-
20 votes
-
When Americans committed insurrection: Until 2021, Americans had confronted federal authority with armed aggression just four times
13 votes -
WhatsApp gives users an ultimatum: Share data with Facebook or stop using the app
28 votes -
Zara Larsson feat. Young Thug – Talk About Love (2021)
3 votes -
Why didn't Canada join the American Revolution?
5 votes -
Yorushika - Spring Thief (2021)
4 votes -
Daily thread - United States 2021 transition of power - January 8
This thread is posted daily - please try to post all relevant US political content in here, such as news, updates, opinion articles, etc. Extremely significant events may warrant a separate topic,...
This thread is posted daily - please try to post all relevant US political content in here, such as news, updates, opinion articles, etc. Extremely significant events may warrant a separate topic, but almost all should be posted in here.
This is an inherently political thread; please try to avoid antagonistic arguments and bickering matches. Comment threads that devolve into unproductive arguments may be removed so that the overall topic is able to continue.
30 votes -
How Iceland is closing the gender wage gap
6 votes -
Facebook bans Trump "indefinitely" with Mark Zuckerberg explaining that "the risks of allowing the President to continue to use our service... are simply too great"
36 votes -
New side-channel attack can recover encryption keys from hardware security keys
5 votes -
The rise of Sierra Online wasn’t exactly a fairytale. Founder Ken Williams opens up about his new book, video game design in the late 80s—and his regrets about selling the company.
8 votes -
The Burger King rebrand: Design fit for a king?
18 votes -
California expects record revenues in stunning Covid budget reversal
8 votes -
The Kitchen and Jorn Show | Kristen's wife comes out as trans
6 votes -
Jockstrap - The City (2020)
4 votes -
NixOS Configuration for a VPS
Since I took so long to reply to Tips to use NixOS on a server? by @simao, I decided to create a new topic to share my configs. Hopefully this is informative for anyone looking to do similar...
Since I took so long to reply to Tips to use NixOS on a server? by @simao, I decided to create a new topic to share my configs. Hopefully this is informative for anyone looking to do similar things - I'll also gladly take critiques, since my setup is probably not perfect.
First, I will share the output of 'lsblk' on my VPS:
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT vda 253:0 0 180G 0 disk ├─vda1 253:1 0 512M 0 part /boot └─vda2 253:2 0 179.5G 0 part └─crypt 254:0 0 179.5G 0 crypt
That is, I use an unencrypted
/boot
partition,vda1
, with GRUB 2 to prompt for a passphrase during boot, to unlock the LUKS encryptedvda2
. I prefer to use ZFS as my file system for the encrypted drive, and LUKS rather than ZFS encryption. This is an MBR drive, since that's what my VPS provider uses, though UEFI would look the same. The particular way I do this also requires access through the provider's tools, and not ssh or similar. Thehardware-configuration.nix
file reflects this:Click to view the hardware configuration file
# Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. { config, lib, pkgs, modulesPath, ... }: { imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; boot.initrd.availableKernelModules = [ "aes_x86_64" "ata_piix" "cryptd" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ ]; boot.extraModulePackages = [ ]; fileSystems."/" = { device = "rpool/root/nixos"; fsType = "zfs"; }; fileSystems."/home" = { device = "rpool/home"; fsType = "zfs"; }; fileSystems."/boot" = { device = "/dev/disk/by-uuid/294de4f1-72e2-4377-b565-b3d4eaaa37b6"; fsType = "ext4"; }; swapDevices = [ ]; }
Click to view the configuration file
# Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). { config, lib, pkgs, ... }: { imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix ]; # Hardware stuff # add the following to hardware-configuration.nix - speeds up encryption #boot.initrd.availableKernelModules ++ [ "aes_x86_64" "cryptd" ]; boot.initrd.luks.devices.crypt = { # Change this if moving to another machine! device = "/dev/disk/by-uuid/86090289-1c1f-4935-abce-a1aeee1b6125"; }; boot.kernelParams = [ "zfs.zfs_arc_max=536870912" ]; # sets zfs arc cache max target in bytes boot.supportedFilesystems = [ "zfs" ]; nix.maxJobs = lib.mkDefault 6; # number of cpu cores # Use the GRUB 2 boot loader. boot.loader.grub.enable = true; boot.loader.grub.version = 2; # boot.loader.grub.efiSupport = true; # boot.loader.grub.efiInstallAsRemovable = true; # boot.loader.efi.efiSysMountPoint = "/boot/efi"; # Define on which hard drive you want to install Grub. boot.loader.grub.device = "/dev/vda"; # or "nodev" for efi only boot.loader.grub.enableCryptodisk = true; boot.loader.grub.zfsSupport = true; networking.hostName = "m"; # Define your hostname. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. # The global useDHCP flag is deprecated, therefore explicitly set to false here. # Per-interface useDHCP will be mandatory in the future, so this generated config # replicates the default behaviour. networking.useDHCP = false; networking.interfaces.ens3.useDHCP = true; networking.hostId = "aoeu"; # set this to the first eight characters of /etc/machine-id for zfs networking.nat = { enable = true; externalInterface = "ens3"; # this may not be the interface name internalInterfaces = [ "wg0" ]; }; networking.firewall = { enable = true; allowedTCPPorts = [ 53 25565 ]; # open 53 for DNS and 25565 for Minecraft allowedUDPPorts = [ 53 51820 ]; # open 53 for DNS and 51820 for Wireguard - change the Wireguard port }; networking.wg-quick.interfaces = { wg0 = { address = [ "10.0.0.1/24" "fdc9:281f:04d7:9ee9::1/64" ]; listenPort = 51820; privateKeyFile = "/root/wireguard-keys/privatekey"; # fill this file with the server's private key and make it so only root has read/write access postUp = '' ${pkgs.iptables}/bin/iptables -A FORWARD -i wg0 -j ACCEPT ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.0.0.1/24 -o ens3 -j MASQUERADE ${pkgs.iptables}/bin/ip6tables -A FORWARD -i wg0 -j ACCEPT ${pkgs.iptables}/bin/ip6tables -t nat -A POSTROUTING -s fdc9:281f:04d7:9ee9::1/64 -o ens3 -j MASQUERADE ''; preDown = '' ${pkgs.iptables}/bin/iptables -D FORWARD -i wg0 -j ACCEPT ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.0.0.1/24 -o ens3 -j MASQUERADE ${pkgs.iptables}/bin/ip6tables -D FORWARD -i wg0 -j ACCEPT ${pkgs.iptables}/bin/ip6tables -t nat -D POSTROUTING -s fdc9:281f:04d7:9ee9::1/64 -o ens3 -j MASQUERADE ''; peers = [ { # peer0 publicKey = "{client public key}"; # replace this with the client's public key presharedKeyFile = "/root/wireguard-keys/preshared_from_peer0_key"; # fill this file with the preshared key and make it so only root has read/write access allowedIPs = [ "10.0.0.2/32" "fdc9:281f:04d7:9ee9::2/128" ]; } ]; }; }; # Configure network proxy if necessary # networking.proxy.default = "http://user:password@proxy:port/"; # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; nixpkgs.config = { allowUnfree = true; # don't set this if you want to ensure only free software }; # Select internationalisation properties. i18n.defaultLocale = "en_US.UTF-8"; console = { font = "Lat2-Terminus16"; keyMap = "us"; }; # Set your time zone. time.timeZone = "America/New_York"; # set this to the same timezone your server is located in # List packages installed in system profile. To search, run: # $ nix search wget environment = { systemPackages = with pkgs; let nvimcust = neovim.override { # lazy minimal neovim config viAlias = true; vimAlias = true; withPython = true; configure = { packages.myPlugins = with pkgs.vimPlugins; { start = [ deoplete-nvim ]; opt = []; }; customRC = '' if filereadable($HOME . "/.config/nvim/init.vim") source ~/.config/nvim/init.vim endif set number set expandtab filetype plugin on syntax on let g:deoplete#enable_at_startup = 1 ''; }; }; in [ jdk8 nvimcust p7zip wget wireguard ]; }; # Some programs need SUID wrappers, can be configured further or are # started in user sessions. # programs.mtr.enable = true; # programs.gnupg.agent = { # enable = true; # enableSSHSupport = true; # pinentryFlavor = "gnome3"; # }; # List services that you want to enable: # Enable the OpenSSH daemon. services = { dnsmasq = { enable = true; # this allows DNS requests from wg0 to be forwarded to the DNS server on this machine extraConfig = '' interface=wg0 ''; }; fail2ban = { enable = true; }; openssh = { enable = true; permitRootLogin = "no"; }; zfs = { autoScrub = { enable = true; interval = "monthly"; }; }; }; # Set sudo to request root password for all users # this should be changed for a multi-user server security.sudo.extraConfig = '' Defaults rootpw ''; # Define a user account. Don't forget to set a password with ‘passwd’. users.users = { vpsadmin = { # admin account that has a password isNormalUser = true; home = "/home/vpsadmin"; extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. shell = pkgs.zsh; }; mcserver = { # passwordless user to run a service - in this instance minecraft isNormalUser = true; home = "/home/mcserver"; extraGroups = []; shell = pkgs.zsh; }; }; systemd = { services = { mcserverrun = { # this service runs a systemd sandboxed modded minecraft server as user mcserver enable = true; description = "Start and keep minecraft server running"; wants = [ "network.target" ]; after = [ "network.target" ]; serviceConfig = { User = "mcserver"; NoNewPrivileges = true; PrivateTmp = true; ProtectSystem = "strict"; PrivateDevices = true; ReadWritePaths = "/home/mcserver/Eternal_current"; WorkingDirectory = "/home/mcserver/Eternal_current"; ExecStart = "${pkgs.jdk8}/bin/java -Xms11520M -Xmx11520M -server -XX:+AggressiveOpts -XX:ParallelGCThreads=3 -XX:+UseConcMarkSweepGC -XX:+UnlockExperimentalVMOptions -XX:+UseParNewGC -XX:+ExplicitGCInvokesConcurrent -XX:MaxGCPauseMillis=10 -XX:GCPauseIntervalMillis=50 -XX:+UseFastAccessorMethods -XX:+OptimizeStringConcat -XX:NewSize=84m -XX:+UseAdaptiveGCBoundary -XX:NewRatio=3 -jar forge-1.12.2-14.23.5.2847-universal.jar nogui"; Restart = "always"; RestartSec = 12; }; wantedBy = [ "multi-user.target" ]; }; mcserverscheduledrestart = { # this service restarts the minecraft server on a schedule enable = true; description = "restart mcserverrun service"; serviceConfig = { Type = "oneshot"; ExecStart = "${pkgs.systemd}/bin/systemctl try-restart mcserverrun.service"; }; }; }; timers = { mcserverscheduledrestart = { # this timer triggers the service of the same name enable = true; description = "restart mcserverrun service daily"; timerConfig = { OnCalendar = "*-*-* 6:00:00"; }; wantedBy = [ "timers.target" ]; }; }; }; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "20.09"; # Did you read the comment? }
Edit: Also, the provider I use is ExtraVM, who has been excellent.
6 votes -
Tether Price Manipulation Thread
@Jacob Oracle: Tether Price Manipulation Thread:Tether has been manipulating #Bitcoin's price upwards for years now by printing unlimited, and unbacked $USDT.This thread will cover the controversial aspects surrounding Tether, and how it will eventually meet its demise. pic.twitter.com/vMwJxG35gF
12 votes -
In Georgia Runoff Elections, (D) Warnock wins vs (R) Loeffler, (D) Ossof very likely wins vs (R) Purdue
Text post because the big news companies are cowards playing it safe and not calling Ossof yet, though it's basically over Warnock makes history with Senate win as Dems near majority (AP News) My...
