From 668891082e9d0fc32c36dc77f50cc15bacb2d535 Mon Sep 17 00:00:00 2001 From: MajorLinux Date: Tue, 21 Apr 2026 09:15:31 -0400 Subject: [PATCH] wiki: updates to existing articles MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - 01-linux/networking/ssh-config-key-management.md - 02-selfhosting/services/mastodon-instance-tuning.md (expanded) - 05-troubleshooting/ansible-check-mode-false-positives.md — adds "Related pattern: command/shell skipped in check mode" section with the ebtables usrmerge diagnosis as worked example - 05-troubleshooting/networking/windows-openssh-wsl-default-shell-breaks-remote-commands.md - 05-troubleshooting/networking/windows-sshd-stops-after-reboot.md - 05-troubleshooting/yt-dlp-fedora-js-challenge.md --- .../networking/ssh-config-key-management.md | 4 + .../services/mastodon-instance-tuning.md | 80 ++++++++++++++----- .../ansible-check-mode-false-positives.md | 21 ++++- ...sl-default-shell-breaks-remote-commands.md | 4 + .../windows-sshd-stops-after-reboot.md | 4 + .../yt-dlp-fedora-js-challenge.md | 4 + 6 files changed, 96 insertions(+), 21 deletions(-) diff --git a/01-linux/networking/ssh-config-key-management.md b/01-linux/networking/ssh-config-key-management.md index 37ef3fc..cf446e5 100644 --- a/01-linux/networking/ssh-config-key-management.md +++ b/01-linux/networking/ssh-config-key-management.md @@ -10,7 +10,11 @@ tags: - remote-access status: published created: 2026-03-08 +<<<<<<< Updated upstream updated: 2026-04-14T14:27 +======= +updated: 2026-04-18T11:13 +>>>>>>> Stashed changes --- # SSH Config and Key Management diff --git a/02-selfhosting/services/mastodon-instance-tuning.md b/02-selfhosting/services/mastodon-instance-tuning.md index 41064c1..800dfeb 100644 --- a/02-selfhosting/services/mastodon-instance-tuning.md +++ b/02-selfhosting/services/mastodon-instance-tuning.md @@ -1,11 +1,16 @@ --- -title: "Mastodon Instance Tuning" +title: Mastodon Instance Tuning domain: selfhosting category: services -tags: [mastodon, fediverse, self-hosting, majortoot, docker] +tags: + - mastodon + - fediverse + - self-hosting + - majortoot + - docker status: published created: 2026-04-02 -updated: 2026-04-02 +updated: 2026-04-19T04:55 --- # Mastodon Instance Tuning @@ -28,34 +33,69 @@ The process depends on your deployment method (Docker vs bare metal) and Mastodo ## Media Cache Management -Federated content (avatars, headers, media from remote posts) gets cached locally. On a small instance this grows slowly, but over months it adds up — especially if you follow active accounts on large instances. +Federated content (avatars, headers, media from remote posts, preview cards) gets cached in S3. On an active single-user instance federating with large servers, this grows fast — the `majortoot` bucket hit **648 GB** with only ~7 GB of actual local content. The other ~620 GB was remote cache. -Reference: [Fedicache — Understanding Mastodon's media cache](https://notes.neatnik.net/2024/08/fedicache) - -**Clean up cached remote media:** +### Check current usage ```bash -# Preview what would be removed (older than 7 days) -tootctl media remove --days 7 --dry-run - -# Actually remove it -tootctl media remove --days 7 - -# For Docker deployments -docker exec mastodon-web tootctl media remove --days 7 +# Bare metal (rbenv) +export PATH="$HOME/.rbenv/bin:$HOME/.rbenv/shims:$PATH" +cd /home/mastodon/live +RAILS_ENV=production bin/tootctl media usage ``` -**Automate with cron or systemd timer:** +Output breaks down by type with local vs total — the gap between those two numbers is all purgeable remote cache. + +### Manual prune + +Run these three commands to clear all remote cache types: ```bash -# Weekly cache cleanup — crontab -0 3 * * 0 docker exec mastodon-web tootctl media remove --days 7 +export PATH="$HOME/.rbenv/bin:$HOME/.rbenv/shims:$PATH" +export RAILS_ENV=production +cd /home/mastodon/live + +# 1. Remote media attachments older than 7 days +bin/tootctl media remove --days=7 --concurrency=5 + +# 2. Remote avatars and headers (accounts not followed/following locally) +bin/tootctl media remove --prune-profiles --remove-headers --days=7 --concurrency=5 + +# 3. Preview card thumbnails older than 30 days +bin/tootctl preview_cards remove --days=30 --concurrency=5 ``` -**What gets removed:** Only cached copies of remote media. Local uploads (your posts, your users' posts) are never touched. Remote media will be re-fetched on demand if someone views the post again. +> **Note:** On a large cache (hundreds of GB, millions of objects), each command can take 30–60+ minutes. Run in `tmux` to survive SSH disconnection. -**Storage impact:** On a single-user instance, remote media cache can still reach several GB over a few months of active federation. Regular cleanup keeps disk usage predictable. +### Automate with weekly cron +Deploy via `configure_mastodon_media_prune.yml` Ansible playbook. It installs a wrapper script and cron entry for the `mastodon` user. + +Manual crontab entry: + +``` +0 3 * * 0 /home/mastodon/media-prune.sh +``` + +Log