Got my little gemlog proxy to forward outgoing Gemini links to a Gemini/HTTP proxy, so should no longer need a Gemini browser to read any of the feed or any toots at all.
-
Xandra Granade 🏳️⚧️replied to Xandra Granade 🏳️⚧️ last edited by
I'll again emphasize that all this, together with the IRC, Matrix, and bunch of other services are self-hosted on a quad-core i5 with 32 GB of RAM... using only about 5% CPU load and 6 GB of RAM.
It's been a lot of work, and it needs to be much easier, but the technology is there to do this shit with startlingly small amounts of computing power.
-
Xandra Granade 🏳️⚧️replied to Xandra Granade 🏳️⚧️ last edited by
(And yes, an i5 with 32 GB is startlingly small to me with how *much* shit is running on there. Any one or any small number of services could probably run on an RPi 2, but I've tried it and you definitely feel the crunch at peak loads. The poor thing nearly melted when I ran our whole DNS infrastructure, to say nothing of the microSD card's wear cycles.)
-
@xgranade I've actually been running a pi4 stack (4 pis, but not clustered) for a good 4+ years now for my personal stuff and it's been remarkably resilient. Running on SD cards too.
(With a *lot* of backups to S3).
-
@cthos I can see that, yeah. We overwhelmed outs, though, by putting everything on just the one.
-
@xgranade Yeah, and in transparency I abandoned running pihole on on of them (mostly because it was *always* DNS and *always* my fault)
-
Xandra Granade 🏳️⚧️replied to cthos 🐱 last edited by
@cthos Lolz, completely fair. I run a DNS chain with a pi-hole upstreaming to a cloudflared proxy that turns everything into DoT or DoH; that in turn upstreams to quad9 since they're subject to GDPR.
It's not ideal, but it's a far cry better than CenturyLink getting my whole browsing history.
-
Xandra Granade 🏳️⚧️replied to Xandra Granade 🏳️⚧️ last edited by
@cthos (Fun, too: that powers the DNS upstream for our entire tailnet, so that every mobile phone, tablet, everything gets ad blocking, even when we're not home. It's kind of amazing.)
-
Asta [AMP]replied to Xandra Granade 🏳️⚧️ last edited by
@[email protected] @[email protected] oooooooh now that sounds interesting. huuuuh.
should I be running my own DNS? Hmmmmmmmm... I run AdGuard Home but that's about it. This sounds interesting. -
@aud @xgranade All depends on your threat model!
(It might be worth noting that unless the ISP is futzing with SSL certs they can't see what _pages_ on what sites you visit so long as it's https, just snoop on the DNS lookups for the domain overall - though there's a lot of "they might be able to see ... if"s in there)
-
@[email protected] @[email protected] These areas of web infrastructure are ones where I'm a neophyte, at best, and just sort of figuring out what I need/want (largely as I'm trying to rely less on external/corporate services for things). So... to be honest, not totally sure what my threat model actually is, specifically (fairly basic and standard for the most part).