Since OP is new to linux I’ll just add this in case it’s helpful.
To edit a file owned by root (super account) you can use sudoedit /etc/apt/sources.list or alternatively sudo nano /etc/apt/sources.list in a terminal.
In the editor save by using the key combo Ctrl+S and exit with Ctrl+X.
Commenting is adding a # in front of the line.
so the file should look like something like this
<pre style="background-color:#ffffff;">
<span style="color:#323232;"># deb cdrom:[Debian GNU/Linux 11.5.0 _Bullseye_ - Official amd64 NETINST 20220910-10:38]/ bullseye main
</span>
I’m new here, and new to federated applications (and fit OP’s description perfectly). This federated stuff is going to remain niche unless somebody figures out a way to make it approachable.
Reddit first time:
<pre style="background-color:#ffffff;">
<span style="color:#323232;">> open app
</span><span style="color:#323232;">> choose some things I like
</span><span style="color:#323232;">> see all the things
</span>
Lemmy first time:
<pre style="background-color:#ffffff;">
<span style="color:#323232;">> open app
</span><span style="color:#323232;">> ?????
</span><span style="color:#323232;">> google how to use it
</span><span style="color:#323232;">> choose a... server?
</span><span style="color:#323232;">> ?????
</span>
I use Caddy as a reverse proxy, but most of this should carry over to nginx. I used to use basic_auth at the proxy level, which worked fine(-ish) though it broke Kavita (because websockets don’t work with basic auth, go figure). I’ve since migrated to putting everything behind forward_auth/Authelia which is even more secure in some ways (2FA!) and even more painless, especially on my phone/tablet.
Sadly reverse proxy authentication doesn’t work with most apps (though it works with PWAs, even if they’re awkward about it sometimes), so I have an exception that allows Jellyfin through if it’s on a VPN/local network (I don’t have it installed on my phone anyway):
It’s nice being able to access everything from everywhere without needing to deal with VPNs on Android^ and not having to worry too much about security patching everything timely (just have to worry about Caddy + Authelia basically). Single sign on for those apps that support it is also a really nice touch.
^You can’t run multiple VPN tunnels at once without jailbreaking/rooting Android
It’s been a long time since I did forwarding through wireguard so this might be outdated, missing info or actually doing unneeded stuff but I had this notes saved in some old iptables personal documentation from like 4 years ago that might shed you some light:
And yes, it’s working locally. I even got it to work through the tunnel using redir but I need the masquerading to hide my private server’s IP.
I saw a difference when it worked. I got server [192.168.0.5] 8096 open on connection. But I didn’t see it through this setup. I simply don’t get any reply at all.
I have Mastodon running on a VPS running Debian 11. Now I would like to add a Lemmy instance on the same server. I tried using the from scratch method from Lemmy documentation, but ran into errors that likely stemmed from minor version incompatibilities of the dependencies. I tried using the Lemmy easy deploy script but it wants...
NGiNX is standard installation, using certbot to manage the SSL certificates for the domains. Setup is via Nginx virtual hosts (servers), separate for Lemmy and Mastodon. Lemmy and Mastodon run each in their Docker containers, with different listning ports on localhost.
The whole conversation is a facepalm. This should have been 3 lines:
“What’s the last song you saved?”
<pre style="background-color:#ffffff;">
<span style="color:#323232;"> 'I am not comfortable sharing that information with you'
</span>
“Okay, if you’re aren’t willing to let me get to know your basic interests clearly this isn’t the kind of relationship I’m looking for. Good luck and have a nice day” [ends transmission]
This is my first day in the Fediverse, and I’m building out my sub list in Lemmy right now. I noticed that searching for Communities only looks within the instance that I’m logged into. Is there any easy way to search across all available Lemmy servers for Communities?
I have some drives of various sizes, 1TB, 2TB etc. I am currently working with a 2 TB drive. I place it in a powered external USB-3 drive enclosure. I can see it in lsblk as the correct size (as SDA) , but the disk manager does not see /dev/sda, and fdisk only wants to let me create a 5 GB partition....
Hello! Let’s say I have an executable file, but I’m unsure of the source, and may contain bugs/errors/malwares/bad things that can mess up my machine. I want to execute it anyway, but I want to make sure that it does not mess things up. Is it possible to create a “sandbox” folder, place the executable inside it, and then...
I’ve created a tool for similar of use-cases: https://codeberg.org/contr/contr
You could run your workload inside, say, an alpine container:
<pre style="background-color:#ffffff;">
<span style="color:#323232;">cd path/to/evil/dir
</span><span style="color:#323232;">contr alpine
</span><span style="color:#323232;">❯ # inside container, run dangerous program
</span><span style="color:#323232;">❯ ./dangerous_program
</span>
If the program needs extra dependencies, you’ll have to write a Containerfile and build an image with the dependencies installed – there’s an example in the repository. Just installing the dependencies at runtime inside the container is also an option, but all changes inside the container are lost on exit.
I’ve either never dealt with RPM specs before or it’s been so long that I can’t remember. Therefore, I can only make a statement about PKBUILD files.
