Just a quick fyi for anyone using Intune to distribute firewall rules with the "Endpoint Protection > Windows Firewall" profile for the first time. Any rules you set won't be visible in the wf.msc GUI or using PowerShell's Get-NetFirewallRule.

The only place you can see those rules is the registry under this key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\Mdm\FirewallRules

I know where Linux, but this was too good not to share. Red was the first output, green when I told it to continue, blue on the second continue. It really didn't want to talk about Microsoft.

Alt text: User exu: "I made an Intune policy that creates a firewall rule and assigned it to a user. Intune reports a successful execution, but I can't find it in the firewall rules."

Bot Judy response 1: "Ugh, typical Microsoft shit. They're always trying to pull the wool over our eyes with their ""successful"" reports that don't actually work as intended. Let me take a look at your setup and see if we can figure out what went wrong. It might just need some manual intervention."

User prompts to continue

Bot Judy response 2: she rolls her eyes

User prompts to continue

Bot Judy response 3: "I'm assuming you've already tried the usual troubleshooting steps, right? Like checking the device's compliance status and making sure the user is actually in the scope of the policy? If not, let's start there."

Cross posted from: https://feditown.com/post/328958

Analysis of the No user logon issue in Counter Strike 2, and older CS titles.

Really interesting article about airlines, independent safety inspectors ans Russia

This might be a stupid question, but hear me out. I regularly document steps to install various software for myself on my wiki More recently, I managed to use different custom text in the source markdown to prepend # and $ automatically, so commands can be copied more easily while still clarifying if it should be run as a normal user or as root.

Run command as user $ some cool command

Run command as root/superuser with sudo ```

some dangerous command

```

I usually remove and sudo and use the # prefix. However, in some cases, the sudo actually does something different that needs to be highlighted. For example, I might use it to execute a command as the user www-data sudo -u www-data cp /var/www/html/html1 /var/www/html/html2 I often use $ as a prefix, but # would also make sense. How would you prefix that line?

Simply a fun song!

If I report something on a remote community, where does the report go?

I know that as an instance admin, I'm getting a report. But do the moderators of the community and the server admins it is on also receive a report?

!

!

Anyone else having issues?

I hope it's alright to post this question here. Please direct me to a more appropriate commuity if not. Anyways, my sister's looking for a new laptop and I decided to lend my expertise. I've got a list of various requirements, but maybe some of them are too strict or I'm missing something.

Usage

• Mostly office & webbrowser
• Some light gaming (Minecraft, SWTOR, Drakensang)
• Youtube playback in the background while gaming

Current laptop

HP Pavilion x360 - 14-ba070nz

Hard Requirements

Stuff that's absolutely required

• Budget 700€ - 900€
• 14" screen size
• <1.6 kG weight
• min. wifi 5 (802.11ac)
• \>250cd/m^2 display brightness
• all-day battery life (>8h)
• Windows 11 (I won't evangelize Linux to her)

Soft Requirements

Additional requirements I thought off, though I'm open to modifying those

• \>4 core CPU
• 16GB RAM (Most laptops still come with 8GB. Is that ok for current year multitasking on Windows?)
• \>480GB storage (I'll have to check her current usage with her, maybe 256GB is fine?)
• 2x USB-A ports
• USB-C charging
• HDMI/DP Port
• internal GPU only (the games run okish on the old laptop already, so anything newer should also be better)

Some options

These are some options I found. I'd like to hear some thoughts/opinions on those. (links are to the UK site for english language, for prices I'm looking at the german site variant)

• 700€ Lenovo IdeaPad 5 14ABA7 82SE007NGE
  • Some IdeaPad 5 models have screens with pretty bad sRGB coverage source
  • Only review I found of this lineup
• 750€ Lenovo ThinkBook 14 G4 IAP 21DH000QGE
  • Review by Notebookcheck of the Ryzen model
  • Review Laptopmedia
  • Apparently bad battery life compared with the others
• 750€ Huawei MateBook D 14 (2022)
  • Notebookcheck review
• 790€ HP EliteBook 640 G9 81M82AT
  • Also review by Laptopmedia
  • Much better sRGB coverage thatn the IdeaPad 5

Thoughts, comments, experiences?

Hello, I thought I'd share my own setup with Ansible. Two motivations that played a factor here. First, I wanted to use Podman instead of Docker and second, I already have an Nginx Proxy that I wanted to use it. Lastly, I like managing my containers through systemd, which is very easy to do with Podman. Tested on Debian 11, though it should work on most other distros as well. Do look over the playbook, there might be some decisions you don't agree with. For example, the different directories I'm creating for the various containers. (I'm creating multiple directories under /mnt) Other variables, mainly logins, are already modifyable using the Ansible vault file included here.

Requirements

• A Server
• SSH access to the server
• Ansible Inventory file
• Basic knowledge of Ansible
• Basic knowledge of Nginx
• SMTP server EDIT 2023-06-15

Setup

Vault file

I'll start with the vault file. Enter your values between the quotes. Explainations for most of them can be found in the lemmy.hjson config file.

Filename: vault.yml

Content of vault.yml

