cross-posted from: https://feddit.org/post/30198502

System:

Debian 13 KDE (actually MX Linux, but doesn't seem to matter)  
Wayland (xwayland installed as well)  
Docker 29.5.2

Dockerfile:

FROM debian:trixie

ENV DEBIAN_FRONTEND=noninteractive
ENV LANG=en_US.UTF-8
ENV LANGUAGE=en_US:en
ENV LC_ALL=en_US.UTF-8

# Set locale
RUN apt-get update && apt-get install -y --no-install-recommends \
        locales && \
    apt-get clean && \
    sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen && \
    locale-gen

# Install Wayland-specific packages
RUN apt-get update && apt-get install -y --no-install-recommends \
        dbus \
        libwayland-client0 \
        libwayland-egl1 && \
    apt-get clean

# Install X-specific packages
RUN apt-get update && apt-get install -y --no-install-recommends \
        dbus-x11 && \
    apt-get clean

# Add contrib, default is only main
RUN sed -i 's/^Components:.*/Components: main contrib/g' /etc/apt/sources.list.d/debian.sources

# Add 32-bit arch for Steam libraries
RUN dpkg --add-architecture i386

# Install Steam
RUN apt-get update && apt-get install -y --no-install-recommends \
        steam-installer \
        pciutils && \
    apt-get clean

# Additional
# TODO: What is really needed?
RUN apt-get update && apt-get install -y --no-install-recommends \
        vulkan-tools \
        mesa-utils \
        x11-xserver-utils \
        libvulkan1 \
        mesa-vulkan-drivers && \
    apt-get clean

# TODO: Does `-storebeta` even work?
# https://developer.valvesoftware.com/wiki/Command_line_options_(Steam)
CMD ["/usr/games/steam", "-storebeta"]

To run the container:

xhost +
sudo docker run -it --name steam \
    -e XDG_RUNTIME_DIR=$XDG_RUNTIME_DIR \
    -e WAYLAND_DISPLAY=$WAYLAND_DISPLAY \
    -v $XDG_RUNTIME_DIR/$WAYLAND_DISPLAY:$XDG_RUNTIME_DIR/$WAYLAND_DISPLAY \
    -e DISPLAY=$DISPLAY \
    -v /tmp/.X11-unix:/tmp/.X11-unix \
    --privileged steam:trixie

(The --privileged part is only temporary until I found out which capabilities are actually needed. Please don't run your containers with --privileged.)

I get the GUI dialogs to download Steam just fine, so at least some display forwarding is working:

The installation works fine, but when starting Steam it seems like it's not able to find Vulkan devices and then doesn't open any Steam window. (The container is not stopping and I'm seeing repeated ./steamwebhelper output after this.)

[...]
Running query: 1 - GpuTopology
CVulkanTopology: failed create vulkan instance: -9
CVulkanTopology: failed to create vulkan instanceFailed to query vulkan gpu topology

Failed to query vulkan gpu topology
Response: 
Exit code: -2
[...]
Vulkan missing requested extension 'VK_KHR_surface'.
Vulkan missing requested extension 'VK_KHR_xlib_surface'.
BInit - Unable to initialize Vulkan!
[...]

However, Vulkan is clearly working fine in the container, as this commands displays the cube rendering just fine:

$ sudo docker exec -it steam vkcube
Selected WSI platform: xcb
Selected GPU 0: AMD Radeon RX 550 / 550 Series (RADV POLARIS12), type: DiscreteGpu

(I've also tried it on another (pure) Debian machine with a 2080Ti, but I've got the same issue.)

I've created other GUI containers in the past (Firefox for example) and didn't have these problems.

