Lmst

Please give me a reason, why #ec2 on #aws has less than 5GB tmp and 0 SWAP space? Sooner or later, you'll run into problems😞 .

#sysadmin #linux #cloud

@appsinet Interesting. Are your playbooks also located in a subfolder and not in the `inventory`folder? Because for me, those vars are not loaded when executing the playbook with `ansible-playbook -i inventory/inventory.yml playbooks/infra.yml`

With this structure, the variables in “host_vars” and “group_vars” are not loaded. This is because the inventory file is not in the root directory. Is there a way to have the inventory file in an inventory folder?

#ansible #sysadmin #devops #gitops #automation

This is a folder structure of a ansible setup.

Niclas boosted:

🎉 First WIN of 2026: the Austrian DPA has ordered Microsoft to stop tracking school children

https://noyb.eu/en/noyb-win-microsoft-ordered-stop-tracking-school-children

Niclas boosted:

Do not store your Bitlocker encryption keys on Microsoft's servers if your threat model includes governments or law enforcement. As this article points out, this is the result of a design choice Microsoft made. It didn't have to be this way.

https://www.forbes.com/sites/thomasbrewster/2026/01/22/microsoft-gave-fbi-keys-to-unlock-bitlocker-encrypted-data/

Niclas boosted:

RE: https://infosec.exchange/@netresec/115905237000922504

Here’s a good example on why you should have network egress filtering on your network. Nobody uses the finger protocol any more. But the binary still exists in Windows! And if you don’t block outbound port 79/tcp your users are at risk #cybersecurity #LOLBIN

@willglynn 😭
Then I need to find a better solution, Thx again.

@willglynn Ah, good, okay, I need to take a closer look at VictoriaMetrics. Thank you.
As far as I know, VictoriaMetrics is compatible with Prometheus. What I'm going to try is to import the metrics using VictoriaMetrics and then copy them to Prometheus's data directory so that the metrics are in the Prometheus database.
I don't want to switch to another tool at the moment, as I still have a few other things to work on first.

Has anyone imported CSV data into Prometheus before? I want to import my old data sets back into Prometheus. Unfortunately, I have the problem that Prometheus - after import - takes the timestamp from the import as the value and not the timestamp from the CSV.

#Prometheus #Monitoring #CSV #Dataset #selfhosted #homelab #visualization #grafana #selfhost

@Larvitz Apart from higher resource usage, why did you switch from GitLab to Forejo?

Happy new year to everyone🥳
#happynewyear #2026

@caiocgo Hetzner is also very cheep
https://www.hetzner.com/storage/storage-box/

I finally had some time after migrating from traefik to implement ModSecurity with the core ruleset for my nginx servers.

#Cybersecurity #ModSecurity #Nginx #Sysadmin #selfhosted #homelab

Niclas boosted:

GitHub Actions charging per build minute for *self-hosted-runners*? Shit's about to hit the fan lol

You are receiving this email because your usage of GitHub Actions may be impacted by upcoming changes to GitHub Actions pricing.

What’s changing, when

On January 1, 2026, all customers will receive up to a 39% reduction in the net price of GitHub-hosted runners, depending on the machine type used.
On March 1, 2026, we are introducing a new $0.002 per-minute GitHub Actions cloud platform charge that will apply to self-hosted runner usage. Any usage subject to this charge will count toward the minutes included in your plan.
No action is required on your part.

@jbz 😂

@hmiron

Traefik is good, but it lacks flexibility. For example, when it comes to logging or firewalling. I want a specific type of logging that allows me to visualize the data well and detect anomalies using my monitoring stack Grafana Loki, Prometheus, Grafana Alloy, and Grafana. Or when it comes to firewalling, I don't like that Traefik renews my Let's Encrypt certificates in the background at some point. Now I have much more control over when and how often Certbot renews my certificates, so I can open my firewall only for a short time to allow Let's Encrypt to issue me certificates via HTTP-01 challenge.

Today, I migrated my whole #traefik stack to #nginx - and it was worth it!

#sysadmin #podman #homelab #secops

Niclas boosted:

I’ve officially stopped using generate_systemd for my Podman deployments.

I updated my Ansible playbooks to use the Quadlet support in the containers.podman collection (state: quadlet).

Instead of scripting podman run commands or managing complex systemd unit files manually, Ansible now defines the container as a systemd service natively.

The result?

Rootless by default.

Auto-updates enabled (AutoUpdate=registry).

Zero drift.

If you’re running RHEL at the edge, this is the architecture you want.

:ansible: ❤️ :podman:

#Ansible #Podman #RHEL #DevOps #Quadlet #Linux

A split-screen view of a developer workspace.

Right side: A Neovim code editor showing an Ansible playbook. The highlighted task uses the containers.podman.podman_container module with state: quadlet to deploy a rootless UBI9 web server.

Left side: A terminal window showing the playbook execution. The output shows successful tasks (green and yellow) and ends with a cat command displaying the generated systemd Quadlet file, confirming 'AutoUpdate=registry' is set.

@talktech Good look, hope everything works smoothly. More than 50% of debugging in my homelab has also something to do with dns or networking in general😅

@talktech yes works perfectly👍

Client Info