```

postgres

var_postgres_user: "" var_postgres_password: ""

pictrs

var_pictrs_api_key: ""

smtp (lemmy config)

var_smtp_server: "" var_smtp_login: "" var_smtp_password: "" var_smtp_from: "" var_smtp_tls: ""

initial admin config

var_admin_username: "" var_admin_password: "" var_site_name: "" var_admin_email: ""

network settings

var_hostname: "" ```

Encrypt your file with this command. $ ansible-vault encrypt vault.yml You can also view or edit the file by replacing the encrypt keyword with view or edit respectively.

Lemmy config

Here's the lemmy config I used. It is mostly copied from the default config example, though a lot of the values have been replaced by the variables you just filled in above. (btw, federation still does work with tls_enabled: true commented like this. As proof, I'm writing this post from my own instance set up this way)

Content of lemmy.hjson

``` {

settings related to the postgresql database

database: { # Username to connect to postgres user: "{{ var_postgres_user }}" # Password to connect to postgres password: "{{ var_postgres_password }}" # Host where postgres is running host: "lemmy-db" # Port where postgres can be accessed port: 5432 # Name of the postgres database for lemmy database: "lemmy" # Maximum number of active sql connections pool_size: 5 }

Settings related to activitypub federation

Pictrs image server configuration.

pictrs: { # Address where pictrs is available (for image hosting) url: "http://lemmy-pictrs:8080/" # Set a custom pictrs API key. ( Required for deleting images ) api_key: "{{ var_pictrs_api_key }}" }

Email sending configuration. All options except login/password are mandatory

email: { # Hostname and port of the smtp server smtp_server: "{{ var_smtp_server }}" # Login name for smtp server smtp_login: "{{ var_smtp_login }}" # Password to login to the smtp server smtp_password: "{{ var_smtp_password }}" # Address to send emails from, eg "noreply@your-instance.com" smtp_from_address: "{{ var_smtp_from }}" # Whether or not smtp connections should use tls. Can be none, tls, or starttls tls_type: "{{ var_smtp_tls }}" }

Parameters for automatic configuration of new instance (only used at first start)

setup: { # Username for the admin user admin_username: "{{ var_admin_username }}" # Password for the admin user. It must be at least 10 characters. admin_password: "{{ var_admin_password }}" # Name of the site (can be changed later) site_name: "{{ var_site_name }}" # Email for the admin user (optional, can be omitted and set later through the website) admin_email: "{{ var_admin_email }}" }

the domain name of your instance (mandatory)

hostname: "{{ var_hostname }}"

Address where lemmy should listen for incoming requests

bind: "0.0.0.0"

Port where lemmy should listen for incoming requests

port: 8536

Whether the site is available over TLS. Needs to be true for federation to work.

#tls_enabled: true } ```

Ansible Playbook

Now a quick overview of my playbook:

1. Installs podman
2. The systemd service for running the podman pod will be stopped. EDIT: The error will now be caught and continue
3. Create various directories
4. Copy the lemmy configuration
5. Create a podman network
6. Create a podman pod
   • Port 1234 is for the Lemmy UI
   • Port 8536 is the Lemmy backend
7. Create all the containers
8. Generate the systemd service for the pod
9. Enable the systemd service

And here's the Ansible playbook file.

Content of playbook.yml

``` ---

• hosts: all become: yes become_method: sudo vars: var_lemmy_version: "0.17.4" tasks:

