It looks like it’s for their immediate family. I had issues with this when I was supporting people I didn’t live with, but if they’re using the same PC, it shouldn’t be an issue until something breaks.
- 0 Posts
- 17 Comments
Joined 1 year ago
Cake day: July 1st, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
I use NixOS, Gentoo, and Debian:
- NixOS because I like declarative configuration files.
- Gentoo because I enjoy compiling from source.
- Debian because the other two are more difficult to use.
3·4 months agoPerfection
Media server: Jellyfin, qBittorrent, Radarr/Sonarr/Lidarr/Prowlarr, and OpenVPN/Traefik/WireGuard
Misc: PiHole, Vaultwarden, HashiCorp Vault, and FreeIPA
VMware ESXi for the VMs, but I’ll be switching to Proxmox soon.
All running in Docker or Podman containers on their own VMs. I’m trying to automate the deployment and configuration of each of these services via pipelines in GitLab CI using Ansible and Terraform right now. I also have a couple of Kubernetes clusters for testing and dev stuff on this server.
Accessed via SSH or an NGINX reverse proxy. I’m using certificates where possible, but a lot of the traffic between VMs is still unencrypted. I’ll eventually force everything local to use Traefik, but for now, only a few services are using it.
There are a lot of projects on awesome-selfhosted and selfhosted that I’ve been meaning to get around to installing. Home Assistant and AdGuard Home are two of them.
OpenStack has a really good Ansible hardening project for securing servers that I try to always use. I also have a Red Hat developer license, so I try to use their OS when possible because of their FIPS and other security profiles. Some services just don’t work with any of the newer RHEL versions though, and I usually fall back to CentOS Stream or Ubuntu whenever that happens.
This is a great idea. I didn’t see a Linux subway yet, but the process for requesting new lines seems pretty simple.
The “bot” suggested I use RandomSleep. It’s not effortless.
I got the idea to use systemd timers from another answer in this thread and thought I’d help you out with an Ansible playbook.
In any case, I learned at least two things while reading the other replies, so it wasn’t a total waste. (and you got your answer)
What sucks is the attitude you get when trying to help in many Linux communities. It’s a tool, and a very useful one too.
If you knew what you were doing, you could understand the loop just by looking at it, without having to run it, ngl.
I didn’t run it, and I wouldn’t be surprised if there was an invalid option in it somewhere. Ansible Lightspeed would be a better tool than what I used, but it’s sufficient to get the point across.
I use AI for grammar correction or to help put a thought into words sometimes. Needs some more work to sound natural though.
That’s a great idea! Learned something new, thanks.
To effectively manage and stagger automated upgrades across multiple groups of Ubuntu servers, scheduling upgrades on specific days for different server groups offers a structured and reliable method. This approach ensures that upgrades are rolled out in a controlled manner, reducing the risk of potential disruptions.
Here’s an example Ansible playbook that illustrates how to set this up. It installs
unattended-upgradesand configuressystemd timersto manage upgrades on specific weekdays for three distinct groups of servers.Playbook
--- - hosts: all become: yes vars: unattended_upgrade_groups: - name: staging_batch1 schedule: "Mon *-*-* 02:00:00" # Updates on Monday - name: staging_batch2 schedule: "Wed *-*-* 02:00:00" # Updates on Wednesday - name: staging_batch3 schedule: "Fri *-*-* 02:00:00" # Updates on Friday tasks: - name: Install unattended-upgrades apt: name: unattended-upgrades state: present - name: Disable automatic updates to control manually copy: dest: /etc/apt/apt.conf.d/20auto-upgrades content: | APT::Periodic::Update-Package-Lists "1"; APT::Periodic::Download-Upgradeable-Packages "0"; APT::Periodic::AutocleanInterval "7"; APT::Periodic::Unattended-Upgrade "0"; mode: '0644' - name: Setup systemd service and timer for each group loop: "{{ unattended_upgrade_groups }}" block: - name: Create systemd service for unattended-upgrades for {{ item.name }} copy: dest: "/etc/systemd/system/unattended-upgrades-{{ item.name }}.service" content: | [Unit] Description=Run unattended upgrades for {{ item.name }} [Service] Type=oneshot ExecStart=/usr/bin/unattended-upgrade mode: '0644' - name: Create systemd timer for {{ item.name }} copy: dest: "/etc/systemd/system/unattended-upgrades-{{ item.name }}.timer" content: | [Unit] Description=Timer for unattended upgrades on {{ item.schedule }} for {{ item.name }} [Timer] OnCalendar={{ item.schedule }} Persistent=true [Install] WantedBy=timers.target mode: '0644' - name: Enable the timer for {{ item.name }} systemd: name: "unattended-upgrades-{{ item.name }}.timer" enabled: yes - name: Start the timer for {{ item.name }} systemd: name: "unattended-upgrades-{{ item.name }}.timer" state: started
Same here. Our servers are so out of date that we might not have a version of xz with any commits from Jia Tan at all.
I rely on notifications from
glsa-checkor my distro’s package manager. I was notified about a problem withxz-utilson Thursday evening, but didn’t see anyone post about it until Friday morning.glsa-checkis a command-line tool included with the gentoolkit package in Gentoo Linux. Its primary function is to scan your system for installed packages that are vulnerable according to Gentoo Linux Security Advisories (GLSAs). GLSAs are official notifications from the Gentoo security team about security vulnerabilities that affect packages in the Gentoo repository.
4·8 months agoYeah, it’s probably fine. I also don’t use systemd. I was just pointing out that another rolling release distribution had the affected version.
Red Hat Linux 6.0, back in 1999. It was one of the first distributions to include GNOME as the default desktop environment.
It was also on Gentoo. I had this version installed for a day or two.
I was under the impression that the sync command makes device removal safer somehow. Even though the device was unmounted, there may be cached data that wasn’t written yet. Could be wrong about that, but it seems harmless to include.
Edit: looked it up, and umount calls sync, so there’s no need to include it. And if you do include it, sync before umount, like you said.