As another commenter pointed out, the lower population of Lemmy is a feature not a problem.

And when an instance gets too big, smash that block button.

No judgement here. I think it’s a worthy goal just not one I am particularly interested in at this point. Maybe if the automation was a bit easier and the mobile device management was easier I might join you.

My experience is it’s really a lot of work and with the prevalence of letsencrypt, there is not a lot of automated setups for this use case (at least that I have been able to find). It is kind of a pain in the ass to run your own CA, especially if you plan to not use wildcard and to rotate certs often. If you use tailscale, they offer https certs with a subdomain given to you:

[server-name].[tailnet-name].ts.net

That’s honestly what I’m moving towards.

Another vote for wiki.js. It has tons of authentication options and integrations. The mobile web interface is a tad clunky but usable.

And here I am running a bare metal k3s cluster fully managed by custom ansible playbooks with my templatized custom manifests. I definitely learned a lot going that way. This project looks like it has just about everything covered except high availability or redundancy, but maybe I missed it in the readme. Good work but definitely not for me.

Check out Termux. It lets you install nearly any linux software on your Android device. Probably a good place to start to get your toes wet.

I know this isn’t what you’re asking for but I think this is still a good starting point. Like you correctly surmised, identity and authentication management is not an easy subject and does require extensive experience and theory.

I want categories of blocklists that I can turn on, e.g. uncheck languages I don’t know, uncheck religion, uncheck politics, etc.

I want to be able to group together all posts that were posted by the same user with the same content to different committees. I want to view that as a single post not 6 or however many they spam posted it to.

I want to be able to view same community spanning different server instances as a single community if I so choose, maybe some way to combine them and auto-add new communities with same name as they pop up ok other instances. Posting to it should give option of which server to post to, or all of them?

I had similar problems doing the same thing with a Pi 4.

Sure! I’m using ansible to manage the hosts, install k3s, and deploy the manifests. I’m looking at switching to nixos for reproducibility purposes. I have a couple Pi 4’s, and a handful of Pi 3Bs. Each one is booting off USB drives (Pi 4s have SSDs and others have thumb drives). Then I have an old computer I turned into a NAS server that is hosting NFS for the PVs of each pod. Then I have a rackmount gigabit switch, and I set up tailscale on each node, and reference everything by the tailnet names. Works really well and I have complete access while I’m away from home.

Edit: oh yea my NFS server is also hosting a docker server. My ansible stages the docker containers to the local docker server then each pod pulls from the local server to save on bandwidth and if internet goes down I can still do everything locally.

I have k3s running on my Pi cluster and have dozens of services running on them. USB drives for the lot of them.

Try running a server image on it without desktop and then logging into it over the network from another device like a laptop via ssh

My list is very similar but I have my Pis in a k3s cluster with a NAS for PVs. That allows me to not worry about what physical device is hosting the service, and I built it so I can intermix amd64 devices when I start adding in my used laptops into the mix.

I think if enough people never gave them Internet access, the manufacturers would start adding in cellular modems to ensure they get the data flowing (that is, data on your viewing habits and sending you ads).

Right. Typing in the LUKS password every time you resume from standby (specifically hibernation) means nobody actually uses it in practice. This unlocks a key feature missing from Linux ecosystem.

This is great news. FDE is needed for all kinds of use cases. Ever log into your bank on your unencrypted laptop? Better hope nobody steals your laptop, they can get to any passwords saved in your browser, session cookies, etc. But if your disk is encrypted then it’s good luck, they’ll have to crack your password (if Canonical implements it right it shouldn’t be possible) or wipe the drive.

I still hold that image was stable diffusion generated.

Yea that’s on the list for some point. I have a small k3s cluster running on some Pis and experimenting with tailscale.

I maxed out the free tier in my first month somehow lol… $20/yr isn’t a bad deal for essentially pihole everywhere.

You bring up a lot of great points. I disabled the firewall on my bare metal cluster nodes and didn’t give it another thought. I had to go digging to figure out how to encrypt secrets, and NFS StorageClass is not very great security wise either. Not to mention lack of isolation for privileged containers. I found kata containers a good solution to that. Then there’s wireguard between workers I don’t know if I got working correctly because I can’t figure out how to really test it.