• 0 Posts
  • 17 Comments
Joined 1 year ago
cake
Cake day: July 21st, 2023

help-circle
  • I’m not sure how this would work, but what about the concept of cross-instance communities? For users it would be a bit like a multi-reddit where you group various communities together into one aggregate list but when posting content you’d have to choose which instance it lands on. Mods would have to agree on a set of rules (and you’d have some communities split off due to differences), but otherwise it seems somewhat plausible.

    That would be one way to solve the problem of every instance having a version of one specific type of community.


  • Ansible vault. All my config files and scripts are deployed with Ansible. Usually they are pushing those into a file or environment variable but if you scope permissions narrowly and don’t run services/containers as root you should be somewhat safe. If someone has filesystem access you’re already in big trouble.

    Instead I’d focus on keeping your attack surface as small as possible. Keep services behind a VPN or segment public facing services to a separate VLAN or docker network.




  • Toribor@corndog.uktoSelfhosted@lemmy.worldMy first website
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    1 year ago

    FreeDNS requires you to log in to their website once a month or so to keep your DNS name active or they will revoke it. DuckDNS doesn’t require that. It’s free and it works. I set it up forever ago and never have to touch it, with FreeDNS I was risking losing my name or having my services go down if I missed their nag email.



  • I’m actually doing both right now since I had quite a huge compose file that I haven’t converted to ansible yet. The biggest frustration I have is that there doesn’t seem to be an ansible module that works with compose v2 (the official plugin) which means I’m either stuck on the old version of compose or I have to use shell commands to run stuff like ‘docker compose up -d’.

    One nice thing I’ve gained though is for services like Plex. I have an ‘update’ playbook that I use and it will check to see if Plex is actively streaming before updating the container which isn’t something I could do easily with compose.




  • Toribor@corndog.uktoSelfhosted@lemmy.worldMy first website
    link
    fedilink
    English
    arrow-up
    14
    ·
    1 year ago

    I’d recommend Duck DNS over Free DNS these days.

    And Wireguard over OpenVPN.

    But yes, this is the easiest free way to stand up a solid website. Only other thing I’d add is to put sites and services behind a reverse proxy. Typically I’ve used Nginx but I’m quickly becoming a Caddy convert.




  • Replying to confirm that this works and went very smoothly! If you can see my profile picture, it’s on S3 instead of disk now.

    I’m using pure ansible to deploy my containers (instead of docker compose) so I had to figure out how to start the pictrs container without actually starting pictrs so that I could run the migration. I ended up stopping the container and then running this to perform the migration:

    docker run --name pictrs-migration \
      --user 991:991 \
      -v /my-pictrs-path/:/mnt \
      --rm \
      asonix/pictrs:0.4.0-rc.14 \
      pict-rs \
        migrate-store \
        filesystem \
        object-storage \
            -e https://my-s3-endpoint \
            -b my-s3-bucket-name \
            -r my-region \
            -a my-key-id \
            -s my-key-secret
    

    Then I used ansible to redeploy the container with volume mount removed and the new s3 environment variables.

    Super easy!



  • This is mostly my strategy too. Most of the time I don’t have any issues, but occasionally I’ll jump straight to a version with breaking changes. If I have time to fix I go find the patch notes and update my config, otherwise I just tag the older version and come back later.

    I’ve recently been moving my containers from docker compose into pure ansible though since I can write roles/playbooks to push config files and cycle containers which previously required multiple actions on docker compose. It’s also helped me to turn what used to be notes into actual code instead.