jrollans.com is a Fediverse instance that uses the ActivityPub protocol. In other words, users at this host can communicate with people that use software like Mastodon, Pleroma, Friendica, etc. all around the world.
This server runs the snac software and there is no automatic sign-up process.
Oh fuck, I was mistaken — it was a real attack, not LLM bots
— someone, using machines from French hosting, was trying to connect to my Asterisk box, using various SIP endpoints.
The attack was started at Monday's night and was found only because monit reported about too much memory eaten by fail2ban 
Interesting, why fail2ban didn't banned attacker's IP, because it should do that right after failed attempt to login?
Tine to revisit fail2ban jails configs…
I think one of the coolest things about #Mastodon is all the small-time instances. It proves there are tons and tons of people out there who get how to do self-hosting. They get DNS, domain registry, and some System Administration skills, to empower themselves, and make a stand on the #internet, participating in a federation whatsoever.
Email doesn't really enjoy this same status: it's sort of (effectively) "semi-federated". Even after doing all the correct DNS vodoo (SPF, DKIM, DMARC), one might be cursed anyway, because one's IP address comes from some disreputable IP block. This "original sin" can't really be cleansed, according to #Google , #Microsoft, etc, who silently and ruthlessly can send all one's incoming, self-hosted email messages to the recipient's spam folder.
Ok #Arcane is no longer a simple #Docker orchestrator for #HomeLab. Also, their v2 migration guide is a good example of bad documentation.
Anything except #UptimeKuma? Any recommendations?
Some graphs
from #Munin with LLM-bots attacking my kitchen server.
Graphs spans to the whole week, so on the left there is a normal state of my server. And on the right — attack is happening.
Then, I logged into my box and found that fail2ban, Asterisk and PostgreSQL aren't feeling well. The system load and the traffic amounts was unusual — the parameters are completely differs from which I used to see since server installation.
I checked fail2ban logs and found that it is still parses the data from Asterisk log which were happen at near 5 hours ago
And there were total mess in the Asterisk security.log (see screenshot) — some dumb (as it programmers
) LLM-bots were constantly trying to connect to my Asterisk server with HTTP protocol, evaluating it as a web-server, I dunno
And the Asterisk logs became enormously big — while newsyslogd wasn't invoked — they eat at near 4 GB
. I didn't specify the maximal size of Asterisk logfiles in the /etc/newsyslog.conf, because I wasn't expected a lot of lines in the PBX logs, which is in use only for my relatives.
Le guide IPv6 (#OVH / #NPM / #Proxmox / #Docker) fait peau neuve !
Vous connaissez déjà cette page de mon wiki, mais elle vient de s'offrir une réécriture complète !
Pourquoi ? Pour couvrir proprement deux cas de figure bien distincts selon vos besoins. Que vous soyez dans une config ou dans l'autre, tout y est détaillé pas à pas.
👉 À checker et à mettre dans vos favoris ici : https://wiki.blablalinux.be/fr/deploiement-ipv6-ovh-npm-proxmox-docker
Bonne lecture et bon déploiement !
Huh, looks like the new ASes, with LLM-bots attacking servers, just dropped
TLDR: there are AS12876 and AS16276 — both located in France (Scaleway SAS and OVH SAS). My Asterisk self-hosted box was attacked from the next IPs: 62.4.15.81 and 51.222.38.229.
Today, after I was checked my e-mail, I found three warnings from Monit about fail2ban exhausting limits in my small server in the kitchen (Intel Atom N2800 1866 MHz and 4 Gb of RAM). First e-mail warns about fail2ban ate 200 MB of RAM, next about 500 MB of RAM and the last e-mail warns me that fail2ban ate 2 GB of RAM 
🚛 Neuer Beitrag auf ChristiansBlog.eu
Nextcloud-Server von einer USB-NVMe auf eine interne SATA-Festplatte migrieren – ohne Neuinstallation
Ein Praxis-Tutorial zur Migration eines laufenden Debian- und Nextcloud-Servers von einer USB-NVMe auf eine interne SATA-Festplatte – inklusive GRUB, rsync, fstab und typischer Fehlerfallen.
