> found myself rolling out Yoink

- using Tailscale SSH is brilliant

- using caddy-docker-proxy for ingress is brilliant

What do you use for:

- service discovery

- secret store (EDIT: Crap you use Infisical. No shade, I just have this horrible foreboding it will end up like Hashicorp. I use Conjur Secretless Broker but am tracking: https://news.ycombinator.com/item?id=47903690)

- backing up and restoring state like in a DB

PS: Have you been having issues with Hetzner the last few weeks?

▲

oddurmagnusson 4 days ago | parent [-]

Service discovery is basically just Docker's internal DNS. Caddy-docker-proxy can use it to find healthy upstreams.

For secrets, I self-host Infisical on the box -- easy to plug in whatever secret manager, should make it pair nicely with https://github.com/tellerops/teller or something similar

Had no problems with Hertzner so far, just enjoying the raw CPU power of bare metal. The plan is to roll out more boxes across different providers, using Tailscale for the backplane network and Cloudflare to load-balance between them. All in due time What issues have you been having ?

	▲	subhobroto 4 days ago \| parent [-]
		I have a suspicion you're using Headscale? If so, I urge you to consider Ionscale. I use it with Authentik as the IdP. Personally commiting to using Tailscale as a core foundation of my infrastructure and Ionscale is my hedge against getting Hashicorped. > Service discovery is basically just Docker's internal DNS. Caddy-docker-proxy can use it to find healthy upstreams Do you have a writeup of this somewhere? I'm unaware of being able to manage Docker's internal DNS over some kind of an API (would appreciate if you know a way to). The only way I know is to manipulate network aliases via Docker Engine API. As a result I use Hickory DNS with RFC 2136. That coupled with Caddy-docker-proxy gets me extremely close.