chameleon

PUID is indeed handled inside the container itself, it’ll run a container-provided script as whatever the container’s UID 0 happens to be first which then drops to whatever $PUID happens to be inside the container. user= is enforced by Podman itself before the container starts, but Podman will still run as root in that setup. That means Podman is running “rootful”, while if you started the container manually as $uid using the regular Podman CLI, it would be “rootless”. That is a major difference in a lot of respects, including security, and you can find quite a bit of documentation on the differences between those operating modes online; it wouldn’t fit in a comment. Rootless is generally considered the better mode, though there are some things that still require a rootful container.

In the upcoming NixOS 25.05 or current unstable, there are some tools you can use to run containers rootless as another user more easily using a new $name.podman.user = ""; setting. From what I understand they’ll still be root-managed systemd system services that require sudo to operate, but that means privileges get dropped by systemd before running Podman, instead of dropped by Podman before running the container. This stuff is recent and I haven’t used it, I just happen to know it exists, relevant nixpkgs commit if you wanna dig into it yourself: https://github.com/NixOS/nixpkgs/commit/7d443d378b07ad55686e9ba68faf16802c030025

FWIW, your domain will most likely eventually get used by spammers and then it’ll be an endless string of somewhat expected but unpredictable failures from there on onwards, with no actions you can take to reduce it. It’s good to keep an eye on what comes in but I wouldn’t invest too much effort into failure alerting.

My crappy electric Philips toothbrush from the internet of shit era. If you press the single button it has slightly wrong it goes into some Bluetooth pairing mode or whatever that you can’t take it out of until it gives up 2 minutes later.

On the other hand, Wikipedia doesn’t allow original research and discourages primary sources while that’s very much part of what a journalist is expected to do; they write the secondary sources Wikipedia runs on. It’s a much harder job to discover and vet primary sources.

There are both dumps with full history and ones that are just the current set of articles. The full dump happens once a month on the 1st, but will often take ~2 weeks to run to completion, so you probably have to look back to the April 1 2025 dump for those. The metawiki dumps page has all the info.

Darts. World champion level stuff is vaguely watchable but remove the announcer/referee’s energy and it’s like a bad sitcom with the laugh track removed. I was brought to a tournament as a kid and I’ve never been in a room where everyone was that level of bored watching random people throw a fifty or whatever for hours on end.