I share your disdain for buzzwords but SRE is definitely a different role.

Could you tell me more about the playwright tests? From what I can see it's a web testing framework, I don't see how that fits in here.

Ah you’re right. I should’ve been more clear.

I’m deploying on my server and it self hosts 10 or so services. Like Nextcloud and Vaultwarden. The playwright tests are to test those. It’s pretty basic like just checking I can create a user and still login. But it still caught a few regressions. And they’re still WIP. I’m getting close to being able to validate the LLDAP + Authelia config works too. It’s particularly useful in conjunction with automatically running flake update in CI. So all inputs get updated on a schedule and the tests give some level of guarantee that my server won’t break. It’s essentially QA tests automated.

This link shows what the playwright tests look like. They are parametrized on the service to test so I’m sure I’m testing the same functionality every time. https://github.com/ibizaman/selfhostblocks/blob/c2148eda7704...

Ah got it, thanks. I thought you were testing the image somehow, a bit like inspec.

Still cool though, nice.

> My CI server uses Firecracker VM's to isolate OCI containers

Is this something you built yourself? I've been looking for a CI tool that uses Firecracker but never found anything, I started building something myself but it never really got finished. Would love to drop that project and use something off the shelf.

I'm obviously biased here but this is what we do at blacksmith dot sh. We run you GitHub Actions on consumer grade desktop CPUs with high single core performance, all inside ephemeral Firecracker VMs. Give us a shot!

BuildBuddy. Google it.

It's totally next level. My build is 70 crates, hundreds of unit tests, integration tests, multi platform docker images for two platforms, and everything is done in under 2 minutes, if it's slow(!). If I hit only an incremental change, build is completed within 30 seconds.

The future is now!

Consul is built upon the Serf library. https://www.serf.io/intro/vs-consul.html

Yes, the article did.

Framework has open sourced the EC firmware, not the boot firmware. The UEFI implementation is still closed source proprietary InsydeH2O software.

Yes, but at least they're making soothing noises about going in that direction. Here's notes on coreboot work: https://community.frame.work/t/responded-coreboot-on-the-fra...

The chromebook variant already runs coreboot, with all changes upstreamed: https://frame.work/blog/introducing-the-framework-laptop-chr...

Hashicorp's Vault works quite nicely. Teleport is another tool I believe handles this but haven't used it personally.

Fargate on EC2? Sorry you’ve lost me, I understood Fargate to be a layer of AWS managed compute for ECS or EKS deliberately instead of EC2.

https://lumigo.io/blog/comparing-amazon-ecs-launch-types-ec2... You can now specify your launch type to be an ec2 instance. This has the benefit of lower cost but you are responsible for managing the instances ex: security patches, etc.

Right, running ECS on EC2, not Fargate on EC2. When ECS launched it only had the EC2 launch type (where as you said you must manage your machines). Fargate then came along for both ECS and EKS where Amazon managed the machines for you.

I would imagine so the default behaviour could be identical across platforms.

What are you looking at for a Vault replacement?

Vault will be last on my list to replace. It's boring and it works and it's integration with K8s is actually much better than it's integration with Nomad.

Eventually though, I'd like to move to AWS Secrets Manager.

I agree that it’s boring and works well. It’s also what I’m most worried about finding a reasonable alternative, we can’t just not update Vault.

Sadly Secrets Manager doesn’t hit all the features I need. Really hoping for an OpenTF-style fork of Vault.