Setup a test environment, with all the bits you need and point your updated image at it.

For example I build an image that needs redis, so I have a test compose that starts redis and then my image

They voted him in, they get the clown

git commit, git push, git out

I have code on my site that returns ASCII are, only if you curl it.

At work my site had used as a working test

curl horwood.biz

thats cool, but it doesnt give you ascii are when you curl the site

was just pointing out that 1password has an SSH agent, not that you should use it.

I would always recommend bitwarden, as its so cheap or free if you self host it. also vaultwarden is the lighter option

Or 1password if that’s your bag, I use 1password at work and bitwarden at home

We use both lynis and wazuh, wazuh is getting replaced with logpoint and Aws inspector.

I now need to check we pickup the lynis log

I would prefer, why 2fa everywhere is important. But not SMS!

If you have 2fa on accounts, your password is only 1 bit of the login. Passkeys or yubikeys will stop most login attempts dead, you can’t send them to anyone.

But yes unique passwords also help, as that 1 service is the only thing with that password.

if it helps, I run Lemmy and dont stop the database at all.

I mount a back directory to the container and then run the bellow to do the backup.

dockerID=$(docker ps | grep lemmy_postgres | awk '{print $1}')
docker exec ${dockerID} /usr/local/bin/pg_dumpall -c -U lemmy | gzip > /mnt/backups/lemmy/lemmy_dump_`date +%Y%m%d-%H%M%S`.sql.gz

replace the lemmy_postgres with your funkwhale name.

Pushover here, they have critical alert I think.

Use it for my nagios alert, home assistant and other command line stuff.

Super cheap at $5 one off payment and then 10000 messages per application. I have about 5 applications, so 10k*5.

The way I have my file, is a load of default stuff. Like block windows ports and allow SSH.

With a for loop that adds stuff for a specific host, like allow http/s for the web server.

That’s the point of the template, you change the bits the need change and the bits that are static get templated

I have used both, can tell you that a template file of /etc/iptables/rules.v4 with iptables-persistent is the easiest way.

if you go the full IaC route and have vars for the rules, remember to get iptables to save its state after you have applied your rules

All I can tell you from my decades of Linux use is, the memory management is very odd.

But yes more free memory should help keep things running shooth, if you have the memory leave it as is

That’s how Linux manages it memory, it will use free memory as file cache till it needs it. Then free up memory for process use.

If your only half using the memory for actual services, you may want to reduce it.

Depending on what your server is doing, swap use is normal. But if it’s into swap cuz ram is full, you will find it grinds to a halt.

Use free -mh to see what the memory use is, there is a way to reduce the swapiness if your running a database server and is advised.

yeah, I think so. So nodes are over meshtastic and some are over quux

I didnt know of NNCP either, it looks amazing and super simple to setup. might have to look at how I run a NNCP forwarder to Gmail

you could do that, set the use NNCPNET_NO_NODELIST to 1.

Then your into private node https://salsa.debian.org/jgoerzen/docker-nncpnet-mailnode/-/wikis/configuration#adding-private-nodes