Thank you! Templating rules.v4 is a pretty attractive option. Though my VPS has some portions of the file which should be unmodified, so I would have to avoid this method.

Thanks, but I looked up and learned to prefer the idempotence to be handled by ansible. Ansible support iptables by default, while nftables need a plugin, so iptables it is for me.

Being concerned about security while using free VPN sounds like an oxymoron.

Wait. I got the format warning in caddy, so does this mean it could contain substantial error? I gotta check

Thanks! I gotta get my hands on Ansible, was reluctant as I’ve heard it can be complicated. Should see myself!

Codeberg sounds like a good way! I was concerned about server config being stored on self-hosted forgejo (which is configured by the very server config), turns out that need not be the case.

Fortunately my VPS (oracle) has set SSH authentication to be default. Disallowing root login sounds good, gotta try that as well.

Thanks, I will try fail2ban. I am using ED25519 for ssh keys, it seems like it’s the best defense on the ssh side. Do you happen to know why this kind of attack is so prevalent?

Thanks a lot! Geoblocking makes a lot of sense, will try!

Is there no tutorial for mapping docker compose into .container, .network, .volume file at all? That’s unbelievable, one would expect there surely is one.

Thanks, though Shorewall looks intimidating. Do you have any good resources to go over how to set it up?

It seems permanently unavailable, how did you get an instance?

Thanks, I am running rootful containers so I don’t think this applies.

Thanks, but I am worried about relying on small repo like this. EDIT: But it did made me realize Goodnotes support WebDAV, thanks!

Thanks for looking into it. I am not publishing any ports other than Caddy, and forgejo’s ssh port that I think cannot be forwarded. You mean I should block port 3000 from my VPS as well, right?

I am having trouble reading ss -nltp output, could you explain what each entry means?

Also I am concerned that allowing access to podman1 private network interface could be too permissive. How do you think?

Fwiw, I still hear about it these days around me.

Is linux becoming this popular, or is this a one-off incident?

I am inside neovim and I cannot quit