Yes, the domain to block is “threads.net”. Ask your admins to consider doing that.

I believe, with Authorized Fetch (what Mastodon calls secure mode) blocking intermediaries won’t be needed, as instances will have to cryptographically “authorize” themselves to receive/send data, and you can just say “no” to any requests coming from threads.net, acting basically as a “defederation enforcement mode”.

I could be wrong though, haven’t caught up on the exact details.

Not OP but I can answer with my own stats:

In just a week, With BTRFS compression (compress-force=zstd:3) & deduplication (via bees), media is at about 1GB (and I am subscribed to media-heavy communities like 196) and the postgres DB is at about 550MB (which is also currently shared with Matrix Dendrite)

At “idle” (as you can be while being connected to ActivityPub & Matrix), the immediate CPU and RAM usage breakdown per container is:

NAME        CPU %       MEM USAGE / LIMIT  MEM %       NET IO             BLOCK IO           PIDS        CPU TIME         AVG CPU %
pict-rs     0.20%       18.92MB / 4.005GB  0.47%       3.319GB / 1.105GB  17.58GB / 3.239GB  13          1h16m57.232828s  0.59%
crowdsec    1.39%       44.23MB / 4.005GB  1.10%       106.4MB / 23.46MB  25.53GB / 486.7MB  11          45m28.744419s    1.95%
caddy       0.63%       73.06MB / 4.005GB  1.82%       1.675GB / 1.977GB  3.322GB / 720MB    10          21m9.94572s      0.90%
dendrite    1.58%       197.7MB / 4.005GB  4.94%       912.8MB / 2.33GB   8.718GB / 4.761GB  12          53m26.302022s    1.43%
postgres    5.33%       82.51MB / 4.005GB  2.06%       56.22GB / 7.961GB  20.92GB / 295.7GB  23          8h20m28.078567s  2.86%
lemmy-ui    0.00%       48.71MB / 4.005GB  1.22%       3.491GB / 5.961GB  3.603GB / 5.267GB  12          31m35.884936s    0.24%
lemmy-be    2.82%       29.01MB / 4.005GB  0.72%       16.45GB / 57.85GB  7.966GB / 6.439GB  6           3h6m34.633508s   1.42%

Net IO you shouldn’t really care about as that includes inter-container networking. I’m trying to find how much outgoing data have been transferred but because the month just ended I have no idea how accurate the numbers are.

Perhaps they’re not trying to “be successful”?

Depending on how well you know your way around, my recommendation is to not use the Ansible setup but instead treat it as documentation while doing things your way. It has quite a bit of strange stuff going on (postfix? two nginx installs with only one being in a container?) and seems to be missing important things such as SSH hardening. It also assumes it’ll be the only thing running in your server just in general (horrible yet common practice, unfortunately) so if you have anything set up it may or may not clobber over it to do things it’s own way, and end up breaking something.

Also, can you log in to wefwef through your instance, or how do you access everything, specifically on mobile?

I haven’t tried wefwef in particular but all native apps I tried work just fine. An issue I can see cropping up from wefwef is that Lemmy’s CORS policies are way too restrictive by default. No idea if they do any kind of proxying to get around that but that would be the main issue I’d imagine.

There are many guides on getting started with Linux servers as a whole. I recommend installing Debian Bookworm on a virtual machine or a spare laptop at first and going through the writeups all major cloud providers have, just to get a feel for using the terminal & initial setup (SSH hardening and reverse proxy configuration and so on)

After getting an initial feel for Linux admining, start reading up on Docker, Docker Compose, and containers in general. Avoid Podman until you’re experienced with Docker as it’s just different enough to trip you up. You can also check out LXC/LXD although it’s way less popular.

Oh, and speaking of Docker: UFW AND DOCKER WILL NOT WORK TOGETHER! DOCKER BYPASSES UFW (just making sure you don’t learn this until it’s too late)

Be careful of guides that are old (even a year makes a difference) or for different “distros” than the one you have. An exception for the second case is the Arch Linux wiki, which is one of the best resources just in general, aside from a few Arch specific bits like the exact package names to install. You should also use Arch’s “man pages” reference, as they’re built from the latest versions of packages compared to other man page renderers that are frequently outdated (like die.net)

Lemmy itself is harder to get right because the instructions so far are intended for people who kinda know what they’re doing, but once you have the base Linux admin knowledge, it won’t be that hard to pick up the parts necessary to get working with something like Lemmy.

The instance I’m replying from is a 5 eur/mo box from Hetzner.

Your main concerns are gonna be active user count & storage space. Especially if you decide to allow image or god forbid video uploads. Having a bunch of inactive users aren’t going to affect costs that much as long as they don’t have, like, a milion subscriptions. (If they’re all subscribed to the same community things will “deduplicate”)

It’s generally more like “Steve’s 10 eur/mo cloud server in which they run ten other things next to Lemmy, which is written by two devs and barely held together by duct tape and prayers”

But that doesn’t change the overall point.

…so create your community on that instance. Others will still be able to access it just like you’re accessing communities elsewhere.

Some instances disallow community creation. That’s the only part where this argument has any merit. Otherwise which instance a community is on doesn’t really matter.