years I remember making music videos to my favorite songs in WMM. It didn't require any previous knowledge about cutting or other video editing tools. It was just simple and intuitive.

Is there an equivalent for Linux that's as easy as intuitive as WMM was? Something I could put in front of someone without previous knowlegde in editing and they could still wrap their heads around in just a few minutes?

(And please don't say Kdenlive. Have you ever tried to add a simple effect like blur to a part of a video? It's super cumbersome.)