Errar es humano. Propagar errores automáticamente es #devops

  • 2 Posts
  • 17 Comments
Joined 1 year ago
cake
Cake day: June 18th, 2023

help-circle



  • Some security tips:

    Firewall should block everything by default, and you start allowing incoming and outgoing connections when you need them or if something fails.

    Disable passwords and root access in ssh daemon.

    Use fail2ban or something similar to block bots failing to log-in.

    Use random long passwords for everything (eg: like databases). And put then in a password manager. If you can remember the database password, it’s not strong enough. If you can remember the admin password for a public web service, it’s weak.

    Don’t repeat the passwords. Everything should have its own random long password.

    .env files and files with secrets should be readable only by its service user. Chmod them to 400.

    Monitor logs from time to time to see if something funny is happening.












  • Pros:

    • No single entity that have all control.
    • No entity profits from it, so you are not a product.
    • Related to above: No trackers, no ads, no spyware, etc.

    Cons:

    • It is run by volunteers: bad uptimes, slower progress, slower fixes, etc.
    • Some volunteer may give up and delete the instance. It happened to my first Lemmy account (nothing against you, stux)
    • No market-driven decisions means sometimes instances defederate each other for purely ideological reasons. Sometimes very childishly. (again, nothing against stux)
    • Lots of fedidrama.

    Welcome to Lemmy. Hope you enjoy it.




  • Kubernetes is useful if you have gone full cattle over pets. And that is very uncommon in home setups. If you only own one or two small machines you cannot destroy infra easily in a “cattle” way, and the bloatware that comes with Kubernetes doesn’t help you neither.

    In homelabs and home servers the pros of Kubernetes are not very useful: high availability, auto-scaling, gitops integrations, etc: Why would you need autoscaling and HA for a SFTP used only by you? Instead you write a docker-compose.yml and call it a day.