🔗 https://christiansblog.eu/post/tutorial/serverumzug/
#NextCloud #Debian #Linux #Server #Migration #NVMe #SATA #Apache #GRUB #Tutorial #HomeServer #Selfhosting
I have totally re-engineered the Genomic Sysadmin tool. Emphasis is on generating standalone code vs Ai centric processing, with universal Ai stubs that can run off cloud or local models with a fallback to deterministic evaluators.
Added emphasis on pressure sensitive governance.
Eg. If the firewall is getting more hits, the security posture is elevated, if diskspace, housekeeping...etc
Second major "innovation", the mission.md is actually composing the codebase as the compute windows flap.
It's currently just a simplified version of my existing blog, but I'm hosting this website on my Raspberry Pi Zero for testing purposes:
We will see how things go over time, then possible port over the "real" thing 😛
New post: IPv6 Foundations.
IPv6 isn't "the future of the internet." It's the internet. IPv4 is the relic we keep alive on NAT life support.
A laid-back tour through the basics: how the addresses are built, the two rules for crushing out the zeros, a /64 per subnet so you stop counting hosts, SLAAC, and why blocking ICMPv6 is a self-inflicted wound.
And no, dual-stack isn't a destination. It's a burden.
https://blog.hofstede.it/ipv6-foundations-the-internet-protocol-you-should-already-be-using/
Also, I didn't get the notification about high server temperature from #Beszel because of this: https://github.com/henrygd/beszel/issues/2042 (still not released).
So the federation is working on my #Wanderer instance, and you can actually follow me there from any #ActivityPub instance: @yehor@wanderer.glitchy.social
The issue was actually in my #Mastodon instance: https://mastodon.glitchy.social/@yehor/116713584141417614
#Fediverse #homelab #selfhosted #selfhosting #selfhost
AodeRelay boostedWrote my first server announcement. Because yesterday, after updating my #Mastodon instance to 4.5.11, I didn't realise the Sidekiq died.
I spotted an unusual server load and temperature 24 hours later, found out that it was a Mastodon LXC, and realised there had been nothing processed by Sidekiq for 24 hours already.
I'm not sure about the reasons, because I didn't find anything useful in the logs. I definitely need better monitoring for #GlitchySocial.
Also wrote a guide on setting up #Wanderer instance bare-metal using #systemd service: https://github.com/open-wanderer/wanderer/discussions/817#discussioncomment-17209054
Halp! I just installed Yunohost on my home server with a wired connection.
Access to my apps works fine on devices with ethernet cable. But my wireless devices can only access my admin page, not the app portal.
Is this a common issue?
I think #SelfHosting is an important skill to learn, for anyone with the aptitude for it. I think the internet can't really be made a better place, until people learn to use those same skills to "staple the internet to real life". Like start from a place in one's real-world existence and look around. There are real-world organizations, and various community groups.
These groups should ideally roll their own self-hosted services: forums, group chats, file-sharing, etc. That's what I mean by "stapling": real world regional orgs aligning to the services they self-host. It's the opposite of using Big Tech forums: the Facebooks, Instagrams, etc of the world, where the platforms can't be trusted, and are totally certain to enshittify. In this way, #DataSovereignty is gained.
Yes, people will need a password manager to manage all those passwords. Or perhaps regional SSO servers - run by a city of province/state - can unify these accounts somewhat. Password management and backing up the password database (eg. .kdbx file) should be taught in school.
People actually visiting over coffee/tea (or meals), are the right time to help someone less technically inclined (in person) to install a new #OpenSource friendly app, like Signal or #DeltaChat
Yes, it won't be easy, *but I don't see an alternative*. There's pretty much no escape from the Tech Bro billionaires otherwise.
✨ Demain 18h : rendez-vous mail !
Abonnés à la campagne Wiki, attendez-vous à recevoir demain une belle dose de contenu technique pour vos serveurs. Soyez prêts ! 📖
#BlablaLinux #Wiki #Tips #SelfHosting
I really should stop fucking with the tool, but there is always one more tweak to make it more functional. Takes a lot of discipline to stop poking at it...
... of which I have none.
This is the current iteration.
3 runners (but you can add as many as you want, just by cloning the runner directory)
Each runner has an autonomous mission.md - this is basically a super prompt. You can see, I can assign the compute load (its 5%, 95% atm).
The load logic was broken and I only picked it up by watching the runners cycle.
