ufw is the only thing that makes sense to me.

This makes no fucking sense:

sudo iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE

I feel that I am just not old enough to understand iptables

That's what I thought at first too, but different ones are followed by different users.

That Bladerunner account is followed by Odell and other trustworthy users.

Web of Trust bros literally outsmarted by AI.

So true, Queen. 👑

ReplyGirl is getting through Web of Trust filters because these people are following it. Why?

This will stop ReplyGirl on your relay

nostr:nevent1qvzqqqqqqypzqprpljlvcnpnw3pejvkkhrc3y6wvmd7vjuad0fg2ud3dky66gaxaqydhwumn8ghj7emvv4shxmmwv96x7u3wv3jhvtmjv4kxz7gqypjdkfnka996a5ffjmxar4fp8uj5rwgtxgvufcvrcjnmml8ys9z563lsv7p

ufw insert 1 deny from 198.44.128.160/28

198.44.128.167

Perhaps not. I actually only see ReplyGirl from primal.net. But I nuked his account anyway.

Check here for an example: https://gitlab.com/soapbox-pub/gleasonator-policy/-/blob/main/mod.ts?ref_type=heads#L54

Btw some still got through because of my web-of-trust setup. It seems somebody in the WoT is following tzongocu@getalby.com, and this account always follows the new spam pubkeys. Therefore tzongocu is the true spammer.

I'm blocking accounts without a valid nip05 address. Not seeing spam.

Exactly the same.

The thing that tripped me up was persistent volumes. If you use local volumes your pods get pinned to the host. I tried Longhorn https://longhorn.io/ but it kept corrupting my data.

I also had frequent problems with nodes losing connection and then not being able to get them to rejoin the cluster.

Not to mention you're running a ton of code in Go for these operators and I was digging into their source code a lot more frequently than I would have liked.

Most problems are issues with running a multi-node system. So if I had to do it again I'd try doing it on one giant server. But there are simpler solutions.

FWIW, the client-server interaction is pretty nice, eg: https://gitlab.com/tribes-host/tribes/-/blob/develop/lib/tribes_deploy/k8s_resource.ex It's the internals of K8s itself I really struggled with.

Terraform is not open source. So I switched to OpenTofu. I'm vegan btw.

I want to have a git repo that describes all my shit, starting with all my physical servers and what I want to put on them, then I click a button and it makes the servers match my configuration.

You need at least 5 different tools for this and there are so many options and possibilities I galaxy brained it so hard I can't remember my name anymore.

But what if you have umbrel installed on 10 different servers and you clicked the buttons 100 times to install 100 projects and then the whole server rack gets destroyed in a flood.

I once built a dynamic deployment platform with Kubernetes where people could self-service instances of my software. Reading 48 page whitepapers from ten different CNCF projects funded with $20 million dollars each to solve the simplest problem ever made me want to kill myself.

I'm using OpenWRT. I like it a lot, but I dislike that I can't easily orchestrate it with existing tools.

What if... instead of Proxmox, Terraform, LXC, and Ansible... you just put a single docker-compose file on each host.

What if you just used docker-compose as a package manager.