talkingpumpkin

joined 2 years ago
sorted by: new top controversial old
An update on rust-coreutils in Ubuntu in c/linux@lemmy.ml
[–] talkingpumpkin@lemmy.world 2 points 1 week ago

TLDR:

Current status for 26.04 LTS

We shipped rust-coreutils as the default in Ubuntu 25.10 to maximise real-world testing ahead of the LTS. Based on the audit findings and remediation progress, here is where we stand for Ubuntu 26.04 LTS.

We have included the latest upstream release 0.8.0 in Ubuntu 26.04, which incorporates the bulk of the security fixes.

cp, mv, and rm continue to be provided by GNU coreutils in 26.04. These utilities have remaining open TOCTOU (time-of-check to time-of-use) issues (8 as of Apr 22, 2026) that need to be resolved before we are confident shipping them.

Our plan is to address the remaining issues as soon as possible and target Ubuntu 26.10 with 100% rust-coreutils.

Looking for a way to have a web interface for shell commands in c/selfhosted@lemmy.world
[–] talkingpumpkin@lemmy.world 16 points 2 weeks ago (2 children)

Does https://www.olivetin.app/ look like what you have in mind?

Alright let's see pictures of your super nice rack-mounted, professionally installed labs. I'll start 🙃 in c/selfhosted@lemmy.world
[–] talkingpumpkin@lemmy.world 2 points 3 weeks ago (1 children)

(OT) what did you use to annotate the picture?

What to selfhost if you have a lot of bandwidth in c/selfhosted@lemmy.world
[–] talkingpumpkin@lemmy.world 3 points 1 month ago (1 children)

I've not looked into it much yet, but https://radicle.xyz/ seems interesting.

It's kinda a bittorrent-powerd codeberg and it looks like it's worth playing around with (even though it might not get you rid of much bandwidth... IDK how popular it is, but source usually doesn't weigh that much).

[Solved] OpenWrt & fail2ban in c/selfhosted@lemmy.world
[–] talkingpumpkin@lemmy.world 1 points 2 months ago (2 children)

Getting the router to actually assign an IP address to the server

You would typically want to use static ip addresses for servers (because if you use DHCP the IP is gonna change sooner or later, and it's gonna be a pain in the butt).

IIRC dnsmasq is configured to assign IPs from .100 upwards (unless you changed that), so you can use any of the IPs up to .99 without issue (you can also assign a DNS name to the IP, of course).

all requests’ IP addresses are set to the router’s IP address (192.168.3.1), so I am unable to use proper rate limiting and especially fail2ban.

Sounds like you are using masquerade and need DNAT instead. No idea how to configure that in openwrt - sorry.

What's your opinion on Ubiquiti/Unifi gear? in c/selfhosted@lemmy.world
[–] talkingpumpkin@lemmy.world 0 points 2 months ago (2 children)

A NAS is just a computer and TrueNAS is just Linux (ok, TrueNAS CORE is Bsd).

You can run zfs on any machine: they recommend loads of RAM for optimal performance, which you don't need at home (or at work, unless your job is running a data center).

You can choose from a number of FOSS NAS-specific operating systems, plus all linux distros (since you post here, I'd assume you either can or aim to administer a home sever?)... why would you go with a proprietary OS?

There are several FOSS operating systems for network equipment too (keyword "NOS"), but as far as I'm aware none that work on small soho/edge switches. OpenWrt runs both my router (mikrotik) and WAPs (tplink), but the two 8-port switches I have at home (also tplink) run their proprietary firmware.

Should I be using Debian? in c/selfhosted@lemmy.world
[–] talkingpumpkin@lemmy.world 9 points 2 months ago

Don't tear down your server just to have fun - setup a vm (or get one of those minipcs), call i "playground" and have fun there.

Redo your server after you've tried different things, and only if you feel like you found something that is worth it.

Experimenting with different distros can teach you a lot (especially if you try very different ones - mint and debian aren't that much different) and I do recommend you do it, just don't do it in production :)

1
Here's a nixos-rebuild wrapper script that formats and colorizes traces (lemmy.world)
submitted 3 months ago* (last edited 3 months ago) by talkingpumpkin@lemmy.world to c/nix@programming.dev
0 comments fedilink
 

Here it is https://codeberg.org/gmg/concoctions/src/branch/main/sh-scripts/nixos-rebuild

(if you try it and find any bugs, please let me know)

edit: I didn't realize the screenshot shows just instead of nixos-rebuild... that runs a script ("recipe") that calls nixos-rebuild so the output shown is from the (wrapped) nixos-rebuild

Installing **self-hostable** services on a cloud server isn't self-hosting ??? in c/selfhosted@lemmy.world
[–] talkingpumpkin@lemmy.world 16 points 3 months ago

Honestly, do we need a legal definition of what "self hosting" is and what isn't?

I didn't see your post and in the modlog I can only see it's title: "Apparently I'm into Web3, says Netcup" [ed: Netcup is a hosting company].

If your post was discussing stuff specific to your hosting provider, then the mods did well in removing it - if you were talking about things that would have interested this community, then they have probably been too rash in removing the post.

1
(home manager) can i somehow put ~/.local/bin before ~/.nix-profile/bin in my $PATH? (lemmy.world)
submitted 3 months ago* (last edited 3 months ago) by talkingpumpkin@lemmy.world to c/nix@programming.dev
0 comments fedilink
 

I'm trying to get my scripts to have precedence over the home manager stuff.

Do you happen to know how to do that?

(not sure it's relevant, but I'm using home-manager in tumbleweed, not nixos)

edit:

Thanks for the replies - I finally got time to investigate this properly so here's a few notes (hopefully useful for someone somehow).