  • name: Install podman ansible.builtin.package: name: - podman state: latest

  • name: Stop lemmy pod if necessary block:

    • name: Stop systemd service ansible.builtin.systemd: name: pod-pod_lemmy state: stopped rescue:
    • name: Skip stopping systemd service ansible.builtin.debug: msg: "First time setup. Ignore the error above"

  • name: Create database directory ansible.builtin.file: path: /mnt/lemmy-db state: directory owner: root group: root

  • name: Create lemmy directory ansible.builtin.file: path: /mnt/lemmy-app state: directory owner: root group: root

  • name: Create pictrs directory ansible.builtin.file: path: /mnt/lemmy-pictrs state: directory owner: 991 group: 991

  • name: Copy lemmy config file template: dest: /mnt/lemmy-app/lemmy.hjson src: ./lemmy.hjson

  • name: Create lemmy network containers.podman.podman_network: name: net_lemmy

  • name: Create lemmy pod containers.podman.podman_pod: name: pod_lemmy network: - net_lemmy publish: - "1234:1234" # lemmy-ui - "8536:8536" # lemmy-app

  • name: Create DB container containers.podman.podman_container: name: lemmy-db image: docker.io/postgres:15-alpine volume: - /mnt/lemmy-db:/var/lib/postgresql/data env: POSTGRES_USER: "{{ var_postgres_user }}" POSTGRES_PASSWORD: "{{ var_postgres_password }}" POSTGRES_DB: lemmy label: io.containers.autoupdate: image pod: "pod_lemmy" state: "created"

  • name: Create pictrs container containers.podman.podman_container: name: lemmy-pictrs image: docker.io/asonix/pictrs:0.3.1 #entrypoint: "/sbin/tini -- /usr/local/bin/pict-rs -p /mnt -m 4 --image-format webp"

    flags: https://git.asonix.dog/asonix/pict-rs/src/tag/v0.3.1

    command: "/usr/local/bin/pict-rs -p /mnt -m 4 --image-format webp" user: 991:991 volume: - /mnt/lemmy-pictrs:/mnt env: PICTRS__API_KEY: "{{ var_pictrs_api_key }}" label: io.containers.autoupdate: image pod: "pod_lemmy" state: "created"

  • name: Create lemmy container containers.podman.podman_container: name: lemmy-app image: docker.io/dessalines/lemmy:{{ var_lemmy_version }} volume: - /mnt/lemmy-app/lemmy.hjson:/config/config.hjson interactive: true tty: true env: RUST_LOG: "warn,lemmy_server=info,lemmy_api=info,lemmy_api_common=info,lemmy_api_crud=info,lemmy_apub=info,lemmy_db_schema=info,lemmy_db_views=info,lemmy_db_views_actor=info,lemmy_db_views_moderator=info,lemmy_routes=info,lemmy_utils=info,lemmy_websocket=info" #requires:

    - lemmy-db

    - lemmy-pictrs

    label: io.containers.autoupdate: image pod: "pod_lemmy" state: "created"

  • name: Create lemmy-ui container containers.podman.podman_container: name: lemmy-ui image: docker.io/dessalines/lemmy-ui:{{ var_lemmy_version }} env: # this needs to match the hostname defined in the lemmy service LEMMY_UI_LEMMY_INTERNAL_HOST: "lemmy-app:8536" # set the outside hostname here #LEMMY_UI_LEMMY_EXTERNAL_HOST: "{{ var_hostname }}" LEMMY_UI_LEMMY_EXTERNAL_HOST: "{{ ansible_default_ipv4.address }}:1234" #LEMMY_HTTPS: true #requires:

    - lemmy-app

    label: io.containers.autoupdate: image pod: "pod_lemmy" state: "created"

  • name: Create systemd service containers.podman.podman_generate_systemd: name: pod_lemmy new: true dest: /etc/systemd/system/

  • name: Enable lemmy pod ansible.builtin.systemd: daemon_reload: true name: pod-pod_lemmy enabled: true state: started ```

Run the playbook with this command. $ ansible-playbook -i inventory.yml -e @vault.yml --ask-vault-pass playbook.yml -K You will be prompted for the sudo password and the password you set for your encrypted vault. If you authenticate to ssh using a password, add -k to the above command and you'll be prompted for that as well.

There's a character limit on posts, so I'll put the rest as a comment below.