If public key is denied forgejo is setup, but you have an old connection in your authorized_keys file probably form using gitea. Remove the line, it should prompt you to accept public key on next ssh session. This is a basic ssh functionality probably why you were downvoted I guess.

Gitea and forgejo configs were 100% same at some point, check forgejo news for when the last version that supported gitea migrations. That said it should still be pretty close.

Velero is the backup solution for PVCs and k8s way.

I have tried quite a few and found blocky to be very easy and reliable.

I use multiple DoH servers upstream, it sorts out which ones better response times and uses it more often, but splits them still. I have over 20 devices using it and its been running well.

It also can prefetch common domains and caches them per config. I got A 40% cache rate with running 3 of them for redundancy.

I’d recommend finding a cheap VPS using https://lowendbox.com/. I got a 3GB RAM 3 core plan for $32/year this is slightly overkill, prpbably, but it also had higher bandwidth limits. Add wireguard and setup routing for the vps public IP.

Yeah operators are extremely nice. I used bitnami images before operator in HA setup and it would fail all the time. Using operators I have like 12 postgres DBs and 0 issues for well over a year.

Btw, self hosting communities tend to shy away from k8s due to complexity and generally enterprises use it so less selfhosters use it. I wanted redundancy and to keep me learning tech, less crazy people tend to go with proxmox for clustering in these communities.

Some operators for postgres is free for non commercial use, so its not truly open source even though its source available, one is crunchydata.

pgvecto.rs v0.4.0 I assumed was just not renamed. They have one for vectorchord too

Operators are good ways to support applications in CLI that aren’t easy to setup in a cluster by default. You can make these databases redundant by setting replica higher than 1 and applying it, operator copies the db data and makes a new replica. It also helps with backups and restoring too.

If you are using Kubernetes, I highly recommend investing time into installing an operator. The best open source one with less restrictive licensing is cloudnative pg. VectorChord builds official images for CNPG that includes the extension.

Yeah I was looking at all of their services tbh but that one looks expensive at first ignoring the deal ~$8/mo. I suppose if you are actively using 4+ TB its not too bad though.

I guess its comparable to others in ways with free api calls / egress but they charge a flat rate higher than others on storage.

Wow IDrive looks extremely expensive for backups, unless if there is something I am missing.

Docker Hub is the bane of my existence lol. I updated every image I use that has github as alternative yesterday now giving time for my rate limiting to go down. Unfortunately still a few that are doxker hub only ironically including lemmy!

I added renovate to my project over the weekend. I got 26 PRs for updating things I have missed, so it is working well for theost part!

The only issue I have with it are a few docker images come from docker hub and I am getting 429 response codes for pinning digests. Do you have any tips for renovate on this? Ideally I’d like it to just update and pin digests on the next update to avoid api hits.

I am doing a regex datasource for most of them since my k8s resources are in yaml files and found right now it strips - alpine and such from the version tags… Haven’t looked into this issue too much yet though.

For a library that supports just bout every service apprise.

For notificatuons and unified push, ntfy.

I saw sharrr the other day which apparently can be self hosted and uses cryptography / expiracy / single download / multi part downloads to make it hard to find a compete file if an attacker even has host access, it also encrypts the file prior to uploading to the server and only you on the client side have the encryption.

That said, this is all according to the architecture of the service, not sure about security in practice.

If you are using openvpn this env may be a good thing to try. It may need adjusted though.

OPENVPN_MSSFIX=‘1350’

Yeah that makes sense I didn’t mean in any aggressive way I guess codeberg is archived so that answers the question of what one to use for issues and such. I’ll put up a feature request on it. I do appreciate the work and have been watching it progress!

What’s up with changing to github?

I’ve been watching this one since it can support high availability but the biggest thing I see missing is support for indexing / searching documents.

I like the direction this has gone so far and excited to see how it continues!

VPN would still work for iPhone I imagine. Small whitelist of DNS would do 90%+ of the job.

The biggest thing I learned is give postgres a crap ton of ram especially if you use autosubscribe to communities bot. Nginx logs can tell you response times and timeouts, timeouts will be from slow queries and if you get a ton, need to bump up your RAM.

Use https://phiresky.github.io/lemmy-federation-state/site to troubleshoot federation issues.

Using the igpu might be problematic for transcoding if you need that. I’d recommend older intel / Asus NUCs if you want a mini PC. 3 year warranty, built for Enterprise, tall version has room for a 7mm tall sata SSD or HDD along with nvme m.2 SSD.

I think if you do Asus 12gen + they have another m.2 slot though it is the smaller one 2242. Doing all this you can upgrade it to 64GB RAM, 8TB m.2 2280, 8TB SATA SSSD, and 1TB M.2 2242. In homelab especially with mini PCs the limit is usually RAM / storage rather than CPU.

I got 4 11th gen with 64 GB RAM each and 32TB of SSD storage. I recommend avoiding QLC SSD as much as possible. Aim for TLC , MLC, or SLC. Higher storage capacity tends to be QLC or TLC, QLC has shortest endurance and slowest speeds.