The way I have my file, is a load of default stuff. Like block windows ports and allow SSH.With a for loop that adds stuff for a specific host, like allow http/s for the web server.
That's the point of the template, you change the bits the need change and the bits that are static get templated
I have used both, can tell you that a template file of /etc/iptables/rules.v4 with iptables-persistent is the easiest way. if you go the full IaC route and have vars for the rules, remember to get iptables to save its state after you have applied your rules
All I can tell you from my decades of Linux use is, the memory management is very odd.But yes more free memory should help keep things running shooth, if you have the memory leave it as is
That's how Linux manages it memory, it will use free memory as file cache till it needs it. Then free up memory for process use.If your only half using the memory for actual services, you may want to reduce it.
Depending on what your server is doing, swap use is normal. But if it's into swap cuz ram is full, you will find it grinds to a halt.Use free -mh to see what the memory use is, there is a way to reduce the swapiness if your running a database server and is advised.
I didnt know of NNCP either, it looks amazing and super simple to setup. might have to look at how I run a NNCP forwarder to Gmail
you could do that, set the use NNCPNET_NO_NODELIST to 1.Then your into private node https://salsa.debian.org/jgoerzen/docker-nncpnet-mailnode/-/wikis/configuration#adding-private-nodes
If you have your own domain and your DNS provider has an API, you can get a certificate for anything in your domain
OVH here, both domains, dedi server and a VPS.Has an API to get an cert you want, even for non internet facing stuff
Does it ever make sense/is it possible to move certain docker volumes to another physical volume, but not all?
In my case I need to use a named volume for docker swarm, also I can reuse a named volume in other services. If your not using swarm then just a bind mount should be fine
Does it ever make sense/is it possible to move certain docker volumes to another physical volume, but not all?
with the way I do it, you can also use NFS as a backendhttps://docs.docker.com/reference/compose-file/volumes/
but you shouldn't be building out new applications and new environments on VMs or LXCThat's a bold statement, VMs might be just fine for some.Use what ever is best for you, if thats containers great. If that's a VM, sure. Just make sure you keep it secure.
Does it ever make sense/is it possible to move certain docker volumes to another physical volume, but not all?
If you use a volume, you can mount that anywhere. volumes: lemmy_pgsql: driver: local driver_opts: type: none o: bind device: '/mnt/data/lemmy/pgsql' Then in your service add a volume volumes: - lemmy_pgsql:/var/lib/postgresql/data:Z
I will be looking for cheap dishwashers when we need a new one, that don't even know what the internet is.Or making a shit appliances network, all the WiFi crap can live on that
I'm with him, what happens when my internet drops out (which it does on the reg)?I can't run the dishwasher cuz AWS us-east-1 is down
The way I have my file, is a load of default stuff. Like block windows ports and allow SSH.
With a for loop that adds stuff for a specific host, like allow http/s for the web server.