The problem is running GUI code as root as it’s never been vetted for that. What you want, effectively, is to have EDITOR variable of your session set to kate and open system files using sudoedit. I’m a terminal guy myself, so this exact thing is enough for me. Having said that - I’m sure someone will chime in with a plugin/addon/extension/etc that adds this to the right click context for what I assume is KDE. Or you can try looking for that om your favourite search engine.

Mostly agree. Audiobooks are not my thing, but of it were - I’d look for a way to resume where I left off, maybe some recommendation on what to listen to next.

In general - once you’re into hosting stuff and past the initial barrier of setting everything up - adding another service is dead simple.

Can I be unreasonable? I’m gonna be unreasonable.

Gentoo.

Glad to hear! Not that you’d want to send email from a residential IP anyway - if not for your ISP, every email service wouls bounce it anyway.

It is quick and easy. Maintaining any other OS side by side is always a bigger ordeal than not doing it. It breaks the other way around as well - If you were running some linux distro and then tried dual booting by installing windows - no way you’d be able to boot into linux without extra tweaking.

Normally firewall is on the router. Sensitive environments usually run one on the client as well.

It’s not v6 itself, it’s rather lack of layers of nat that prevent forwarding a v4 for most folks.

Fair enough, I guess. Still, I was dumbstruck by lack of ability to open up a port.

It doesn’t fix it, per se, rather removes the need for layers of hacks such as nat and cg-nat. Every device gets a globally routable IP - no need to forward anything, just open the port you want.

IPv6. My stupid ISP actually shipped their router with all inbound ipv6 blocked with no way to unblock it, so I set up opnsense. Works like a charm!

.dev domains are required to only be reachable via https. You’ve not mentioned that in the post, so I’m guessing port 443 is not serving or even listening.

I’d delete the screenshot with your IP visible. You never know…

If you’re dead set to run lemmy - then just do it! If soam becomes a problem - turn on registration verification. Spam usually comes in waves, so you don’t even have to keep that barrier on all the time. Having said that - if you want some sort of nationality verification - application process could enable it.

If you’re not set on lemmy - give piefed a shot. That’s what I would run if I were setting up from scratch. Same format social media, but, at least from what I’m hearing - better software.

Setting up is easy, but keeping it up to date is often troublesome. Releases are far and few between and as such, whenever there is one, it includes a lot of changes. That leads to some instances having trouble pretty much every time; I’ve been on the unlucky side enough times to be wary.

Lemmy.cafe runs on 2 dual vcore 4gb ram VMs on digitalocean - one for db, another for lemmy itself.

Lemmy prides itself in being written in rust, but it leaks memory like a sieve - I’ve had split up the containers into smaller tasks (there’s an official flag you can pass to it), double them up and set memory limits. That way when something gets killed by the kernel it’s not really noticable to the end user.

Running a public instance of anything is a security concern, let alone alpha-beta software like lemmy. If you do run it on your homelab at home - at least get the cheapest vm in the cloud to hide your home IPs. You’d probably need to set up a wireguard tunnel to ensure outgoing federation does not reveal the IPs to other instances.

Instance level moderation is up to you. Don’t be too dreamy - nobody will join your instance just because you have it running. Other than spammers and voting bots, that is. Moderation tools are just not there, so you’ll have to fiddle in the db directly.

Having said all that - if all you want is a personal inatance - go for it! With sign ups disabled it’s a much less stressful experience!

I was looking into it, but the more I learn about it the more I’m leaning towards something else - misskey, akkoma, etc. Same function, but, supposedly, fewer headaches hosting.

I host a lemmy instance.

Welcome aboard!

I did jump onto Gentoo ship chasing performance, but stayed because of USE flags.

Majority of openrc/hardened/selinux binhost setup is done, need to figure out the small things.

Lemmy was also giving a bit of a headache, fiddled with limits some more.

I’m fairly certain there’s been an attempt to play with some opnsense config, but there was only time to install the updates. Or maybe this was last week 🤔

Whole path has to be accessible, not just the file itself. All dirs above the file need to have the executable bit set that affects the user accessing the file.

Lemmy.cafe checking in