advanced wokeism and crypto go hand in hand
crypto is anarchistic and doesn't care about your petty personal politics.
advanced wokeism and crypto go hand in hand
crypto is anarchistic and doesn't care about your petty personal politics.
user@server:~$ sudo -iu postgres /usr/lib/postgresql/15/bin/psql --port=5433 -c "CREATE USER lemmy WITH PASSWORD 'REDACTED';"
[sudo] password for user:
CREATE ROLE
user@server:~$ sudo -iu postgres /usr/lib/postgresql/15/bin/psql --port=5433 -c "CREATE DATABASE lemmy WITH OWNER lemmy;"
CREATE DATABASE
user@server:~$ sudo -iu postgres /usr/lib/postgresql/15/bin/psql --port=5433 -c "ALTER USER lemmy WITH SUPERUSER;"
ALTER ROLE
user@server:~$ sudo -iu postgres /usr/lib/postgresql/15/bin/psql --port=5433 --file lemmy_databackup.sql
psql: error: lemmy_databackup.sql: No such file or directory
user@server:~$ ls -la lemmy_databackup.sql
-rw-r--r-- 1 user user 56554817 Aug 23 00:59 lemmy_databackup.sql
user@server:~$ sudo -iu postgres /usr/lib/postgresql/15/bin/psql --port=5433 --file /home/user/lemmy_databackup.sql
SET
SET
[...]
[many many rows of output]
[...]
ALTER TABLE
ALTER TABLE
REVOKE
GRANT
I grepped the exported sql file. I identified a long blog post of mine. So others should be there, too.
user@server:~$ sudo -iu postgres /usr/lib/postgresql/15/bin/pg_dump --port=5432 lemmy > /home/user/lemmy_databackup.sql
user@server:~$ ls -la lemmy_databackup.sql
-rw-r--r-- 1 user user 56554817 Aug 23 00:59 lemmy_databackup.sql
user@server:~$ ls -lah lemmy_databackup.sql
-rw-r--r-- 1 user user 54M Aug 23 00:59 lemmy_databackup.sql
but a lemmy.service should be secure…
yeah it is secure, as the root user password is required to do anything with that file. Alright, let's do this.
I would go with introducing LEMMY_DATABASE_URL in my lemmy.service file. However, is doing that going to expose my lemmy database password to the lemmy.service file?
$ sudo -iu postgres /usr/lib/postgresql/15/bin/psql --port=5433 --command='select version();'
version
-------------------------------------------------------------------------------------------------------------------
PostgreSQL 15.3 (Debian 15.3-0+deb12u1) on x86_64-pc-linux-gnu, compiled by gcc (Debian 12.2.0-14) 12.2.0, 64-bit
(1 row)
I think my setup is using the default value.
I do not see me specifying the LEMMY_DATABASE_URL in my systemd file:
$ cat /etc/systemd/system/lemmy.service
[Unit]
Description=Lemmy - A link aggregator for the fediverse
After=network.target
[Service]
User=lemmy
ExecStart=/usr/bin/lemmy_server
Environment=LEMMY_CONFIG_LOCATION=/etc/lemmy/lemmy.hjson
# remove these two lines if you don't need pict-rs
Environment=PICTRS__SERVER__ADDR=127.0.0.1:8080
Environment=PICTRS__STORE__PATH=/var/lib/pictrs/files
Environment=PICTRS__REPO__PATH=/var/lib/pictrs/repo
Restart=on-failure
# Hardening
ProtectSystem=yes
PrivateTmp=true
MemoryDenyWriteExecute=true
NoNewPrivileges=true
[Install]
WantedBy=multi-user.target
$ sudo -iu postgres /usr/lib/postgresql/15/bin/psql --port=5432 --command='select version();'
version
-----------------------------------------------------------------------------------------------------------------------------
PostgreSQL 13.11 (Debian 13.11-0+deb11u1) on x86_64-pc-linux-gnu, compiled by gcc (Debian 10.2.1-6) 10.2.1 20210110, 64-bit
(1 row)
```
Does this output mean that the binary 15 is talking to the 13 backend?
Here it is:
$ cat /etc/lemmy/lemmy.hjson
{
database: {
# put your db-passwd from above
password: "REDACTED"
}
# replace with your domain
hostname: hostname.tld
bind: "127.0.0.1"
federation: {
enabled: true
}
# remove this block if you don't require image hosting
pictrs: {
url: "http://localhost:8080/"
}
}
I redacted the password, and the hostname entries.
Before I do the pg_dump, here's the output of netstat:
$ sudo netstat -plnt | grep postgres
tcp 0 0 127.0.0.1:5433 0.0.0.0:* LISTEN 730/postgres
tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN 735/postgres
tcp6 0 0 ::1:5433 :::* LISTEN 730/postgres
tcp6 0 0 ::1:5432 :::* LISTEN 735/postgres
How can we further verify that the port 5432 is the running psql 15?
Btc is kosher now