DNS blocking is the most unreliable way of blocking youtube ads you can imagine.
you could write a script to OCR your entire screen and click skip ad and it’d be more reliable than DNS blocking

One of the reasons I use containers instead of installing things directly is that i can completely uninstall a service by deleting a single directory (that contains a compose.yml and any necessary volumes) and running a docker/podman system prune -a

or that i can back up everything by backing up a single “containers” dir, which i could have on a subvolume and snapshot if i wanted to

systemd/quadlet on the other hand makes me throw files in /etc (which is where you’re supposed to put them, but ends up resulting in them being tangled together with base system configuration often partially managed by the package manager)

The Solution™ to this is configuration management like ansible or whatnot, which needlessly overcomplicates things for the use cases i need (though they’re still useful for getting a base system “container ready” wrt ssh hardening and such)

tldr: i want my base system to be separated from my services, and systemd integration is the exact wrong tool for this job

it can be pretty useful for really specific cases, but i’m not exactly sure if this is one of them

the allowed instances list acts as an allowlist, meaning you’d be defederating yourself from the rest of the fediverse (and only federating with the instances you allow).

if that’s what you were going for ofc it’s your right and i sure won’t stop you from doing that, but i feel like you’ve misunderstood what it is.

if you have a hard time choosing between Gitea and Forgejo I recommend picking Gitea for now, as they haven’t done anything bad just yet, but if they do Forgejo supports migration from Gitea.

iirc there isn’t an official way of migrating the other way so if Forgejo fucks up you may end up out of luck

it’s partly because everything has public/private certificates, but also partly because there isn’t much synchronization going on after the initial “push”. if you shut an instance down and modify the database directly without informing other instances (say, you remove an account) then other instances will not be able to tell and will drift out of date, essentially making that specific thing unusable for any instance that has previously interacted with it. if you expand that out to, say, wiping and re-creating an entire database, then you end up with so much uncertainty that you may as well start over from a fresh domain

You’d have to be significantly more careful with backups, as it’s really easy to effectively “burn” a domain from federating over AP ever again (at least to instances that federated with it before), but otherwise it should be reasonably automatic as federation gets implemented piece by piece.

…and of course I learn this after switching to firewalld.

At least firewalld feels relatively painless compared to rest of the redhat-container-verse.

The other big annoying thing about Podman is that because there’s no Big Bad Daemon managing everything, there are certain things you give up. Like containers actually starting on boot. […] until you realize that means Podman wants you to manage your containers entirely with systemd. So… running each container with a systemd service, using those services to stop/start/manage your containers, etc.

Surprisingly, they have a solution for that that doesn’t involve using systemd for everything. They put an --all option to podman start, and a systemd service to run it at boot with the correct --filter (yeah. because unix philosophy). Debian seems to enable it by default AFAICT.

No idea how well it works rootless though.

Edit: Oh and for rootless networking, Podman 4.4.0 seems to ship pasta which seems to be the solution to slirp4netns’s existence. Unfortunately I have no idea if it works at all because I run Debian stable which is still on 4.3.1

At this point I might as well release it onto the wild. No clue If I’ll work on it until there is a definitive answer to the CORS question: https://github.com/ShittyKopper/lemmik

Obligatory screenshot:

I had been also working on something like this for a couple days. also with sveltekit even!

it’s not public yet as I really don’t have anything too much to show for, but it’s slowly coming together

also it’s still a question whether upstream Lemmy will loosen their cors restrictions to allow for 3rd party web UIs. the more the merrier imo