deddit.petersanchez.com

Anyone running Sandstorm?
from verstra@programming.dev to selfhosted@lemmy.world on 10 Sep 15:32
https://programming.dev/post/37207862

Is anyone here running Sandstorm? If yes, what’s your experience?

I really like the idea of “grains” where an instance of the app runs for each document/project/unit of data your app has. It does improve security a lot, because it is very similar as running root-less docker.

I also like the unified auth and user management sandstorm provides.

#selfhosted

threaded - newest

y0kai@anarchist.nexus on 10 Sep 15:45 next collapse

I ran it for about 7 and a half minutes earlier. It's a little slow to start but once I got used to the rhythm of things I really started to understand why it's so popular.

Overall, I'd say I'm a fan.

https://youtu.be/5Rk8u2FTaG0

underline960@sh.itjust.works on 10 Sep 17:50 collapse

Came looking for this comment and was not disappointed.

HelloRoot@lemy.lol on 10 Sep 16:00 next collapse

I prefer dokploy and having full control over each aspect (like auth, backups and routing).

But this looks nice for when you don’t care and just want to use it as it is provided.

verstra@programming.dev on 10 Sep 16:13 collapse

The revolutionary thing about sandstorm is not all that much about administering hosting as it is about integrating deeply with applications.

HelloRoot@lemy.lol on 10 Sep 19:00 collapse

I don’t get that part. Can you explain it please?

Dokploy has a list of hundreds of “templates” where you basically one click install a working docker container with said app. But there is no deeper integration.

Is sandstorm different somehow?

verstra@programming.dev on 11 Sep 07:53 collapse

For example, ether pad (document editor) is a) packaged to be single-click deployable on sandstorm (this is similar to dokploy), but also b) modified so that it runs each document as a “grain”.

In sandstorm, “grain” is some chunk of data + an instance of the app running. So when you open a document, it will spawn a new process for it on the server and attach the data needed to that process (similar to how you would attach volumes to docker containers). This grain is isolated from other open documents, which is good for security, but also good for development:

apps don’t need to handle the organization or storage of documents (they just write to a dir and sandstorm associates it with the grain),
apps don’t need to handle user auth or permissions,

amp@sh.itjust.works on 11 Sep 05:20 next collapse

I used it for a project once. It is good, but make sure you have tested backup and restore (from scratch) before you need it. I found that to be a bit more problematic than usual server business. (but that was 6 years ago)

thelittleblackbird@lemmy.world on 11 Sep 06:34 collapse

If I get it correctly, this is a kind of kasm but only for the local user, right?

verstra@programming.dev on 11 Sep 07:56 collapse

I wouldn’t say so - it’s not streaming app views from the server, it provides containers for apps, segmented into “grains”. So each open document gets it’s own container. Other than that, it’s just normal web apps (like immich or seafile).

thelittleblackbird@lemmy.world on 11 Sep 17:16 collapse

OK, it is clearer now, thanks