I am an archo-communist, cat-loving dude with a very eclectic range of interests and passions. Currenty, I’m into networks of all kinds and open source software.

  • 8 Posts
  • 236 Comments
Joined 1 year ago
cake
Cake day: July 8th, 2023

help-circle


  • It’s a Proxmox server that’s well under subscribed and utilized. I currently use it as a remote back-up for my brother’s business computer and the family’s various machines. It has one Arch Linux VM for that purpose. Another Arch Linux VM has two docker containers for running Mastodon and Lemmy.

    I want to do more with it but right now it’s time for me to buckle down and actually take some steps toward bettering my career because I am sick of being a senior Windows desktop support technician. I really want to do Linux/BSD systems administration or DevOps stuff. I hate feeling like I have to learn under the gun but, at this point, thinking about work on Monday is making me physically ill. The only relief will be knowing that there is an end to this tunnel.










  • I don’t see this functionality in Lemmy. Mastodon has settings where you can limit your posting visibility to only those who follow you. But anybody that you don’t expressly block will still be able to see your profile. More privacy features mighr be in development.

    Probably your best bet is to keep your fediverse handle as anonymous as is possible. That would be the best advice I have to give. Also, don’t give clues as to your whereabouts in your posts. Nothing on the Internet is trult private and infosec is hard. Always assume that a fediverse instance could be compromised at any time. Use some common sense and basic operational security and you should be okay.







  • In Lemmy, subreddits are known as communities. You join a community by its name, for example !mycommunity@example. Do a search for that community, click on the search result, and you’ll be given an option to subscribe. Note that the search might come up as 0 results even though you got the community name right. It’s just taking longer to find the community.



  • You need to actually piece together those few to come up with one cohesive working instance. I can share with you the docker-compose.yml file that worked for me, if that will help.

    version: '3'
    services:
      db:
        restart: always
        image: postgres:14-alpine
        shm_size: 256mb
        networks:
          - internal_network
        healthcheck:
          test: ['CMD', 'pg_isready', '-U', 'postgres']
        volumes:
          - ./postgres14:/var/lib/postgresql/data
        environment:
          - 'POSTGRES_HOST_AUTH_METHOD=trust'
    
      redis:
        restart: always
        image: redis:7-alpine
        networks:
          - internal_network
        healthcheck:
          test: ['CMD', 'redis-cli', 'ping']
        volumes:
          - ./redis:/data
    
      # es:
      #   restart: always
      #   image: docker.elastic.co/elasticsearch/elasticsearch:7.17.4
      #   environment:
      #     - "ES_JAVA_OPTS=-Xms512m -Xmx512m -Des.enforce.bootstrap.checks=true"
      #     - "xpack.license.self_generated.type=basic"
      #     - "xpack.security.enabled=false"
      #     - "xpack.watcher.enabled=false"
      #     - "xpack.graph.enabled=false"
      #     - "xpack.ml.enabled=false"
      #     - "bootstrap.memory_lock=true"
      #     - "cluster.name=es-mastodon"
      #     - "discovery.type=single-node"
      #     - "thread_pool.write.queue_size=1000"
      #   networks:
      #      - external_network
      #      - internal_network
      #   healthcheck:
      #      test: ["CMD-SHELL", "curl --silent --fail localhost:9200/_cluster/health || exit 1"]
      #   volumes:
      #      - ./elasticsearch:/usr/share/elasticsearch/data
      #   ulimits:
      #     memlock:
      #       soft: -1
      #       hard: -1
      #     nofile:
      #       soft: 65536
      #       hard: 65536
      #   ports:
      #     - '127.0.0.1:9200:9200'
    
      web:
        #build: .
        #image: ghcr.io/mastodon/mastodon
        image: tootsuite/mastodon:latest
        restart: always
        env_file: .env.production
        command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000"
        networks:
          - external_network
          - internal_network
        healthcheck:
          # prettier-ignore
          test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:3000/health || exit 1']
        ports:
          - '127.0.0.1:3000:3000'
        depends_on:
          - db
          - redis
          # - es
        volumes:
          - ./public/system:/mastodon/public/system
    
      streaming:
        #build: .
        #image: ghcr.io/mastodon/mastodon
        image: tootsuite/mastodon:latest
        restart: always
        env_file: .env.production
        command: node ./streaming
        networks:
          - external_network
          - internal_network
        healthcheck:
          # prettier-ignore
          test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:4000/api/v1/streaming/health || exit 1']
        ports:
          - '127.0.0.1:4000:4000'
        depends_on:
          - db
          - redis
    
      sidekiq:
        #build: .
        #image: ghcr.io/mastodon/mastodon
        image: tootsuite/mastodon:latest
        restart: always
        env_file: .env.production
        command: bundle exec sidekiq
        depends_on:
          - db
          - redis
        networks:
          - external_network
          - internal_network
        volumes:
          - ./public/system:/mastodon/public/system
        healthcheck:
          test: ['CMD-SHELL', "ps aux | grep '[s]idekiq\ 6' || false"]
    
      ## Uncomment to enable federation with tor instances along with adding the following ENV variables
      ## http_proxy=http://privoxy:8118
      ## ALLOW_ACCESS_TO_HIDDEN_SERVICE=true
      # tor:
      #   image: sirboops/tor
      #   networks:
      #      - external_network
      #      - internal_network
      #
      # privoxy:
      #   image: sirboops/privoxy
      #   volumes:
      #     - ./priv-config:/opt/config
      #   networks:
      #     - external_network
      #     - internal_network
    
    networks:
      external_network:
      internal_network:
        internal: true