exu

joined 1 year ago
MODERATOR OF
feditown
sorted by: new top controversial old
Thousands of hacked TP-Link routers used in years-long account takeover attacks in c/technology
[–] [email protected] 4 points 1 week ago

Mikrotik is great for features, but their UI definitely feels ancient and you will sometimes question why something takes this many steps.
However, I've never had an plan I couldn't replicate with their routers.

What can I do in other Linux distros that I can't do in Linux Mint Xfce? in c/[email protected]
[–] [email protected] 6 points 1 week ago

One could compile pacman and all the build tools if they really wanted to.

The Divine Dick in c/lemmyshitpost
[–] [email protected] 8 points 1 week ago (2 children)

God created both men and women in his image, so he must have biological gender traits from both.

Yeah but the one accessory she usually removed was the little swastika pin. in c/lemmyshitpost
[–] [email protected] 5 points 1 week ago (2 children)

Sometimes if they don't get it the second time or don't answer what I asked, I send the exact same email again.

She must be unhinged in c/lemmyshitpost
[–] [email protected] 6 points 1 week ago

"This play really sparked a fire in us, the whole building really"

Chinese researchers develop AI model for military use on back of Meta's Llama in c/world
[–] [email protected] 3 points 1 week ago

The whole issue here is that Llama is explicitly not open source, as it is licensed with usage restrictions.
This makes all this just a license dispute and China has no incentive to care.

The .io domain might be in trouble in c/technology
[–] [email protected] 31 points 1 week ago (8 children)

Because two letter TLDs are reserved for countries. They made the mistake already with .su

Apex Legends is taking away its support for the Steam Deck and Linux in c/games
[–] [email protected] 8 points 2 weeks ago

Deep Rock Galactic?

Zuckerberg: The AI Slop Will Continue Until Morale Improves in c/technology
[–] [email protected] 7 points 2 weeks ago

I don't think Zuckerberg has any good pictures of himself.

Tinkering and Stability in c/[email protected]
[–] [email protected] 2 points 2 weeks ago

fuck, stupid mobile

Tinkering and Stability in c/[email protected]
[–] [email protected] 2 points 2 weeks ago* (last edited 2 weeks ago) (2 children)

sudo rm -rf /boot /efi

Two women removed from BA flight ‘after altercation over Maga cap’ in c/world
[–] [email protected] 7 points 2 weeks ago (1 children)

I never knew Maga actual means something. Always thought it was some stupid they decided to use.

8
Aeroflot Deactivates Brakes on Nine Aircraft, Relies Solely on Reverse Thrust (aeroxplorer.com)
190
Tesla created secret team to suppress thousands of driving range complaints (www.reuters.com)
1
The Rise and Fall of Transaero Airlines and the Reassertion of the Russian State (docs.google.com)
 

Really interesting article about airlines, independent safety inspectors ans Russia

18
Documenting commands # or $ before sudo? (feditown.com)
 

This might be a stupid question, but hear me out.
I regularly document steps to install various software for myself on my wiki
More recently, I managed to use different custom text in the source markdown to prepend # and $ automatically, so commands can be copied more easily while still clarifying if it should be run as a normal user or as root.

Run command as user

$ some cool command

Run command as root/superuser with sudo

# some dangerous command

I usually remove and sudo and use the # prefix. However, in some cases, the sudo actually does something different that needs to be highlighted. For example, I might use it to execute a command as the user www-data

sudo -u www-data cp /var/www/html/html1 /var/www/html/html2

I often use $ as a prefix, but # would also make sense.
How would you prefix that line?

4
Gacharic Spin「MindSet」 (youtu.be)
 

Simply a fun song!

15
Where do reports go? (feditown.com)
 

If I report something on a remote community, where does the report go?

I know that as an instance admin, I'm getting a report. But do the moderators of the community and the server admins it is on also receive a report?

5
Lemmy.ml being hit hard (feditown.com)
 

8
GitHub Releases unavailable (feditown.com)
 

Anyone else having issues?

9
NixOS and my Descent into Insanity (ersei.net)
2
Office Laptop recommendations 700€ - 900€ (feditown.com)
 

I hope it's alright to post this question here. Please direct me to a more appropriate commuity if not.
Anyways, my sister's looking for a new laptop and I decided to lend my expertise. I've got a list of various requirements, but maybe some of them are too strict or I'm missing something.

Usage

  • Mostly office & webbrowser
  • Some light gaming (Minecraft, SWTOR, Drakensang)
  • Youtube playback in the background while gaming

Current laptop

HP Pavilion x360 - 14-ba070nz

Hard Requirements

Stuff that's absolutely required

  • Budget 700€ - 900€
  • 14" screen size
  • <1.6 kG weight
  • min. wifi 5 (802.11ac)
  • >250cd/m^2 display brightness
  • all-day battery life (>8h)
  • Windows 11 (I won't evangelize Linux to her)

Soft Requirements

Additional requirements I thought off, though I'm open to modifying those

  • >4 core CPU
  • 16GB RAM (Most laptops still come with 8GB. Is that ok for current year multitasking on Windows?)
  • >480GB storage (I'll have to check her current usage with her, maybe 256GB is fine?)
  • 2x USB-A ports
  • USB-C charging
  • HDMI/DP Port
  • internal GPU only (the games run okish on the old laptop already, so anything newer should also be better)

Some options

These are some options I found. I'd like to hear some thoughts/opinions on those. (links are to the UK site for english language, for prices I'm looking at the german site variant)

Thoughts, comments, experiences?