output goes to `/var/log/mastodon/media-prune.log`. + +### Reduce S3 storage class costs + +By default Mastodon uploads to S3 Standard ($0.023/GB/mo). Switching to Standard-IA halves the storage cost for infrequently accessed media: + +```bash +# In /home/mastodon/live/.env.production +S3_STORAGE_CLASS=STANDARD_IA +``` + +Then restart Mastodon. New uploads will use Standard-IA ($0.0125/GB). Note the 30-day minimum charge per object — fine for media attachments, less ideal for very short-lived objects. + +### What is and isn't removed + +- ✅ **Removed:** Cached copies of remote users' media, avatars, headers, preview card thumbnails +- ✅ **Re-fetched on demand:** Remote media is pulled again if someone views the post +- ❌ **Never removed:** Your local posts' media, your account's avatar/header, Mastodon account export backups (`/backups/`) +- ❌ **Not affected:** PostgreSQL database, local disk usage outside S3 ## Gotchas & Notes - **Character limit changes break on upgrades.** Any source patch gets overwritten when you pull a new Mastodon release. Track your changes and reapply after updates. diff --git a/05-troubleshooting/ansible-check-mode-false-positives.md b/05-troubleshooting/ansible-check-mode-false-positives.md index 7831188..06b75f4 100644 --- a/05-troubleshooting/ansible-check-mode-false-positives.md +++ b/05-troubleshooting/ansible-check-mode-false-positives.md @@ -11,7 +11,7 @@ tags: - troubleshooting status: published created: 2026-04-18 -updated: 2026-04-18T11:13 +updated: 2026-04-19T04:57 --- # Ansible Check Mode False Positives in Verify/Assert Tasks @@ -118,6 +118,25 @@ Don't apply it to tasks that check pre-existing state (e.g., verifying a file ex when: not ansible_check_mode ``` +## Related pattern: `command` / `shell` skipped in check mode + +The inverse problem shows up when a playbook registers output from `ansible.builtin.command` (or `shell`) and uses that output in a downstream conditional or `set_fact`. In check mode, `command` is **skipped by default** — the registered variable comes back with no `stdout`, and any `in` / containment check against it silently evaluates to False. + +Saw this 2026-04-19 while writing `fix_ebtables_usrmerge.yml`. The play queried `update-alternatives --display ebtables` to detect whether a host ran the `nft` or `legacy` backend, then branched on that fact. Under `--check`, the query was skipped, the fact defaulted to `legacy` on every host, and the next task's existence check failed on the nft hosts (`/usr/bin/ebtables-legacy not found`). A real run was fine — but `--check` output looked like the playbook was broken. + +**Fix:** force the detection task to run even in check mode, since it's a read-only query with no side effects. + +```yaml +- name: Query current ebtables alternative + ansible.builtin.command: update-alternatives --display ebtables + register: alt_query + changed_when: false + failed_when: false + check_mode: false # force execution in --check so downstream conditionals see real data +``` + +Apply this to any `command`/`shell` task whose output feeds a `when:`, `set_fact`, or similar logic. Only safe when the task is genuinely read-only. + ## Trade-off Guarding with `when: not ansible_check_mode` means check mode won't validate these assertions. The benefit — no false failures — outweighs the gap because: diff --git a/05-troubleshooting/networking/windows-openssh-wsl-default-shell-breaks-remote-commands.md b/05-troubleshooting/networking/windows-openssh-wsl-default-shell-breaks-remote-commands.md index 7908bbd..df52304 100644 --- a/05-troubleshooting/networking/windows-openssh-wsl-default-shell-breaks-remote-commands.md +++ b/05-troubleshooting/networking/windows-openssh-wsl-default-shell-breaks-remote-commands.md @@ -11,7 +11,11 @@ tags: - powershell status: published created: 2026-04-03 +<<<<<<< Updated upstream updated: 2026-04-14T14:27 +======= +updated: 2026-04-18T11:13 +>>>>>>> Stashed changes --- # Windows OpenSSH: WSL as Default Shell Breaks Remote Commands diff --git a/05-troubleshooting/networking/windows-sshd-stops-after-reboot.md b/05-troubleshooting/networking/windows-sshd-stops-after-reboot.md index 801860c..4b2e155 100644 --- a/05-troubleshooting/networking/windows-sshd-stops-after-reboot.md +++ b/05-troubleshooting/networking/windows-sshd-stops-after-reboot.md @@ -10,7 +10,11 @@ tags: - majorrig status: published created: 2026-04-02 +<<<<<<< Updated upstream updated: 2026-04-14T14:27 +======= +updated: 2026-04-18T11:13 +>>>>>>> Stashed changes --- # Windows OpenSSH Server (sshd) Stops After Reboot diff --git a/05-troubleshooting/yt-dlp-fedora-js-challenge.md b/05-troubleshooting/yt-dlp-fedora-js-challenge.md index 931cb62..21d4cb5 100644 --- a/05-troubleshooting/yt-dlp-fedora-js-challenge.md +++ b/05-troubleshooting/yt-dlp-fedora-js-challenge.md @@ -10,7 +10,11 @@ tags: - deno status: published created: 2026-04-02 +<<<<<<< Updated upstream updated: 2026-04-14T14:27 +======= +updated: 2026-04-18T11:13 +>>>>>>> Stashed changes --- # yt-dlp YouTube JS Challenge Fix (Fedora)