My instance has a couple users currently lol

Just because it’s not public facing doesn’t mean that it’s not an issue. It might be less of an issue, but it is still a massive vulnerability.

All it takes is one misconfiguration or other vulnerable system to use this as a jumping off point to burrow into other systems. Especially if this system has elevated access to sensitive locations within your network.

Yes, I am significantly more active here than I was on Reddit (at least recently, my decline on posting/commenting on Reddit started a few years ago).

Is there any plans to expand the OAuth support outside of the 3 providers that are currently set up? Looking at the source, it seems like each has it's own configuration which pulls in things like the user's avatar and whatnot. It would be nice if generic OAuth was supported.

I use Cloudflare for TLDs they support, and Namecheap for everything else. Though, I use Cloudflare's DNS services for all domains.

That's actually super helpful! I haven't done much custom Helm chart-ing, and was kinda lost where to start. That really helps break the process down, and the tip about skipping state to start is very wise.

Yeah, I used to host a Matrix instance - could do that for this one too.

The issue is more about setting up the Kubernetes manifests and templating them. I usually use the chart's built-in postgres and redis config, though using an operator would make it more scalable for sure.

I'm using Authentik for auth, but I do also like Keycloak.

Desktop: Windows XP

Linux: Probably Raspbian on a Pi 2 b

Tech has come a long way since then lol

Ahh, I didn't get that far in the docs, but seeing as there are no (that I can tell) post limits, running a blog on Lemmy would work pretty well with a bit of a UI change.

Yeah, that's the pain point - building and maintaining the charts.

Also, I know the charts likely wouldn't have to be super complex, but I'm used to working with Bitnami's charts that are massively complex - I just don't have the time to go that in-depth.

I've seen that around, but I prefer to run my own services instead of relying on a ready-built system like that. I find they don't offer that much customization options usually.

I should look into how to do that on my instance probably. Pictrs always seemed like a bit of a security nightmare.

I’m on Kubernetes, but it’d be the same via Docker - a volume mount (iirc at the same place it stores local data if you don’t use S3, should be in the docs)

Oh, I know I could get them to run with enough work. I just don't have that much time to spend on initial implementation and upkeep of the charts.

I'm using FluxCD, which I believe can do deployments of plain Kubernetes manifests, but that still requires a decent amount of overhead to keep up to date.

I think both of the ones I mentioned have docker-compose files, which I think I can convert with kompose convert? I guess from there I would follow your steps and then start parameterizing it once it's running properly.

Thanks! I think I'll start trying out PixelFed tomorrow.

I disabled Pictrs around the time of CSAM attacks and have yet to bother enabling it again

Uhh… what?? When did that happen? I thought pictrs was a requirement also…

They store the secrets in a file? Gross. What a poor way of handling that. Pretty sure environment variables would be more secure. Especially in Kubernetes.

Huh, do you have your lemmy config documented somewhere? I keep running into issues with it and I'm not sure which component exactly is failing, but it's annoying. I'm using this helm chart currently: ananace/lemmy It works, but I don't have pict-rs setup in HA either.

🤮