11
Lemmy setup with Ansible, Podman and external Nginx (feditown.com)
submitted 1 year ago* (last edited 1 year ago) by [email protected] to c/selfhosted
4 comments fedilink
 

Hello, I thought I'd share my own setup with Ansible.
Two motivations that played a factor here. First, I wanted to use Podman instead of Docker and second, I already have an Nginx Proxy that I wanted to use it. Lastly, I like managing my containers through systemd, which is very easy to do with Podman.
Tested on Debian 11, though it should work on most other distros as well.
Do look over the playbook, there might be some decisions you don't agree with. For example, the different directories I'm creating for the various containers. (I'm creating multiple directories under /mnt)
Other variables, mainly logins, are already modifyable using the Ansible vault file included here.

Requirements

  • A Server
  • SSH access to the server
  • Ansible Inventory file
  • Basic knowledge of Ansible
  • Basic knowledge of Nginx
  • SMTP server EDIT 2023-06-15

Setup

Vault file

I'll start with the vault file. Enter your values between the quotes. Explainations for most of them can be found in the lemmy.hjson config file.

Filename: vault.yml

Content of vault.yml

# postgres
var_postgres_user: ""
var_postgres_password: ""
# pictrs
var_pictrs_api_key: ""
# smtp (lemmy config)
var_smtp_server: ""
var_smtp_login: ""
var_smtp_password: ""
var_smtp_from: ""
var_smtp_tls: ""
# initial admin config
var_admin_username: ""
var_admin_password: ""
var_site_name: ""
var_admin_email: ""
# network settings
var_hostname: ""

Encrypt your file with this command.
$ ansible-vault encrypt vault.yml
You can also view or edit the file by replacing the encrypt keyword with view or edit respectively.

Lemmy config

Here's the lemmy config I used. It is mostly copied from the default config example, though a lot of the values have been replaced by the variables you just filled in above.
(btw, federation still does work with tls_enabled: true commented like this. As proof, I'm writing this post from my own instance set up this way)

Content of lemmy.hjson

{
  # settings related to the postgresql database
  database: {
    # Username to connect to postgres
    user: "{{ var_postgres_user }}"
    # Password to connect to postgres
    password: "{{ var_postgres_password }}"
    # Host where postgres is running
    host: "lemmy-db"
    # Port where postgres can be accessed
    port: 5432
    # Name of the postgres database for lemmy
    database: "lemmy"
    # Maximum number of active sql connections
    pool_size: 5
  }
  # Settings related to activitypub federation
  # Pictrs image server configuration.
  pictrs: {
    # Address where pictrs is available (for image hosting)
    url: "http://lemmy-pictrs:8080/"
    # Set a custom pictrs API key. ( Required for deleting images )
    api_key: "{{ var_pictrs_api_key }}"
  }
  # Email sending configuration. All options except login/password are mandatory
  email: {
    # Hostname and port of the smtp server
    smtp_server: "{{ var_smtp_server }}"
    # Login name for smtp server
    smtp_login: "{{ var_smtp_login }}"
    # Password to login to the smtp server
    smtp_password: "{{ var_smtp_password }}"
    # Address to send emails from, eg "[email protected]"
    smtp_from_address: "{{ var_smtp_from }}"
    # Whether or not smtp connections should use tls. Can be none, tls, or starttls
    tls_type: "{{ var_smtp_tls }}"
  }
  # Parameters for automatic configuration of new instance (only used at first start)
  setup: {
    # Username for the admin user
    admin_username: "{{ var_admin_username }}"
    # Password for the admin user. It must be at least 10 characters.
    admin_password: "{{ var_admin_password }}"
    # Name of the site (can be changed later)
    site_name: "{{ var_site_name }}"
    # Email for the admin user (optional, can be omitted and set later through the website)
    admin_email: "{{ var_admin_email }}"
  }
  # the domain name of your instance (mandatory)
  hostname: "{{ var_hostname }}"
  # Address where lemmy should listen for incoming requests
  bind: "0.0.0.0"
  # Port where lemmy should listen for incoming requests
  port: 8536
  # Whether the site is available over TLS. Needs to be true for federation to work.
  #tls_enabled: true
}

Ansible Playbook

Now a quick overview of my playbook:

  1. Installs podman
  2. The systemd service for running the podman pod will be stopped. EDIT: The error will now be caught and continue
  3. Create various directories
  4. Copy the lemmy configuration
  5. Create a podman network
  6. Create a podman pod
    • Port 1234 is for the Lemmy UI
    • Port 8536 is the Lemmy backend
  7. Create all the containers
  8. Generate the systemd service for the pod
  9. Enable the systemd service

And here's the Ansible playbook file.

