6·
27 days ago90% sure wireguard (the VPN server) is going to need an open port if you want to connect from the outside.
- 0 Posts
- 53 Comments
Joined 1 year ago
Cake day: June 16th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
4·1 month agoI’m a software dev with quite a lot of experience in server admin. I’m also a full time Linux user, and run a lot of services both at home and on a rented VPS. I had oddly enough never used Ansible before, but the instructions on that GitHub page should make it pretty simple.
Yeahhhh…
Obviously it can all depend on your requirements, but this N95 system has been pretty eye opening on how much people are over-speccing their builds for home server use. It has 8Gb of memory in it, but I seldom see it use more than 2. The box is doing DNS, Jellyfin, torrenting, VPN, private git, etc.
I used the Lemmy Ansible method to deploy. At the time that I first installed it, it was the recommended method vs a docker compose. It is a little bit of setup, but is pretty simple to get going. Just follow the instructions and it should just work.
It would also result in a metric shit-ton of traffic and data storage.
Really depends how many instances they want to federate with. I run a single user instance for all of my personal Lemmy use. Looks like it is using 20Gb of bandwidth per week, and the VM it runs on only has 32Gb of storage (and it runs other services, too)
Same, but even lower (Beelink N95). My whole stack of two NAS units, mini PC, switch, router, and modem average a load of 50 watts.
Murphy!
FWIW: I’m running jellyfin and a whole host of other services on a Beelink with an Intel n95 and 8gb of ram. Runs like a champ.
Using Firefox mobile, everything works and is mostly performance 🤷♂️
6·2 months agoThe OP ruled out zig and rust already
im a big fan of the nas device being single purpose. its life should only exist in fileserving. i have several redundant nas devices and then a big ol app server.
This is the way. Except my “big ol’ app server” is an n95 mini pc that sips power.
Because even if an attacker could gain access even as root he cannot modify system files.
Your comment was already from the position of if an attacker could gain root access. My responses were to that directly, and nothing else.
Your comment also contained
The filesystem itself is also read-only.
Which is what led to the further discussion of root making that not so.
I don’t believe that to be the intent of the OP’s comment, given their second sentence, but they are welcome to state otherwise. I just don’t want them thinking that an immutable distribution gives them some kind of bulletproof security that it doesn’t.
While you are correct, any system is compromised if you have root, so isn’t that irrelevant at that point?
The original context for the comment chain was:
Because even if an attacker could gain access even as root he cannot modify system files.
So no, it’s completely relevant.
Someone with root can run ostree admin unlock --hotfix to make /usr writable. Someone with root can also delete all restore points.
It would be strange for them to call it that if it actually means “completely irrelevant from a security perspective”.
See the comment by superkret.
An attacker escaping from a container can’t be system root as Podman runs rootless (without some other exploit or weak password).
That would be true of podman running anywhere, and is not unique to an immutable distribution.
The filesystem itself is also read-only.
You can change that real quick if you have root access.
Because even if an attacker could gain access even as root he cannot modify system files.
They 100% can.
You’re the one who replied “any google hardware” though.
The truth about abs workout and diet is the same order tonight and tomorrow is fine but most importantly I will send you the best way to get the latest Flash player to play with my family 😁🐱