A cute little function I added, the ant-trail moves faster the more compute % its got allocated, so you can see at a glance where you are at.
There is a logic that estimates the available compute window and ramps up towards the end, to burn up the remaining compute, while allowing a window at the start, should you need it for manual prompts.
#sysadmin #vibecode #llm (windup) #codemonkey #selfhosting #vps
Die eigene Nextcloud zu betreiben geht einfacher als gedacht. Dank Nextcloud AIO und meinem ausführlichen Video-Tutorial gelingt die Installation auch ohne Vorkenntnisse. Und falls doch Fragen aufkommen sollten, steht unsere Community mit Rat und Tat zur Seite.
https://gnulinux.ch/video-nextcloud-all-in-one-dein-einstieg-ins-selfhosting
So @delta updated itself (fdroid and linux (cachyos)) to 2.51, now call on 1 to 1 is enabled by default.
This version will arrive soon on google playstore and ios / microsoft (depending the update delay on those platform).
#call #endtoend #privacy #sovereinty #decentralization #decentralized #deltachat #security #phone #foss #freedom #selfhosting
Weekend project that turned into infra I actually run daily: MastoSum.
The stack: RHEL host, 100% rootless Podman. Web on FastAPI, Celery worker/beat/flower, PostgreSQL 16, Valkey. All on userspace networking (pasta), images built & shipped by a self-hosted Forgejo runner. No root daemon, no privileged anything.
What it does: tracks technical hashtags all day and produces one daily briefing, every point linked to the original post + author. It reads only public hashtag timelines, credits every source, and trains on nothing.
And yes, an LLM writes the prose: a local Ministral model from French lab Mistral AI, running on my own hardware. No cloud, nothing leaving the box. Saying that plainly, not burying it. The whole design goal was to point readers *back* at the authors, not replace reading them.
Example output:
https://mastosum.linuxserver.pro/s/OGuLC5whmCS1ET9jAe9leg
Uh...my Genomic #Sysadmin tool is jibber jabbing at me.
It started creating evolution progress reports.
Its only a couple of days into the 1st epoch.
Honestly, part if the fun is observing all the new artefacts this experiment is producing.
Its got free hand to self mutate for efficacy.
Genome Evolution Assessment
The primordial genome (gen_0001_a) is performing close to optimal given the environmental constraints. The operational_cost dimension score of 70 is structurally fixed by the backup age — genome mutations to operational_cost weights (cpu_cost_weight, memory_cost_weight, admin_attention_cost) cannot reduce the 40-point backup penalty. This creates an evolutionary ceiling for this dimension until the backup is restored. Generation 2 mutations will correctly target operational_cost genes but will achieve minimal fitness gains from this dimension until the backup situation is resolved. Evolution is healthy and functioning as designed.
I seem to have written a mini web firewall. I've been watching my self-hosted blog web server's logs, because I wanted to block AI web bots, and I noticed (again) that I get a lot of malware vulnerability scans. My site is static, so they're unlikely to ever "get in" because they all make requests that result in a 404 Not Found, or other 4xx response, but they annoy me and I needed a small, low intensity project to try to get my brain going again.
So I've come up with a very simple Python script that tails the log, looking for 4xx codes. If it sees a known "bad" request, or too many 404s from an address, it firewalls the IP address, and stops it in its tracks.
I need to make it a bit easier to use, and probably collect a list of failed requests to add to the bad list, but I'm quite pleased with it so far. Obviously I'm not Fortinet but it feels good to fight back in even such a tiny way.
If you want to set up several different online services but can't afford different domain names for them all, you can just use subdomains of one domain instead. They are limitless and cost nothing extra.
e.g. You could have a Mastodon server at social.example.com, a PeerTube server at video.example.com, a Nextcloud server at cloud.example.com etc.
Each subdomain can use totally different software and be on totally different hosting providers.
Der di.day bietet nun auch die Möglichkeit sich als Helfer_in einzutragen. Ihr findet mich hier: https://experts.di.day/experts/17
Tragt euch doch auch ein, damit wir möglichst vielen Menschen helfen können ihr digitales Leben etwas freier und sicherer zu gestalten.
I know that AI is a controversial topic on here. Same reservations as most: copyright, energy, junior roles eaten, the slop epidemic. Not pretending those are not real.
