Skip Navigation
InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)HI
hib @lemmy.sdf.org
Posts 0
Comments 9
All the Linux forums/chats I'm on today...
  • Totally disagree, but that's a given when it comes to package managers I think. I showed my coworker who was RHEL to the core some neat Zypper features and he was pretty impressed. One feature I think is cool that I don't think anyone else has is zypper ps which shows processes with open file handles to files that were updated. I also really like the way it handles conflict resolution and the same package in multiple repos.

  • Should I be concerned with exposing my server to the public?
  • Unfortunately no guide, just things I've pieced together myself over the years.

    Cloudflare is probably the easiest and most intuitive part of the setup though, you can setup dns/proxy/firewall rules very intuitively, and I'm sure there are plenty of guides out there.

  • Should I be concerned with exposing my server to the public?
  • Here is my setup:

    Cloudflare fronts all of my webserver traffic, and I have firewall rules in Cloudflare.

    Then I have an OPNsense firewall that blocks a list of suspicious ips that updates automatically, and only allows port 80/443 connections from Cloudflare's servers. The only other port I have open is for Wireguard to access all of my internal services. This does not go through Cloudflare obviously, and I use a different domain for my actual IP. I keep Vaultwarden internal for extra safety.

    Next I run every internet facing service in k3s in a separate namespace. This namespace has its own traefik reverse proxy separate from my internal services. This is what port 80/443 forwards to. The namespace has network policies that prevent any egress traffic to my local network. Every container in the WAN facing namespace runs as a user with no login permission to the host. I am also picky about what storage I mount in them.

    If you can get through that you deserve my data I think.

  • Lemmy content findability
  • I have been thinking about this. For other sites it is super easy to google e.g. "bifl socks reddit" but with federated services the information is scattered across many domains/services that the search engines do not know are federated. There either needs to be a site that archives everything in real time that search engines can crawl, or a robust search engine specifically designed for searching posts on all known instances.

    Full disclosure I am not an expert on the topic these are just my thoughts.

  • Lemmy is blowing up
  • I think all new technology is like that. Ultimately I think what is needed is a single mobile app that aggregates fediverse services and makes it stupid simple on the UX/UI. Advanced users can still migrate to other servers and have more control/freedom, and less savvy people don't even knoww hat is happening.