Text post because the big news companies are
cowardsplaying it safe and not calling Ossof yet, though it's basically overWarnock makes history with Senate win as Dems near majority (AP News)
My takes below:
What does this mean?
This gives Democrats a thin majority in the senate. Does it mean they have free reign? No, the party is not that unified. In particular, as you probably have heard his name many many times now, Manchin, the "conservative Democrat" from WV is likely to be the kingmaker in votes. So it's not like just anything can get passed, and Manchin will not eliminate the filibuster easily.
So is it pointless?
ABSOLUTELY NOT
It's a huge victory nonetheless for Democrats. Remember, with control of the Senate, Chuck Schumer will be Senate Majority Leader, who controls what legislation the senate votes on. Even bipartisan bills were consistently torpedoed by McConnell who would refuse to even have a vote on it. Now, there is politics that can be done - deals, compromise, whatever. If you can't vote on something, nothing can be done. Things that are overall popular like increased stimulus are also going to pass.
Additionally, perhaps an even bigger deal, Biden can get his nominations through for cabinet and judges. There's an insane amount of unfilled heads of state departments right now, and the rest are filled with people absolutely unfit for the job. Having a real human being be the head of the EPA, or Department of Education, or the Department of Energy, and so forth is a big deal.
It also means that Justice Breyer can safely retire and have another "liberal" Justice take his place.
It's not sweeping control over the government, but it's a immensely superior political situation to McConnell stone walling anything he doesn't want, and Biden having to haggle with McConnell over how incompetent his cabinet needs to be.
48 votes -
Book of Love - Boy (1986)
5 votes -
Generative artist Dimtri Cherniak
3 votes -
What have you been watching / reading this week? (Anime/Manga)
What have you been watching and reading this week? You don't need to give us a whole essay if you don't want to, but please write something! Feel free to talk about something you saw that was...
What have you been watching and reading this week? You don't need to give us a whole essay if you don't want to, but please write something! Feel free to talk about something you saw that was cool, something that was bad, ask for recommendations, or anything else you can think of.
If you want to, feel free to find the thing you're talking about and link to its pages on Anilist, MAL, or any other database you use!
7 votes -
Twitter requests deletion of three inciteful tweets from Donald Trump. If tweets remain undeleted, account will remain locked.
@Twitter Safety: As a result of the unprecedented and ongoing violent situation in Washington, D.C., we have required the removal of three @realDonaldTrump Tweets that were posted earlier today for repeated and severe violations of our Civic Integrity policy. https://t.co/k6OkjNG3bM
35 votes -
Microwave shortcuts every home cook should know: The shame-free guide to putting your microwave to good use
11 votes -
Eurogamer's list of games they're looking forward to in 2021
6 votes -
Hong Kong arrests of pro-democracy activists showcase shrinking tolerance for peaceful opposition
14 votes -
What goes into designing a wine label?
7 votes -
How to resign, via Letters of Note
8 votes -
Yokozuna Kakuryu to miss January tournament after being warned over absences
7 votes -
The Mexican American border: A tale of two colonies (Part 1/2)
3 votes -
Roku has acquired the exclusive global distribution rights to the portfolio of shows from Quibi
8 votes -
The art of hoshigaki at home: Some people got into sourdough. I turned to a Japanese method of preserving fruit.
8 votes -
Great walls of China: Beijing's burgeoning graffiti scene
3 votes -
Sorry, wrong apocalypse: Horizon Zero Dawn, Heaven’s Vault, and the eco-critical video game
6 votes -
The Proud Boys are dangerous - Know your fash
9 votes -
What have you been listening to this week?
What have you been listening to this week? You don't need to do a 6000 word review if you don't want to, but please write something! If you've just picked up some music, please update on that as...
What have you been listening to this week? You don't need to do a 6000 word review if you don't want to, but please write something! If you've just picked up some music, please update on that as well, we'd love to see your hauls :)
Feel free to give recs or discuss anything about each others' listening habits.