Does anybody have an idea and can point me in the right direction?

cross-posted from: https://feddit.org/post/30198502

System:

Debian 13 KDE (actually MX Linux, but doesn't seem to matter)  
Wayland (xwayland installed as well)  
Docker 29.5.2

Dockerfile:

FROM debian:trixie

ENV DEBIAN_FRONTEND=noninteractive
ENV LANG=en_US.UTF-8
ENV LANGUAGE=en_US:en
ENV LC_ALL=en_US.UTF-8

# Set locale
RUN apt-get update && apt-get install -y --no-install-recommends \
        locales && \
    apt-get clean && \
    sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen && \
    locale-gen

# Install Wayland-specific packages
RUN apt-get update && apt-get install -y --no-install-recommends \
        dbus \
        libwayland-client0 \
        libwayland-egl1 && \
    apt-get clean

# Install X-specific packages
RUN apt-get update && apt-get install -y --no-install-recommends \
        dbus-x11 && \
    apt-get clean

# Add contrib, default is only main
RUN sed -i 's/^Components:.*/Components: main contrib/g' /etc/apt/sources.list.d/debian.sources

# Add 32-bit arch for Steam libraries
RUN dpkg --add-architecture i386

# Install Steam
RUN apt-get update && apt-get install -y --no-install-recommends \
        steam-installer \
        pciutils && \
    apt-get clean

# Additional
# TODO: What is really needed?
RUN apt-get update && apt-get install -y --no-install-recommends \
        vulkan-tools \
        mesa-utils \
        x11-xserver-utils \
        libvulkan1 \
        mesa-vulkan-drivers && \
    apt-get clean

# TODO: Does `-storebeta` even work?
# https://developer.valvesoftware.com/wiki/Command_line_options_(Steam)
CMD ["/usr/games/steam", "-storebeta"]

To run the container:

xhost +
sudo docker run -it --name steam \
    -e XDG_RUNTIME_DIR=$XDG_RUNTIME_DIR \
    -e WAYLAND_DISPLAY=$WAYLAND_DISPLAY \
    -v $XDG_RUNTIME_DIR/$WAYLAND_DISPLAY:$XDG_RUNTIME_DIR/$WAYLAND_DISPLAY \
    -e DISPLAY=$DISPLAY \
    -v /tmp/.X11-unix:/tmp/.X11-unix \
    --privileged steam:trixie

(The --privileged part is only temporary until I found out which capabilities are actually needed. Please don't run your containers with --privileged.)

I get the GUI dialogs to download Steam just fine, so at least some display forwarding is working:

The installation works fine, but when starting Steam it seems like it's not able to find Vulkan devices and then doesn't open any Steam window. (The container is not stopping and I'm seeing repeated ./steamwebhelper output after this.)

[...]
Running query: 1 - GpuTopology
CVulkanTopology: failed create vulkan instance: -9
CVulkanTopology: failed to create vulkan instanceFailed to query vulkan gpu topology

Failed to query vulkan gpu topology
Response: 
Exit code: -2
[...]
Vulkan missing requested extension 'VK_KHR_surface'.
Vulkan missing requested extension 'VK_KHR_xlib_surface'.
BInit - Unable to initialize Vulkan!
[...]

However, Vulkan is clearly working fine in the container, as this commands displays the cube rendering just fine:

$ sudo docker exec -it steam vkcube
Selected WSI platform: xcb
Selected GPU 0: AMD Radeon RX 550 / 550 Series (RADV POLARIS12), type: DiscreteGpu

(I've also tried it on another (pure) Debian machine with a 2080Ti, but I've got the same issue.)

I've created other GUI containers in the past (Firefox for example) and didn't have these problems.

Does anybody have an idea and can point me in the right direction?

System:

Debian 13 KDE (actually MX Linux, but doesn't seem to matter)  
Wayland (xwayland installed as well)  
Docker 29.5.2

Dockerfile:

FROM debian:trixie

ENV DEBIAN_FRONTEND=noninteractive
ENV LANG=en_US.UTF-8
ENV LANGUAGE=en_US:en
ENV LC_ALL=en_US.UTF-8

# Set locale
RUN apt-get update && apt-get install -y --no-install-recommends \
        locales && \
    apt-get clean && \
    sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen && \
    locale-gen

# Install Wayland-specific packages
RUN apt-get update && apt-get install -y --no-install-recommends \
        dbus \
        libwayland-client0 \
        libwayland-egl1 && \
    apt-get clean

# Install X-specific packages
RUN apt-get update && apt-get install -y --no-install-recommends \
        dbus-x11 && \
    apt-get clean

# Add contrib, default is only main
RUN sed -i 's/^Components:.*/Components: main contrib/g' /etc/apt/sources.list.d/debian.sources

# Add 32-bit arch for Steam libraries
RUN dpkg --add-architecture i386

# Install Steam
RUN apt-get update && apt-get install -y --no-install-recommends \
        steam-installer \
        pciutils && \
    apt-get clean