But "I won't touch it" is a competitive handicap in 2026. I engage carefully: human in the loop, my name on every paragraph.
The tiered stack I actually run, with the local Mistral on a laptop iGPU getting most of the space because that is the part with craft in it.
Log colorisés 😮 Passe au niveau supérieur pour la lecture de tes logs Nginx en terminal !
👉 https://wiki.blablalinux.be/fr/coloriser-logs-nginx-terminal
#DevOps #Linux #Nginx #SelfHosting
Sooo, exploring options for getting IP connectivity to my home "datacenter". I can do BGP peering, which is alright for IPv6 since there's plenty and it's basically for free for a /56. But the minimum allocation for IPv4 BGP peering is a /24, which goes for around a thousand euros these days (+/- 500) I've been told. Plus, I only need 3, at most 4 IPv4 addresses. Seems like a waste to get a /24 then... OTOH it might be a good investment for my pension plan :)
Tough one. I could just get a VPS or something somewhere with 3 IPv4 adresses and tunnel that back home, but there is something about owning your own IP ranges, being less dependent on a single provider and all that.
Choices, choices.
Any thoughts oh wise fediverse?
As of yesterday we have fiber to our little patch in the forest. This means I no longer rely on a crappy 4G uplink and can move on to the next phase of my digital independency journey: set up a makeshift #permacomputing "datacenter" in the barn made out of old laptops and move all my services from a fancy server in a datacenter somewhere to that.
Mai
[https://en.pronouns.page/@mai-lapyst] » 🌐
@mai_lapyst@soc.saiyajin.space
RE: https://soc.saiyajin.space/@mai_lapyst/116680305445289556
.... aaaaaaaaaaand done :3 Was a ton of work (espc fixing repo links, permissions, uploading, deprecating the npmjs.com entry and so on), but it's over! So happy to got it moved so smoothly.
Now I need to think about how long before starting deletion of lesser used packages, since I dont really want npmjs to host the data any longer than neccessary....
#leavingbigtech #nobigtech #independence #npm #selfhosted #selfhosting
toot.io relay service boosted
Mai
[https://en.pronouns.page/@mai-lapyst] » 🌐
@mai_lapyst@soc.saiyajin.spaceFinally got around of migrating my npm packages (20) to the npm repository in my self-hosted forgejo. While it's not a frictionless process (changing all url's etc.) it eases my brain knowing that my packages aren't hosted by some corporate bs site.
For anyone interested, here's the new home of them: https://codearq.net/bithero-js/-/packages
#nobigtech #bigtech #leavingbigtech #npm #javascript #typescript #smallweb #selfhosting #selfhosted
Mai
[https://en.pronouns.page/@mai-lapyst] » 🌐
@mai_lapyst@soc.saiyajin.space
Finally got around of migrating my npm packages (20) to the npm repository in my self-hosted forgejo. While it's not a frictionless process (changing all url's etc.) it eases my brain knowing that my packages aren't hosted by some corporate bs site.
For anyone interested, here's the new home of them: https://codearq.net/bithero-js/-/packages
#nobigtech #bigtech #leavingbigtech #npm #javascript #typescript #smallweb #selfhosting #selfhosted
Jeremy Cherfas shares: A Server for a Purpose. https://www.jeremycherfas.net/blog/a-server-for-a-purpose #SelfHosting
Self-Hosting an ActivityPub Video Podcast Is Surprisingly Affordable
1/
Imagine this.
You want to launch your own video podcast.
A new episode every week.
Each episode is 1 hour long.
Full HD (1080p), 60 fps video.
What would it cost to host it yourself?
Before I ran the numbers, I assumed it would be expensive — maybe even impractical.
I was wrong.
The reality is surprisingly affordable.
Here is why.
...
Funkwhale is a free open music and audio platform for the Fediverse, which has just been updated to version 2.0. Find out more at:
Their account is:
If you want to host your own Funkwhale server without doing any techy stuff, there are managed hosting providers at https://cloud68.co/managed-hosting/funkwhale and https://weingaertner-it.de/index.php/produkt/funkwhale/?lang=en
You can also self-host manually using the instructions at https://docs.funkwhale.audio/administrator/index.html