Such files are relatively easy to create and read, as they are basically shell scripts. Thus, if you use AUR, for example, you can easily check them before an installation or an update to see whether the creator has done everything correctly or whether he has changed the file with malicious intent.
For example, a typical PKBUILD file looks like this.
This is a bit overbroad, as it replaces any “500” in those files. It works now, as this is probably only occurrence is the limit you want to tweak, but it’s a crude approach that may inadvertently break at any moment.
docker exec
Those changes are ephemeral and won’t survive if container is re-created for any reason (unless /opt/mastodon is a volume - I guess this is how it survives docker container restart?). I would rather recommend building your own custom image. Start by making a patch file:
<pre style="background-color:#ffffff;">
<span style="color:#323232;">docker run -it --rm -user root <mastodon image> bash
</span><span style="color:#323232;">cp -r /opt/mastodon /opt/mastodon.vanilla
</span><span style="color:#323232;">sed <your-updates-here> # or you can run vi or nano or any other editor
</span><span style="color:#323232;">diff -urN /opt/mastodon.vanilla /opt/mastodon
</span><span style="color:#323232;">exit
</span>
Take diff’s output, save it to fix-limits.patch in a new empty directory, then write a brief Dockerfile next to it, that goes like this:
And finally run docker build -t my-mastodon . and use my-mastodon as a replacement image. This will ensure your changes will persist, plus you’ll have a proper patch file that you can use with any version (point is, it will warn you if something would change in a way that the patch would no longer apply cleanly).
I’m writing this on a phone, from scratch, without any testing, so you may need to tweak things a little bit. E.g. I’m not sure what’s the WORKDIR in the base image - just assuming its /opt/mastodon (which it probably is), but you may need to edit the COPY command’s second argument and/or -p parameter to patch.> docker container restart
Yes - same as with the original script, upgrades would require more manual steps than just updating the version in the Compose file. This is how it’s typically done.
There are ways to automate this. Docker Hub used to have a feature for automatic rebuilds when base images had changed, but AFAIK this feature was removed some years ago. Now it’s a matter of setting up a CI with periodically (nightly or weekly) scheduled pipelines, but it’s not a trivial matter.
Semi-automation can be achieved by using build-time arguments. I’m at my computer now, so here’s a revised process:
First, a bunch of manual commands that would allow us to write a patch. I’ll use those crude sed statements - just because they work today, but YMMV.
And finally, create a file called .dockerignore that contains only one line that would say build.sh. That’s just minor cosmetic touch saying that our build.sh is not meant to be a part of the build context. If everything is correct, there should be now 4 files in the directory: .dockerignore, build.sh, change-limits.patch and Dockerfile.
Now when you run build.sh it will automatically find the latest version and build you a custom image tagged as e.g. my-mastodon:v4.1.3, which you can use in your Compose file. For a distributed system like Docker Swarm, Nomad or Kubernetes you’ll want to tweak this script a little to use some registry (your-registry.example.org/your/mastodon:v4.1.3) and possibly even apply changes further (e.g. docker service update --image …).
Mutable tags like latest can become confusing or even problematic (e.g. if you’ll want to downgrade it’s best to have previous version image readily available for some time - even if the build process is reproducible), so I would really recommend to use explicit version number tags.
Actual git still worked. I was able to git pullI also figured out a way to launch the script using bash - needed to export $SHELL - the only way it worked. I could not update yt-dlp to the latest version - the latest I could install is 2023.06.22 from the side PPA repo. Official Ubuntu repo provides 2023.03 and pip breaks my system with compatibility issues that I don’t have desire to troubleshoot. I could try in the future downloading their binary but I don’t like when stuff doesn’t auto-update. The preferences worked this time and I was able to save them.
yt-dlp gives me an error every time I try to browse either Trending or do a search. I have a TV with a cross and 1 option to Abort Selection.
I have a question: is the script dependent on having browser cookies? Because I don’t have any of the browsers installed on a headless machine. ANd I think that is what yt-dlp wasn’t happy about…
<pre style="background-color:#ffffff;">
<span style="color:#323232;">Downloading /feed/trending ...
