There have been multiple accounts created with the sole purpose of posting advertisement posts or replies containing unsolicited advertising.

Accounts which solely post advertisements, or persistently post them may be terminated.

@green_dot@le.fduck.net cover
@green_dot@le.fduck.net avatar

green_dot

@[email protected]

This profile is from a federated server and may be incomplete. Browse more on the original instance.

green_dot , to technology in Terraform, Vault, Nomad etc by HashiCorp moving away from Open Source
@green_dot@le.fduck.net avatar

I was hit aggressively by HC sales team last year, we are using TF and Vault, and were looking to add consul, now it is pretty vauge how it will all pan put

green_dot , to piracy in usenet providers
@green_dot@le.fduck.net avatar

I’m using usenet.farm, works well

green_dot , to linux in [Rant] I swear to fucking god. Windows is harder to use than Linux. Have any of you ever USED Windows lately? Holy fuck.
@green_dot@le.fduck.net avatar

I use windows for 2 things - personal pc to play games, work laptop dualboot for excel usage if some super old messy sheets. everything else linux.

green_dot , to linux in (solved) I am not a noob, but this is confusing: dpkg/apt issue
@green_dot@le.fduck.net avatar

use dpkg -r to remove the packages:

openjdk-17-jre-headless:amd64 openjdk-17-jre:amd64 default-jre minecraft-launcher geogebra

Then install minecraft-launcher and see what it says. might be that openjdk is clashing with default-java.

my 2 cents just on this…

green_dot , to selfhosted in Setting up your own VPN
@green_dot@le.fduck.net avatar

Check netmaker for wireguard vpn if you want a ui, but its straightforward to set it up manually.

green_dot , to selfhosted in Home Server Security
@green_dot@le.fduck.net avatar

I’d say, what kind of security are you talking about? Apart from standard HTTPS to keep things encrypted, there are other layers if you want to keep your service exposed to the internet.

Also how things are installed and if they are correct, proper file permissions. nothing different than having it on the server somewhere. You just need to keep thing up to date and you’ll be fine.

green_dot , to selfhosted in r/selfhosted is still rising, WTF? Come to Lemmy!!!
@green_dot@le.fduck.net avatar

I like it here on Lemmy as there are quality talks from people and not too much circlejerking same concepts around. I actually like going trough here.

green_dot , to technology in Mastodon?
@green_dot@le.fduck.net avatar

Yes, very active, there is the tag there where you can find people (and people find you).

green_dot , to selfhosted in What's your uptime record?
@green_dot@le.fduck.net avatar

About 6 year uptime on one machine before we shut it down and relocated.

green_dot , to linux in Tabby: A terminal for a more modern age
@green_dot@le.fduck.net avatar

Oh that is sweet, I’ll look into it. Thanks!

green_dot , to selfhosted in Redoing home lab and need insights
@green_dot@le.fduck.net avatar

Thanks for the reply, flux is pretty good, I’m using ArgoCD, but both are basically following gitops priciples.

I might give k3s a look and see how ot all work together.

green_dot , to selfhosted in Redoing home lab and need insights
@green_dot@le.fduck.net avatar

What would be a benefit to run k8s at home, apart from bit dealing with it, compared to docker-compose on a single or two nodes? or docker swarm? Unless there is a big load of services that are selfhosted, which I get, and the autohealing from k8s as the orchestrator.

Just courious, not taking a swing. Thanks!

green_dot , to selfhosted in Anyone hosting Lemmy and Mastodon on the same server?
@green_dot@le.fduck.net avatar

I’m running both, via docker.

Here’s the basic setup:

NGiNX is standard installation, using certbot to manage the SSL certificates for the domains. Setup is via Nginx virtual hosts (servers), separate for Lemmy and Mastodon. Lemmy and Mastodon run each in their Docker containers, with different listning ports on localhost.

<pre style="background-color:#ffffff;">
<span style="color:#323232;">                  lemmy.domain.tld+------------------------+
</span><span style="color:#323232;">               +------------------+                        |
</span><span style="color:#323232;">               |                  |         Lemmy          |
</span><span style="color:#323232;">               |                  |         127.0.0.1:3000 |
</span><span style="color:#323232;">               |                  +------------------------+
</span><span style="color:#323232;">               |
</span><span style="color:#323232;">+--------------+----+
</span><span style="color:#323232;">|NGiNX with SSL     |   mastodon.domain.tld
</span><span style="color:#323232;">|and separate VHOSTS+--------------+-----------------------+
</span><span style="color:#323232;">|                   |              |          Mastodon     |
</span><span style="color:#323232;">+-------------------+              |          127.0.0.1:3001
</span><span style="color:#323232;">                                   +------------------------
</span><span style="color:#323232;">
</span>
green_dot , to selfhosted in Is it possible to completely hide all reverse proxy traffic from a VPS provider?
@green_dot@le.fduck.net avatar

Best option is to directly NAT traffic from VPS to your home server, either directly to your IP or set up a wireguard peer and send traffic via wireguard to your local and do the SSL/TLS termination on your local.

You are best exposing just 443 port on the VPS and moving that traffic over wireguard. Server will have your local public key on the server, and you could implement a wireguard key rotation to change them frequently.

Traffic sent back will be encrypted with the certificate, and even if they get the wireguard server key, you can rotate it, but still they will see encrypted packets.

It depends what kind of things you’re doing on your local. If it is just a website thing, then reverse proxy is fine. Anything other than that, NAT would be cleanest one.

LUKS on the disks would encrypt it the data on the block storage level, and, in theory, they should not have a way of reding block storage files directly. But since it is a VPS they can, technically, gather data from host memory.

Next step might be going down a dedi server route, Luks encryption on disks. Only thing thats needed there would be sufficient network pipe.

green_dot , to selfhosted in Recommendation: Tailscale VPN
@green_dot@le.fduck.net avatar

I tried it, its great if you want to get started. or you want to run a vpn on a server that doesnt support wireguard. My main gripe with the client is that it can’t do high speeds, it’s just too cpu bound. Like going close to a gigabit transfer.

With wireguard I was able to get to 98% gigabit transfer. It was fine for a month I was using it, in the end I just setup a wireguard mesh with Netmaker.

There is headscale where you can run your own hosted central server, so you’re not using the tailscale one.

In the end netmaker did what I wanted, however they tend to introduce bit of changes in their releases, so if you’re not super technical it might pose a challenege with upgrading until they reach a super stable version. Like jump from 0.10.X to 0.20 had some big changes for the whole netmaker internals. Bit that does not impact wireguard connectivity.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • lifeLocal
  • goranko
  • All magazines
    •