Content of playbook.yml

***
- hosts: all
  become: yes
  become_method: sudo
  vars:
    var_lemmy_version: "0.17.4"
  tasks:
    - name: Install podman
      ansible.builtin.package:
        name:
          - podman
        state: latest

    - name: Stop lemmy pod if necessary
      block:
        - name: Stop systemd service
          ansible.builtin.systemd:
            name: pod-pod_lemmy
            state: stopped
      rescue:
        - name: Skip stopping systemd service
          ansible.builtin.debug:
            msg: "First time setup. Ignore the error above"

    - name: Create database directory
      ansible.builtin.file:
        path: /mnt/lemmy-db
        state: directory
        owner: root
        group: root

    - name: Create lemmy directory
      ansible.builtin.file:
        path: /mnt/lemmy-app
        state: directory
        owner: root
        group: root

    - name: Create pictrs directory
      ansible.builtin.file:
        path: /mnt/lemmy-pictrs
        state: directory
        owner: 991
        group: 991

    - name: Copy lemmy config file
      template:
        dest: /mnt/lemmy-app/lemmy.hjson
        src: ./lemmy.hjson

    - name: Create lemmy network
      containers.podman.podman_network:
        name: net_lemmy

    - name: Create lemmy pod
      containers.podman.podman_pod:
        name: pod_lemmy
        network:
          - net_lemmy
        publish:
          - "1234:1234" # lemmy-ui
          - "8536:8536" # lemmy-app

    - name: Create DB container
      containers.podman.podman_container:
        name: lemmy-db
        image: docker.io/postgres:15-alpine
        volume:
          - /mnt/lemmy-db:/var/lib/postgresql/data
        env:
          POSTGRES_USER: "{{ var_postgres_user }}"
          POSTGRES_PASSWORD: "{{ var_postgres_password }}"
          POSTGRES_DB: lemmy
        label:
          io.containers.autoupdate: image
        pod: "pod_lemmy"
        state: "created"

    - name: Create pictrs container
      containers.podman.podman_container:
        name: lemmy-pictrs
        image: docker.io/asonix/pictrs:0.3.1
        #entrypoint: "/sbin/tini -- /usr/local/bin/pict-rs -p /mnt -m 4 --image-format webp"
        # flags: https://git.asonix.dog/asonix/pict-rs/src/tag/v0.3.1
        command: "/usr/local/bin/pict-rs -p /mnt -m 4 --image-format webp"
        user: 991:991
        volume:
          - /mnt/lemmy-pictrs:/mnt
        env:
          PICTRS__API_KEY: "{{ var_pictrs_api_key }}"
        label:
          io.containers.autoupdate: image
        pod: "pod_lemmy"
        state: "created"

    - name: Create lemmy container
      containers.podman.podman_container:
        name: lemmy-app
        image: docker.io/dessalines/lemmy:{{ var_lemmy_version }}
        volume:
          - /mnt/lemmy-app/lemmy.hjson:/config/config.hjson
        interactive: true
        tty: true
        env:
          RUST_LOG: "warn,lemmy_server=info,lemmy_api=info,lemmy_api_common=info,lemmy_api_crud=info,lemmy_apub=info,lemmy_db_schema=info,lemmy_db_views=info,lemmy_db_views_actor=info,lemmy_db_views_moderator=info,lemmy_routes=info,lemmy_utils=info,lemmy_websocket=info"
        #requires:
        #  - lemmy-db
        #  - lemmy-pictrs
        label:
          io.containers.autoupdate: image
        pod: "pod_lemmy"
        state: "created"

    - name: Create lemmy-ui container
      containers.podman.podman_container:
        name: lemmy-ui
        image: docker.io/dessalines/lemmy-ui:{{ var_lemmy_version }}
        env:
          # this needs to match the hostname defined in the lemmy service
          LEMMY_UI_LEMMY_INTERNAL_HOST: "lemmy-app:8536"
          # set the outside hostname here
          #LEMMY_UI_LEMMY_EXTERNAL_HOST: "{{ var_hostname }}"
          LEMMY_UI_LEMMY_EXTERNAL_HOST: "{{ ansible_default_ipv4.address }}:1234"
          #LEMMY_HTTPS: true
        #requires:
        #  - lemmy-app
        label:
          io.containers.autoupdate: image
        pod: "pod_lemmy"
        state: "created"

    - name: Create systemd service
      containers.podman.podman_generate_systemd:
        name: pod_lemmy
        new: true
        dest: /etc/systemd/system/

    - name: Enable lemmy pod
      ansible.builtin.systemd:
        daemon_reload: true
        name: pod-pod_lemmy
        enabled: true
        state: started

Run the playbook with this command.
$ ansible-playbook -i inventory.yml -e @vault.yml --ask-vault-pass playbook.yml -K
You will be prompted for the sudo password and the password you set for your encrypted vault.
If you authenticate to ssh using a password, add -k to the above command and you'll be prompted for that as well.

There's a character limit on posts, so I'll put the rest as a comment below.

view more: ‹ prev next ›