chris

Nice. I'll check those out.

I realize I sound AI AF.

Welcome to the world of Linux. Check out Fedora Kinoite. Here's how they're similar:

✅ It's immutable -- core OS files are read only. Just like the SteamDeck, this is more stable and secure. Updates happen all at once and the entire system can be rolled back to a working configuration ("snapshot") if it all goes south.

✅ Applications are containerized and installed via a software store. Flatpak via Flathub is my personal preference, here.

✅ It uses the KDE Plasma desktop environment. In Linux there are a handful of DEs to choose from. The SD uses KDE and so does Kinoite. This is probably where you'll see most similarities (that Windows '95 feel).

✅ Fedora's community, like the SD, is large. Got a problem? There's probably someone on the forums who had the same issue and can provide a solution.

I've been running it exclusively for two years now. As a self proclaimed distro-hopper, that's really remarkable.

https://fedoraproject.org/atomic-desktops/kinoite/

I can only speak to my own personal experience: Fedora and Suse are doing the best, especially with immutable distributions.

Hochul’s wait-and-see approach on Mamdani came after the Queens assemblyman bested former Gov. Andrew Cuomo in Tuesday’s Democratic mayoral primary – sending shockwaves across the nation and prompting soul-searching among moderate members of the party over its leftward drift.

No soul found here, apparently.

How'd it work out?

I mean in terms of hijacking DNS. Might be worth a look.

It runs quite well; Docker's not a full fledged virtual machine so much as a virtualization layer. I also love the portability of running this in Docker. I rsync a backup of this and the Appdata folder every night. When or if this server fails, I can be up and running again in minutes on another machine.

Is your ISP interfering?

services:

  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    hostname: sheldon
    environment:
      HOST_CONTAINERNAME: pihole
      TZ: ${TZ}
      WEBPASSWORD: ${WEBPASSWORD}
      DNSMASQ_LISTENING: "all"
      PIHOLE_DNS_1: "unbound#53"
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "67:67/udp" # Only required if you are using Pi-hole as your DHCP server
      - "8080:80/tcp"
    # network_mode: host
    dns:
      - 127.0.0.1
    networks:
      dns:
        ipv4_address: 172.22.0.2
    volumes:
      - /mnt/appdata/pihole/etc-pihole:/etc/pihole
      - /mnt/appdata/pihole/etc-dnsmasq.d:/etc/dnsmasq.d
    restart: unless-stopped
    depends_on:
      unbound:
        condition: service_healthy

  unbound:
    container_name: unbound
    image: klutchell/unbound:latest
    networks:
      dns:
        ipv4_address: 172.22.0.3
    volumes:
      - /mnt/appdata/unbound:/opt/unbound/etc/unbound/custom
    restart: unless-stopped
    healthcheck:
      test: ["CMD", "dig", "google.com", "@127.0.0.1"]
      interval: 10s
      timeout: 5s
      retries: 5

  wg-easy:
    container_name: wg-easy
    image: ghcr.io/wg-easy/wg-easy:15
    ports:
      - "51820:51820/udp"
      - "51821:51821/tcp"
    # environment:
    #   TZ: ${TZ}
    #   LANG: en
    #   WG_HOST: ${WG_HOST}
    #   PASSWORD_HASH: ${PASSWORD_HASH}
    #   WG_DEFAULT_DNS: 172.22.0.2
    #   WG_MTU: 1420
    networks:
      dns:
        ipv4_address: 172.22.0.4
    volumes:
      - /mnt/appdata/wg-easy:/etc/wireguard
      - /lib/modules:/lib/modules:ro
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    sysctls:
      - net.ipv4.ip_forward=1
      - net.ipv4.conf.all.src_valid_mark=1
      - net.ipv6.conf.all.disable_ipv6=0
      - net.ipv6.conf.all.forwarding=1
      - net.ipv6.conf.default.forwarding=1
    restart: unless-stopped

networks:
  dns:
    external: true

Feel free to just delete the wg-easy service.

Very well could be!