# Additional
# TODO: What is really needed?
RUN apt-get update && apt-get install -y --no-install-recommends \
        vulkan-tools \
        mesa-utils \
        x11-xserver-utils \
        libvulkan1 \
        mesa-vulkan-drivers && \
    apt-get clean

# TODO: Does `-storebeta` even work?
# https://developer.valvesoftware.com/wiki/Command_line_options_(Steam)
CMD ["/usr/games/steam", "-storebeta"]

To run the container:

xhost +
sudo docker run -it --name steam \
    -e XDG_RUNTIME_DIR=$XDG_RUNTIME_DIR \
    -e WAYLAND_DISPLAY=$WAYLAND_DISPLAY \
    -v $XDG_RUNTIME_DIR/$WAYLAND_DISPLAY:$XDG_RUNTIME_DIR/$WAYLAND_DISPLAY \
    -e DISPLAY=$DISPLAY \
    -v /tmp/.X11-unix:/tmp/.X11-unix \
    --privileged steam:trixie

(The --privileged part is only temporary until I found out which capabilities are actually needed. Please don't run your containers with --privileged.)

I get the GUI dialogs to download Steam just fine, so at least some display forwarding is working:

The installation works fine, but when starting Steam it seems like it's not able to find Vulkan devices and then doesn't open any Steam window. (The container is not stopping and I'm seeing repeated ./steamwebhelper output after this.)

[...]
Running query: 1 - GpuTopology
CVulkanTopology: failed create vulkan instance: -9
CVulkanTopology: failed to create vulkan instanceFailed to query vulkan gpu topology

Failed to query vulkan gpu topology
Response: 
Exit code: -2
[...]
Vulkan missing requested extension 'VK_KHR_surface'.
Vulkan missing requested extension 'VK_KHR_xlib_surface'.
BInit - Unable to initialize Vulkan!
[...]

However, Vulkan is clearly working fine in the container, as this commands displays the cube rendering just fine:

$ sudo docker exec -it steam vkcube
Selected WSI platform: xcb
Selected GPU 0: AMD Radeon RX 550 / 550 Series (RADV POLARIS12), type: DiscreteGpu

(I've also tried it on another (pure) Debian machine with a 2080Ti, but I've got the same issue.)

I've created other GUI containers in the past (Firefox for example) and didn't have these problems.

Does anybody have an idea and can point me in the right direction?

https://github.com/9p4/jellyfin-plugin-sso

This repository was archived by the owner on May 12, 2026. It is now read-only.

Project archived because I'm tired of working on this after all the years.

Debian 13:

$ uname -r
6.12.88+deb13-amd64

$ snap debug sandbox-features|grep confinement
confinement-options:  classic devmode

$ snap debug confinement
partial

$ aa-enabled
Yes

Ubuntu (24.04):

$ uname -r
6.8.0-117-generic

$ snap debug sandbox-features|grep confinement
confinement-options:  classic devmode strict

$ snap debug confinement
strict

$ aa-enabled
Yes

What does this mean, you ask? Well, basically every Snap package you thought was running isolated in it's own little sandbox were running unconfined the whole time. The prorpietary app you removed the :home connection from, so it wouldn't be able to access your home directory? Well, it could have exfiltrated all our private files in the meantime.

How is this not a bigger deal and how are Snaps ever to become mainstream when even today, more than 10 years after the introduction of snaps, you can't run them sandboxed on a huge portion of Linux distros?

Recently I've installed luci-app-banip on my OpenWrt router and blocked most countries from accessing my services on my network. Not seeing why I would want any of that traffic I also blocked the whole of the ARIN registry, responsible for IP addresses from Canada and the United States.
Edit: Note this is only for inbound traffic. Outbound traffic is allowed no matter the target country.

Fast forward a few weeks and my certbot renewals fail with the following error: Failed to renew certificate enter.domain.here with error: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Read timed out. (read timeout=45)

Confused af I start looking for solutions and as so often only find useless or completely ridiulous solutions (lowering my MTU to 1300, what? WHY?). Finally I find some enlighted figure that says they recently enabled a blocklist for certain countries and that was the issue for them.
Now I make the connection to my use of banIP, re-allow the USA and my cert renewals start working again. Hooray!

