Ansible vault. All my config files and scripts are deployed with Ansible. Usually they are pushing those into a file or environment variable but if you scope permissions narrowly and don’t run services/containers as root you should be somewhat safe. If someone has filesystem access you’re already in big trouble.

Instead I’d focus on keeping your attack surface as small as possible. Keep services behind a VPN or segment public facing services to a separate VLAN or docker network.

Spiderman is what got me to purchase a PS4. I’ve rebought almost everything on PC though so I think I learned my lesson this time (still waiting on Bloodborne and Ghost of Tsushima 😞).

Back in 2016 or so you could get a RaspberryPi 3 for $35. Add a $5 power supply, $5 SD card and $10 case (or 3d print your own) and you’ve got a nice little piece of hardware for running a tiny project at home for ~$50. More than enough for hosting some simple web services, backup software or something like Home Assistant.

Plus it was popular (which makes it even more popular). It’s always been very easy to find guides written specifically for the hardware, despite it’s limitations.

I think the value proposition has been dropping steadily though. They cost more, are hard to find and there are now a lot more competing SBCs on the market. RaspberryPi still has name recognition though, for now.

There is a community Ansible module for the Uptime-Kuma API that I’ve been trying to get working so I can trigger the maintenance window when I run my playbook to update services but I haven’t quite figured it out yet.

I’m in the same boat though, I start updating containers and my slack channel blows up for like five minutes straight.

I’ve got Uptime-Kuma internally for watching all my internal services and then I’ve got one running on a VPS that watches all the external services and public endpoints.

Such a great project and so easy to use…

FreeDNS requires you to log in to their website once a month or so to keep your DNS name active or they will revoke it. DuckDNS doesn’t require that. It’s free and it works. I set it up forever ago and never have to touch it, with FreeDNS I was risking losing my name or having my services go down if I missed their nag email.

( ͡° ͜ʖ ͡°)

My dongers have never been higher.

ansible-nas

Wow, yeah this is exactly the sort of roles/playbooks that I’ve been building. I’m definitely using this as a source before starting my own from scratch. Thanks for sharing.

I’m actually doing both right now since I had quite a huge compose file that I haven’t converted to ansible yet. The biggest frustration I have is that there doesn’t seem to be an ansible module that works with compose v2 (the official plugin) which means I’m either stuck on the old version of compose or I have to use shell commands to run stuff like ‘docker compose up -d’.

One nice thing I’ve gained though is for services like Plex. I have an ‘update’ playbook that I use and it will check to see if Plex is actively streaming before updating the container which isn’t something I could do easily with compose.

Hahaha, I’ve been using ChatGPT in the exact same way. It requires a bit of double-checking but it really speeds things up a lot.

I’ve started replacing my docker compose files with pure ansible that is the equivilent of doing docker run. My ansible playbooks look almost exactly like my compose file but they can also create folders, set config files or cycle services when configs are updated.

It’s been a bit of a learning process but it’s replaced a lot what was previously documentation with code instead.

I’d recommend Duck DNS over Free DNS these days.

And Wireguard over OpenVPN.

But yes, this is the easiest free way to stand up a solid website. Only other thing I’d add is to put sites and services behind a reverse proxy. Typically I’ve used Nginx but I’m quickly becoming a Caddy convert.

I’ve been DMing a Scum and Villainy campaign, a space opera based on the Forged in the Dark family of games.

My group has been playing a few different systems together for a couple years now and this might be the most fun we’ve had. They get to cruise around space stealing, smuggling and generally being a bunch of scallywags. The campaign setting is a really solid base that I’ve been building on top of and I have so many ideas for things I want to try.

I’m jealous of your 5E campaigns. My D&D group I play with has been on hiatus this summer so I haven’t gotten to play much this year but I’m hoping we can start up something soon.

Gamefreak clearly isn’t interested in evolving their formula very much. Each game is designed to be approachable for young children who are potentially playing Pokemon for the first time. So yeah, there is a lot of hand holding.

I’ve found myself hoping the same thing though, that maybe the franchise would grow up with me, but it doesn’t look like it is going to happen. I expect that we’ll have to mash the A button through the Pokemon catching tutorial until the end of time.

I should have learned Ansible earlier.

Docker compose helped me get started with containers but I kept having to push out new config files and manually cycle services. Now I have Ansible roles that can configure and deploy apps from scratch without me even needing to back up config files at all.

Most of my documentation has gone away entirely, I don’t need to remember things when they are defined in code.

Converting my environment to be mostly containerized was a bit of a slow process that taught me a lot, but now I can try out new applications and configurations at such an accelerated rate it’s crazy. Once I got the hang of Docker (and Ansible) it became so easy to try new things, tear them down and try again. Moving services around, backing up or restoring data is way easier.

I can’t overstate how impactful containerization has been to my self hosting workflow.

Honestly I feel like I should donate to Lemmy apps I don’t even use. Sync will likely become my primary vehicle to the fediverse but the fact that I have a choice is the most important aspect. A healthy competitive app ecosystem is essential.

I’ve gone through the whole cycle of grief with the enshitification of Reddit and finally come out really optimistic about the future of the web.

Sync for Lemmy is definitely a huge part of that. I’m overwhelmed with how much energy there is behind this.

Replying to confirm that this works and went very smoothly! If you can see my profile picture, it’s on S3 instead of disk now.

I’m using pure ansible to deploy my containers (instead of docker compose) so I had to figure out how to start the pictrs container without actually starting pictrs so that I could run the migration. I ended up stopping the container and then running this to perform the migration:

docker run --name pictrs-migration \
  --user 991:991 \
  -v /my-pictrs-path/:/mnt \
  --rm \
  asonix/pictrs:0.4.0-rc.14 \
  pict-rs \
    migrate-store \
    filesystem \
    object-storage \
        -e https://my-s3-endpoint \
        -b my-s3-bucket-name \
        -r my-region \
        -a my-key-id \
        -s my-key-secret

Then I used ansible to redeploy the container with volume mount removed and the new s3 environment variables.

Super easy!