I just host everything on bare metal and use systemd to lock down/containerize things as necessary, even adding my own custom drop-ins for software that ships its own systemd service file. SystemD is way more powerful than people often realize.
gerowen
- 0 Posts
- 5 Comments
Joined 9 days ago
Cake day: December 4th, 2025
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
224·6 days agoWhen they first conceptualized the bomb some scientists weren’t even sure the explosion would stop at all, or if it might create an unstoppable chain reaction that would just continue infinitely and consume the whole earth.
5·6 days agoI’ve had very occasional issues with it not uploading new photos in a timely manner in the past. I haven’t had any issues in a long time, but I have gotten into the habit of explicitly opening the app, clicking “Uploads” and hitting refresh and making sure everything has been uploaded.
I’m not really sure what causes it, though if I had to guess Android is putting the app to sleep in the background so it may have something to do with power saving settings. I’ve switched to the F-Droid version of the app and manually disabled the appropriate power settings as a just-in-case, though that may have nothing to do with anything.
30·9 days agoI literally have clothes hanging on a line across the living room because our just out of warranty $1,000+ Samsung “smart dryer” died again a month after I replaced every sensor and the heating element, and I just don’t feel like taking it apart again to “maybe” find the problem.
Before this we just had a plain white box from Maytag; easy to work on, cheap replacement parts. It was probably 30 years old when the motor seized and my wife asked for newer, fancier machines. Big mistake.
Systemd has all sorts of options. If a service has certain sandbox settings applied such as private /tmp, private /proc, restricting access to certain folders or devices, restricting available system calls or whatever, then systemd creates a chroot in /proc/PID for that process with all your settings applied and the process runs inside that chroot.
I’ve found it a little easier than managing a full blown container or VM, at least for the things I host for myself.
If a piece of software provides its own service file that isn’t as restricted as you’d like, you can use systemctl edit to add additional options of your choosing to a “drop-in” file that gets loaded and applied at runtime so you don’t have to worry about a package update overwriting any changes you make.
And you can even get ideas for settings to apply to a service to increase security with:
systemd-analyze security SERVICENAME