sudneo

Do you use just plain bash to script it? I saw that there is a Terraform provider and that looks actually interesting to me basically similar functionality to proxmox, but less software.

That is part of my bootstrap ansible playbook, which in addition to create user, setting key, etc., will definitely disable root and password login, enable max tries and setup f2b. I am not necessarily afraid of exposing ssh to the internet (it is a service designed for it), but I drastically reduce the risk this way. I am thinking of also changing port to simply get less logs.

Yeah, probably this is the way I will go, to be honest. I just wanted to bounce some ideas in case I was missing out on some other technology, and a few people mentioned some stacks in this threat which are pretty obscure to me, so nice to look into them and compare!

Good point, I don't have any advanced use case, except maybe some slightly more complex network setup. Probably this is achievable with KVM too (and/or some firewall-fu). I would like to have fully IaC, so I don't have to click through guis, so the availability of Terraform providers might be a dealbreaker (which I didn't look yet for Proxmox, for example).

I will have a look! I know xenserver, but I have very little experience with it, I will check xcp-ng out!

Absolutely nothing wrong with proxmox, I am just exploring a bit (in fact, I did not look at terraform providers for it...)

I have some research to do, I have never heard of that!

Yeah that is true, but at the same time I always felt a bit uncomfortable with using a VM which shares resources with who knows what else. I also like the idea of having for example one VM acting as VPN, firewall, rev proxy, while other VMs behind that do not have internet connection at all (inbound). It is somewhat achievable even with VPSs, but it's more complex IMO.

I am conflicted though, and I did consider VPSs to be clear.

Oh so it's not only me. 15 minutes of video, 3 ads, to get some information that I cannot copy paste with distractions and entertainment, when all I was looking for was the equivalent of half A4 page of text.

I don't blame the creators, to be clear, but I blame who created the economical conditions that made this happen.

Not as far as I know. The only option is usually looking in Github if someone did already the work, but that's not trusted...However, I usually just run Helm template command to see what manifests get rendered, so it's not too hard to establish trust.

In my experience also chart writers tend to be quite generous with permissions (for example, providing a ServiceAccount even when not needed), so I end up tweaking the charts very often.

I think that this is also partially due to the fact that the protest was framed within pure technical issues. The problem was "the 3rd party apps, or the API, or whatever". This perfectly matches with the narrative that technology and ideology have nothing to do with each other, and the result is that you get people who just react "well, I don't use apps, who cares", when really the problem is that a central company that makes money on you and other users can unilaterally take any decisions they want, even if it's against your interests, and you have absolutely no saying, because you are alone, vendor locked and addicted. All of these are the precise results of the way that platform (and all other major platforms) are built.

If you started talking about this, on the other hand you get the " ah, so you are protesting because of ideology ", which apparently became a bad word.

I would have liked (and I tried to do so myself) to see the current technical changes framed in a bigger context (such as building a better cyberspace), to explain that this is not fixed by simply reducing the API calls, or including NSFW content, but requires deeper changes. By merging the technical side and the ideological side, I think it would have been a little harder for people to have this completely individualistic stance such as " oh, I use the official app, so don't care".

This would probably my go-to. I use node-exporter on every server anyway. It's enough to write a script that will query the info you want via bash, and dump a text file inside the node-exporter watched directory.

Ritengo che https://ploum.net/2023-06-23-how-to-kill-decentralised-networks.html abbia portato degli argomenti convincenti a favore del blocco di Meta. Consiglio la lettura (ENG)