</span><span style="color:#323232;">Traceback (most recent call last) :
</span><span style="color:#323232;">File "/usr/bin/yt-dlp", line 33, in <module>
</span><span style="color:#323232;">sys. , 'console_scripts'
</span><span style="color:#323232;">' yt—dtp'
</span><span style="color:#323232;">Fite py", tine 1008, in main
</span><span style="color:#323232;">File "/usr/lib/python3/dist-packages/yt_dlp/_init_.py", tine 962, in _real_main
</span><span style="color:#323232;">with YoutubeDL(ydl_opts) as ydl:
</span><span style="color:#323232;">AAAAAAAAAAAAAAAAAAA
</span><span style="color:#323232;">File "/usr/tib/python3/dist—packages/yt_dlp/YoutubeDL.py", tine 762, in _ init
</span><span style="color:#323232;">self. _ setup_opener()
</span><span style="color:#323232;">File "/usr/Iib/python3/dist—packages/yt_dIp/YoutubeDL.py", tine 3929, in _ setup_opener
</span><span style="color:#323232;">self. cookiejar = load_cookies(opts_cookiefile, opts_cookiesfrombrowser, self)
</span><span style="color:#323232;">File "/usr/lib/python3/dist-packages/yt_dtp/cookies.py", line 106, in load_cookies
</span><span style="color:#323232;">extract_cookies_from_browser(browser_name, profile, YDLLogger(ydI), keyring=keyring, container=container))
</span><span style="color:#323232;">File "/usr/lib/python3/dist-packages/yt_dlp/cookies.py", line 123, in extract_cookies_from_browser
</span><span style="color:#323232;">return _extract_firefox_cookies(profile, container, logger)
</span><span style="color:#323232;">File py", tine 148, in _extract_firefox_cookies
</span><span style="color:#323232;">raise FileNotFoundError(f' could not find Firefox cookies database in {search_root}')
</span><span style="color:#323232;">FiteNotFoundError: could not find Firefox cookies database in /home/user/. mozitta/firefox
</span><span style="color:#323232;">Completed /feed/trendinq.
</span>
Just thought I’d share this since it’s working for me at my home instance of federate.cc, even though it’s not documented in the Lemmy hosting guide....
Replying to confirm that this works and went very smoothly! If you can see my profile picture, it’s on S3 instead of disk now.
I’m using pure ansible to deploy my containers (instead of docker compose) so I had to figure out how to start the pictrs container without actually starting pictrs so that I could run the migration. I ended up stopping the container and then running this to perform the migration:
If you’re using monospaced fonts for writing code (please tell me you are) spaces make sure that the code will look roughly the same on everyone’s machine.
If I’d used tabs, the second and third parameter might not align with the first.
Also, left-side indentation is only a small part of the overall whitespace in code. You’re adding whitespace even when you write x = y. Spaces make sure that this whitespace around the = grows in the same scale as the indentation.
New to linux... I have no idea how to fix this error...
I’m on Debian 12, KDE Plasma, I often get this error...
why not a,b or x,y? (lemm.ee)
Robots say they have no plans to steal jobs or rebel against humans (www.theguardian.com)
Does it feel like the fediverse is exclusively used by older tech nerds?
The mastodon and lemmy content I’m seeing feels like 90% of it comes from people who are:...
How do you deal with malicious requests to your servers?
I put up a vps with nginx and the logs show dodgy requests within minutes, how do you guys deal with these?...
Wine 8.12 Released With Additional Wayland Enablement (www.phoronix.com)
Unable to forward ports using wireguard
Update: Sorry guys, looks like I just needed to reboot the public server....
How much swap?
I’ve heard a lot of people say your swap should be 2x RAM… but do I really need 32GB of swap?
thought you stood a chance? (media.discordapp.net)
Anyone hosting Lemmy and Mastodon on the same server?
I have Mastodon running on a VPS running Debian 11. Now I would like to add a Lemmy instance on the same server. I tried using the from scratch method from Lemmy documentation, but ran into errors that likely stemmed from minor version incompatibilities of the dependencies. I tried using the Lemmy easy deploy script but it wants...
Online dating (lemmy.world)
Is there any way to search for communities across all Lemmy instances?
This is my first day in the Fediverse, and I’m building out my sub list in Lemmy right now. I noticed that searching for Communities only looks within the instance that I’m logged into. Is there any easy way to search across all available Lemmy servers for Communities?
Drive (s) wrecked?
I have some drives of various sizes, 1TB, 2TB etc. I am currently working with a 2 TB drive. I place it in a powered external USB-3 drive enclosure. I can see it in lsblk as the correct size (as SDA) , but the disk manager does not see /dev/sda, and fdisk only wants to let me create a 5 GB partition....
How to create a sandbox folder, restricting write access to all files contained in it to that folder itself?
Hello! Let’s say I have an executable file, but I’m unsure of the source, and may contain bugs/errors/malwares/bad things that can mess up my machine. I want to execute it anyway, but I want to make sure that it does not mess things up. Is it possible to create a “sandbox” folder, place the executable inside it, and then...
/r/NonCredibleDefense recieves automated notice from the admins to remove its NSFW designation, or else. Mods respond by messaging the admins a bunch of death and porn.
cross-posted from: kbin.social/m/RedditMigration/t/148433...
What is the advantage of PKGBUILD over RPM specs?
[Help] New self-hosted instance not crawling communities
Just got my own instance up and running finally, but it doesn’t seem to be federating as expected....
Quick script to change Mastodon Docker deployment character limits (kbin.social)
Howdy folks!...
magic-tape: YouTube TUI client (fzf, image support) (gitlab.com)
cross-posted from: lemmy.world/post/530920...
Pro-tip: Self-hosting Lemmy? You can use object storage to back pict-rs (image hosting) to save a lot of money
Just thought I’d share this since it’s working for me at my home instance of federate.cc, even though it’s not documented in the Lemmy hosting guide....
There is an imposter among us (lemmy.ml)