~/.nix-profile/bin is added (prepended) to the path by the files in /nix/var/nix/profiles/default/etc/profile.d/, sourced every time my shell (fish, but it should be the same for others) starts (rg -L nix/profiles /etc 2> /dev/null for how they are sourced).

The path I set in homemanager (via home.sessionPath, which is added (prepended) to home.sessionSearchVariables.PATH) ends up in .nix-profile/etc/profile.d/hm-session-vars.sh, which is sourced via ~/.profile once per session (I think? certainly not when I start fish or bash). This may be due to how I installed home-manager... I don't recall.

So... the solution is to set the path again in my shell (possibly via programs.fish.shellInitLast - I din't check yet).

Private network storage for my users? in c/selfhosted@lemmy.world
[–] talkingpumpkin@lemmy.world 4 points 3 months ago (4 children)

IDK how much I'd trust them with tech stuff (not much, definitely). However I don't see how encrypted storage may become an attack vector?

I mean, they could clog up the HDDs with crap, but they can already do that via non-encrypted network storage (and in several other ways).

47
Private network storage for my users? (lemmy.world)
submitted 3 months ago* (last edited 3 months ago) by talkingpumpkin@lemmy.world to c/selfhosted@lemmy.world
27 comments fedilink
 

I'd like to give my users some private network storage (private from me, ie. something encrypted at rest with keys that root cannot obtain).

Do you have any recommendations?

Ideally, it should be something where files are only decrypted on the client, but server-side decryption would be acceptable too as long as the server doesn't save the decryption keys to disk.

Before someone suggests that, I know I could just put lucks-encrypted disk images on the NAS, but I'd like the whole thing to have decent performance (the idea is to allow people to store their photos/videos, so some may have several GB of files).

edit:

Thanks everyone for your comments!

TLDR: cryfs

Turns out I was looking at the problem from the wrong point of view: I was looking at sftpgo and wondering what I could do on the server side, but you made me realise this is really a client issue (and a solved one at that).

Here's a few notes after investigating the matter:

  • The use case is exactly the same as using client-side encryption with cloud storage (dropbox and those other things we self-hoster never use).
  • As an admin I don't have to do anything to support this use case, except maybe guiding my users in choosing what solution to adopt.
  • Most of the solutions (possibly all except cryfs?) encrypt file names and contents, leaking the directory structure and file size (meaning I could pretty much guess if they are storing their photos or... unsavory movies).
  • F-droid has an Android app (called DroidFS) that support gocryptfs and cryfs

I'll recommend my users try cryfs before any other solution. Others that may be worth it looking at (in order): gocryptfs, cryptomator, securefs.

I'll recommend my users to avoid cryptomator if possible, despite its popularity: it's one of those commecrial open source projects with arbitrary limitations (5 seats, whatever that means) and may have nag screens or require people to migrate to some fork in the future.

ecryptfs is to be avoid at all costs, as it seems unamaintaned.

Finding a new registrar/name server for .at in c/selfhosted@lemmy.world
[–] talkingpumpkin@lemmy.world 1 points 3 months ago (1 children)

I don't remember them asking for any ID. Then again I gave them my real name/address and I payed with my credit card so... it's not like they can't confirm it's me.

solved (sort of): How are people discovering random subdomains on my server? in c/selfhosted@lemmy.world
[–] talkingpumpkin@lemmy.world 2 points 3 months ago (2 children)

(I missed the first part so I'm not sure I follow)

How are the the subdomains resolved? If you registered them on a public DNS that might be what leaks them. Otherwise... maybe your browser?

Finding a new registrar/name server for .at in c/selfhosted@lemmy.world
[–] talkingpumpkin@lemmy.world 2 points 3 months ago (3 children)

I moved to infomaniak because registering domains come with a free mailbox (or at least they used to - IDK if it's still like this).

It works fine with lego (as should any other supported one).

27
Trump says he will meet Putin in Hungary in bid to resolve Ukraine war (www.euronews.com)
19
Highlights from Trump’s speech at the UN (www.whitehouse.gov)
submitted 7 months ago* (last edited 7 months ago) by talkingpumpkin@lemmy.world to c/europe@feddit.org
14 comments fedilink
 

Delusional.

264
UK, Canada and Australia recognise Palestinian State (www.euronews.com)
112
NATO at War With Russia, Kremlin Says (www.newsweek.com)
-1
Why mount /etc/timezone and /etc/localtime in containers? (lemmy.world)
 

A lot of selfhosted containers instructions contain volume mounts like:

docker run ...
  -v /etc/timezone:/etc/timezone:ro \
  -v /etc/localtime:/etc/localtime:ro \
  ...

but all the times I tried to skip those mounts everything seemed to work perfectly.

Are those mounts only necessary in specific cases?

PS:

Bonus question: other containers instructions say to define the TZ variable. Is that only needed when one wants a container to use a different timezone than the host?

-1
Simpler alternative to prometheus-alertmanager and/or graphana? (lemmy.world)
 

Prometheus-alertmanager and graphana (especially graphana!) seem a bit too involved for monitoring my homelab (prometheus itself is fine: it does collect a lot of statistics I don't care about, but it doesn't require configuration so it doesn't bother me).

Do you know of simpler alternatives?

My goals are relatively simple:

  1. get a notification when any systemd service fails
  2. get a notification if there is not much space left on a disk
  3. get a notification if one of the above can't be determined (eg. server down, config error, ...)

Seeing graphs with basic system metrics (eg. cpu/ram usage) would be nice, but it's not super-important.

I am a dev so writing a script that checks for whatever I need is way simpler than learning/writing/testing yaml configuration (in fact, I was about to write a script to send heartbeats to something like Uptime Kuma or Tianji before I thought of asking you for a nicer solution).

view more: next ›