Cool. It’s actually still on my long to do list to try this. Thanks for the update!

I use one pod per app more or less. The reverse-proxy conf depends a bit on the specific app so that depends, but it will probably work for most by sharing a network and exposing the ports in the pods

Don’t use the kube stuff. That’s entirely seperate from Quadlets and some sort of Kubernetes compatibility.

I could pretty effectively prevent it from being used for mass surveillance.

And a future you might decide differently.

Woodpecker is more mature and I can control access better since I am not the only one using my Forgejo. But I think at some point the built in ones might reach feature parity.

Experimented with selfhosting a Woodpecker CI as a complement to my Forgejo.

Works quite nicely, I just need to set up a native ARM64 agent as the overhead of cross compilation on x86_64 is quite big.

Hmm yeah, I thought this is about organisation internal discussion. Of course if it is just a mailbox for outsiders to use, you could just configure some forwarders so that multiple people get the emails and can respond from their own account if necessary.

Selfhosting email specifically is quite hard. Not so much technically, but because of how a few large providers have cornered the market and drop most self-hosted emails reaching them with the excuse of fighting spam.

Hosting a forum that requires login credentials (incl. 2fa etc.) is quite easy though. But I guess that wouldn’t work as a way for outsiders to contact you.

I am confused why you would use a single email address instead of a mailinglist.

It is also possible to set up a private forum with mailinglist capabilities.

Generally speaking it is better to find a trust worthy host, or host on your own hardware than trying to repurpose some public service and hope e2ee alone is sufficient.

Igalia is currently working hard on making it easy to use Servo as an embeddable browser engine similar to how Chromium can be used.

The problems of doing that with Gecko, the browser engine that powers Firefox, is main reason why there are so few alternative browsers based on it.

Just install Linux on the laptop and start experimenting.

Yunohost is very easy, but something like Debian or Fedora Server Edition will be more flexible.

Matrix mobile clients got worse, yes 😅

Otherwise not really. Three years ago Conversations was quite good already, although the newer forks Cheogram and Monocles added some nice convenience features.

Xmpp itself works great. The slidge.im bridges are relatively new and your mileage will vary. Matrix, Discord and Telegram works ok, Signal & Facebook messenger have issues right now, WhatsApp is a bit tricky to set up properly.

Works here 🤷

https://slidge.im/

It basicallly allows you to remote control an existing Matrix account on a remote homeserver. Works quite well.

Matrix servers have the problem of highly variable resource use.

Basically if you only use it for some light chatting with friends and family and some niche topic public rooms it isn’t very heavy.

But if any user of your homeserver joins any busy rooms or uses the bridges to join busy public Telegram channels or such, it will quickly outgrow the resources of a reasonably priced VPS.

Personally I would rather recommend you to set up an xmpp server, which can include a gateway to Matrix and other services, but architecturally is much more lightweight and has better mobile clients.

Solid setup! Thanks for sharing.

I think it also has that, but normally it uses an even easier concept of pods that basically wrap multiple containers into a meta container with it’s own internal networking and name space, and that does exactly what you want.

Or you can use Podman, which integrates nicely with Systemd and also utilizes all the regular system means to deal with log files and so on.

Yeah, Forgejo and Gitea. I think it is partially a problem of insufficient caching on the side of these git forges that makes it especially bad, but in the end that is victim blaming 🫠

Mlmym seems to be the target because it is mostly Javascript free and therefore easier to scrape I think. But the other Lemmy frontends are also not well protected. Lemmy-ui doesn’t even allow to easily add a custom robots.txt, you have to manually overwrite it in the reverse-proxy.

It seems any somewhat easy to implement solution gets circumvented by them quickly. Some of the bots do respect robots.txt through if you explicitly add their self-reported user-agent (but they change it from time to time). This repo has a regularly updated list: https://github.com/ai-robots-txt/ai.robots.txt/

In my experience, git forges are especially hit hard, and the only real solution I found is to put a login wall in front, which kinda sucks especially for open-source projects you want to self-host.

Oh and recently the mlmym (old reddit) frontend for Lemmy seems to have started attracting AI scraping as well. We had to turn it off on our instance because of that.