You can make a chart if you use last.fm:
http://www.tapmusic.net/lastfm/
Remember that linking directly to your image will update with your future listening, make sure to reupload to somewhere like imgur if you'd like it to remain what you have at the time of posting.
5 votes -
What did you do this week?
As part of a weekly series, these topics are a place for users to casually discuss the things they did — or didn't do — during their week. Did you accomplish any goals? Suffer a failure? Do...
As part of a weekly series, these topics are a place for users to casually discuss the things they did — or didn't do — during their week. Did you accomplish any goals? Suffer a failure? Do nothing at all? Tell us about it!
5 votes -
“Not like other girls”: On internalized misogyny in gaming
12 votes -
In 1814, British forces burned the US Capitol
9 votes -
I'm thinking of getting a password manager. How does it work and any advice on transitioning to one?
The reason why is to make more accounts for reddit, YouTube (one for entertainment and Portuguese content each) news sites where signing up is an alternative to pass a paywall and other sites with...
The reason why is to make more accounts for reddit, YouTube (one for entertainment and Portuguese content each) news sites where signing up is an alternative to pass a paywall and other sites with comment sections.
Bad euphemism bro.Also some sense of "praxis" in order to gain privacy.Edit: And also getting anxious at the idea of remembering all my passwords, and putting them in a note in my old phone, which I am not bringing into my new phone and want to use this to delete.
According to these two articles, I can save my old passwords I had before and maybe even still make new ones after, and put them in a folder behind one true (master) password, which is the one you will truly care about, and they will be saved in a way in which the managing company won't know your password?
There's also figuring out which provider to use (and probably a similar post for alt-mail providers.) This is overwhelmingly for mobile (Android). No real space constraints for apps, only price, because I'm not working age.
27 votes -
How much does multiplayer population matter?
4 votes -
Donald Trump response to yesterday violent roitious insurrection at the Capitol
@Donald J. Trump: pic.twitter.com/csX07ZVWGe
21 votes -
US Capitol Police rejected offers of federal help to quell mob
12 votes -
What creative projects have you been working on?
This topic is part of a series. It is meant to be a place for users to discuss creative projects they have been working on. Projects can be personal, professional, physical, digital, or even just...
This topic is part of a series. It is meant to be a place for users to discuss creative projects they have been working on.
Projects can be personal, professional, physical, digital, or even just ideas.
If you have any creative projects that you have been working on or want to eventually work on, this is a place for discussing those.
8 votes -
Standard Notes completes penetration test and cryptography audit
14 votes -
Boeing charged and agrees to pay $2.5 billion for 737 MAX fraud conspiracy
16 votes -
Identical twins aren’t perfect clones, research shows
8 votes -
Gumroad's approach to work: no meetings, no deadlines, no full-time employees
5 votes -
US trade group asks VP Mike Pence to ‘seriously consider' invoking 25th Amendment to remove Donald Trump
37 votes -
Joe Biden is certified as the 46th President of the United States
43 votes -
How do you convey emotions in text?
It's something I've struggled for a long time to do in text conversations. People will often think I'm mad when talking in a way that I think is perfectly normal or that I'm a brick wall while...
It's something I've struggled for a long time to do in text conversations. People will often think I'm mad when talking in a way that I think is perfectly normal or that I'm a brick wall while discussing disagreements and well, that can't be fun. I often have to reassure certain people that it's not the case.
Sometimes I try to show how I'm feeling through emotions or more "fluffy" language but I feel like that's too excessive and feels kinda fake to me?
It's also something I've more recently struggled with because I'm trying to write personally on my blog and I'm not exactly sure how to convey my feelings other than stating it like a robot like "This makes me mad" or "That's depressing" or "It makes me feel great".
It feels off to me and maybe it's just a me problem but I think that's also because I write the same way I speak and so, it just sounds strange.
I don't know, this post is rambly and I've been wanting to write something like this in the last few days but I just have to push enter at some point.
10 votes