However, there are two things bothering me:

1. Why would such a block even interrupt my renewals? I'm using DNS challenges and the ACME servers should only check the DNS entries, not where those entries actually redirect to. The DNS server/root isn't in my home network, so isn't affected by any firewall shenanigans I do here.
2. How can I make an exception for the Let's Encrypt ACME servers while blocking the rest of the ARIN IP space?

I see there's the option for ASN selection and external allowlists:

Does anybody have an idea on how to configure this so that Let's Encrypt continues to work without compromising on my network security?

(Edit: And just for clarity, I do not live in the US or anywhere on the American continent.)

On my Kubuntu 24.04 system I've replaced the Firefox snap package with the proper apt one from Mozilla (https://support.mozilla.org/en-US/kb/install-firefox-linux#w_install-firefox-deb-package-for-debian-based-distributions).
I've done this previously on 22.04, but on do-release-upgrade to 24.04 it got undone and I had to manually set things right again. With the upcoming 26.04 release I'm wondering if there's a way to tell do-release-upgrade to leave my installed *.deb packages on my system and not overwrite them with their snap counterpart?

There are a ton of selfhosted bookmark syncing and managing solutions.
In addition to https://github.com/awesome-selfhosted/awesome-selfhosted#bookmarks-and-link-sharing I found these:

• Betula - https://sr.ht/~bouncepaw/betula/
• Linkwallet - https://github.com/tardisx/linkwallet
• Nextcloud Bookmarks - https://apps.nextcloud.com/apps/bookmarks (Only makes sense when you've already set up Nextcloud)
• Postmarks - https://github.com/ckolderup/postmarks
• xBrowserSync - https://www.xbrowsersync.org/

I'm sure there are a ton more out there.

Basically all I want is to sync and somewhat categorize/tag bookmarks across my devices. Website archival, sharing and multi-user support is optional.

Going by GitHub stars I guess using Floccus with LinkWarden or Karakeep is the way to go?

Nachdem es ja in der Vergangenheit bereits eine Diskussion zum Stand von dbzer0 gegenüber feddit.org gab (Link), hat man in der Zwischenzeit feddit.org wohl komplett deföderiert (zu sehen hier bei "Blocked instances").
Mir selbst ist es eben erst aufgefallen, als ich in ![email protected] einen Post erstellen wollte, bzw. erstellt habe und dann gesehen habe, dass der letzte Post vor meinem in dieser sonst so aktiven Community vor sieben Tagen geschehen sein soll.

Mich persönlich fuckt das ganze riesig ab, da ich a) nicht der Meinung bin, dass die Vorwürfe gerechtfertigt sind und b) die dbzer0-Instanz einer der Gründe war, weswegen ich überhaupt erst ins Lemmyverse gekommen bin. Dass ich mir hierfür jetzt eigentlich einen Zweitaccount anlegen müsste, während kaum ein Lemmy-Client Multi-Account-Support hat, macht es leider auch nicht besser.

Gibt es irgendwas, was man diesbzgl. als feddit.org-Team versuchen könnte? (Will das Team das überhaupt?)

And if so, which distro and how is it?

I've just looked at some tutorials for Keycloak and Authentik and there's definitely a very steep learning curve for these two solutions. I feel like I need something a lot simpler to be able to fully grasp the concept.

What is the easiest solution for beginners to implement Sigle-Sign-On for their selfhosted services?

cross-posted from: https://feddit.org/post/27405929

Yesterday I found Interstellar which has this feature. I assume mainly because it is not only a Lemmy app, but also a PieFed one, which has this feature in the reference frontend (AFAIK).

Are there other Lemmy apps or frontends that support thread merging?

Cross posted from: https://feddit.org/post/27405929

Yesterday I found Interstellar which has this feature. I assume mainly because it is not only a Lemmy app, but also a PieFed one, which has this feature in the reference frontend (AFAIK).

Are there other Lemmy apps or frontends that support thread merging?

cross-posted from: https://feddit.org/post/27405929

Yesterday I found Interstellar which has this feature. I assume mainly because it is not only a Lemmy app, but also a PieFed one, which has this feature in the reference frontend (AFAIK).

Are there other Lemmy apps or frontends that support thread merging?