Frankly i find it inconsiderate to the social contract to go out on holidays, and sometimes around them.
Its frankly why i always found Black Friday and the "scope creep" of this festival of consumerism partially so repulsive. I mean its repulsive on its own just in the way people act, but doubly so in that it runs right through a national holiday.
I mean there’s precedence. Avian bird flus have been known to infect humans.
I was going to say “are we in a simulation” but this would work too.
Correct. Connect to for example connect to lemmy.ml and pull their communities so it shows in your communities page locally. Dont have to sync the posts etc. Just the base stats (subs, post, comments. Basically exactly what this is doing. https://lemmyverse.net/communities
note: I hadnt seen that page until after my comment... But im getting a lot of 404's on specific communities, so i have to put in their ! name in search...spam that, click to open the community and subscribe.
that would be perfect.
WIth Debian I would install UFW for a firewall. Set SSH to whatever your home IP is. You can always use the Linode SSH console for external access.
UFW is easy to configure and just translates iptables.
sudo ufw allow from any to any port 80 proto tcp
sudo ufw allow from any to any port 443 proto tcp
sudo ufw allow from HOMEIP to any port 22 tcp
If you want leave SSH open. Then i would probably only do Key based auth in /etc/ssh/sshd_config
you also want to edit that file (sshd_config) to disable root access once setup. I often turn on the following
LoginGraceTime 2m
PermitRootLogin no
StrictModes yes
MaxAuthTries 6
MaxSessions 10
AllowGroups somegroupname
then create a user and a group and add the user to the group. This ensures only that user has SSH access.
sudo adduser someusername
sudo addgroup somegroupname
sudo usermod -aG somegroupname someusername
You can also use visudo to edit sudoers. The first like will require a password. If you use the second line, you can sudo without a password. I would only do the latter if you only use key-based auth though.
someuser ALL=(ALL:ALL) ALL
someuser ALL=(ALL) NOPASSWD: ALL
I also edit /etc/hostname to my server name. Update and reboot. From there run through ansible instructions and make edits as necessary.
Yeah how familiar are you with linux?
You dont run the ansible stuff on the instance itself. You do it from your personal machine or something with ansible installed.
Though I guess in theory you could run it on itself if you dont have another linux box, or something with ansible installed. https://www.middlewareinventory.com/blog/run-ansible-playbook-locally/
But I am happy to walk you though the basics of setting up a securing the box.
Yes the ansible config worked fine for me. I worked for days to get an kbin instance up. Ansible worked first go.
I have yet to get email working but otherwise its solid. Linode will block email btw if you account is new (and frankly may be blocking mine now). You just have to put in a case and justify and it should be fine. My account should be old enough to be exempt but I will likely do it anyhow. Their support is pretty good.
Getting federation crawled and communities added is a bit slow. Mostly because the other instances are a bit slow.
A few pointers if you havent done admin yet.
Put nothing in the federation allow list unless you want to go whitelist only. Over time as other instances hit yours and you search others, the linked list of instances will grow. Just use the blocklist if you want to block certain instances. I havent found a good way to block the growing number of instances in case they have some illegal content like CSAM. So...i may just go whitelist anyhow
Searching for instances seems to be CPU heavy on mine. Its not a problem though. You just cant simply plug in a URL of a community in another instance if you havent linked. You will get a 404 if you do. So you have to go to search, looking for that community by hitting search a few times until it shows up, then you can join and it will start crawling
I have no idea what "Private instance" does other than i believe it will keep your instance form starting in the future if you have it checked AND federation turned on. I saw some logs in dockers startup when i did it but nothing in the UI.,
Im currently on the 4GB dedicated. However heres an htop of it.
I am currently the only user. Im considering opening it up to limited users but not really having communities once i get a lot of the instances cached and indexable.
Others like @leopardboy@netmonkey.tech are running on a 2GB shared just fine. I will likely move to that if i choose to keep it solo for sure, or under 100 users and no communities.
I dont have the time to really moderate others or content on the instance. So i dont think I plan to host any communities at all. I do wish you could federate/sync specific communities to your instance to make searching/subscribing easier.
I’ve run linodes for years. My blog runs on them. I still host a variety of other services on them. They are good for everything from gaming servers to a blog etc.
They did get bought out by akamai a while back. And have raised their prices but they are still solid.
Nanodes are awesome deals frankly.
Yeah. I like the kbin dev as a person much better. And I can empathize with what he is going through. Its why i wanted to setup an instance and help spread the load. But I just couldnt get it working and didnt have the time to really dig in (I have a lot going on otherwise with work).
He did announce he is onboarding a sysadmin/netadmin to handle the stability and scaling issues so he can focus on commits which is good. Ill keep an eye out for updates and maybe migrate then.
I have a lab at home and do host some stuff for myself from there in a small DMZ (ie: Miniflux RSS readers, Plex through Reverse proxy etc).
But I used a linode for my lemmy/kbin stuff. Reason being is that the code is fairly new and there may be exploits bugs and
I dont want to deal with my ISP made an instance is exploited and becomes some type of C2 box or spews out spam. Kbin specifically already has PRs to fix XSS and Sql injection stuff, the former of which is usually avoidable if you just follow some pretty basic principles. So its a concern.
Linode has better bandwidth than my non-symmetrical ISP uplink and is on its own quota.
This guy has to be one of the dimmest folks I have ever seen. Putin straight tried to kill him, failed and the world did nothing and yet he still turned himself in as some type of martyr. The world was going to do nothing and they were going to torture him and trump up any charges they felt to ensure he never sees the light of day again and for what? Nothing.
He could have done more even in exile.