maybe we’re dumb for shitting on the jellyfish’s way of life.

Just make sure to either read the Arch News so you can avoid most breaking changes, or use paru as your AUR helper as it has a config option to automatically pull the news for you

I have the renewal process itself automated, just not the replacement process.

I selfhost my own mail server (my primary mail in fact).

My LE certs expired on Christmas eve, when I was also getting sick. I didn’t realize my mail server was down for a week until about NYE. Luckily Postfix queued all my emails and there was nothing important lost, but I am reevaluating self hosting my mail server. That being said, this was also the worst issue I’ve faced in over a year of self hosting mail. And it only arose because my dumbass still hasn’t automated my certificate rotation.

“sneaky beaky like”

ofc!

grayjay, it’s an app developed by Louis Rossman to combine a lot of streaming platforms into one privacy and security respecting app. it does have billionaire backing tho if that yanks your chain

Security is a give and take, and with bleeding edge you have to balance it more. Yes bleeding edge can mean bleeding hearts when a security issue is discovered in new code. But just as often, if not more frequently, it also means you get security patches before almost anyone else. And the AUR is insecure, as it’s a user repository. But 99% of the time if you read the PKGBUILD (it’s really easy, you can usually skim it) and check the sources you’ll be fine. The AUR being insecure isn’t bad, it just means you need to put more effort into checking on stuff and you need to be responsible for your security. These aren’t bad habits to have in general, but it’s a bit of a learning curve coming from systems that expect to handle most of your security for you.

I think it’s important to keep in mind here that there is a very marked difference between vanilla Arch and its derivatives. A lot of derivatives will set up a lot of base system software with sensible defaults, whereas with vanilla Arch it’s often up to you to find out that you need that software, and then you also need to figure out a lot of configuration. Not having to do that saves you from a lot of issues.

Snaps are a closed-source proprietary packaging format that Canonical controls. And they have also altered apt on Ubuntu to download snaps first before native packages. You may be using snaps right now without realizing it, which is also part of the issue.

I just haven’t gotten around to setting it up is all.

I am also trying to degoogle/debigdata my life, but it seems we’re taking radically different approaches to it. I wish you luck in your journey!

I set up a mail stack on Rocky Linux with Postfix, Dovecot, and rspamd. I don’t need a database because it’s all LDAP on the backend, and I don’t have webmail setup right now because I’m lazy. It’s a bit of a hassle to get up and running well but it’s pretty solid and I’m careful about managing my domain reputation so I don’t have any issues with my mail being delivered.

I have NFS shares from my ZFS pools on Proxmox

This is really helpful, thank you!

I’m mainly concerned about auth with this one, it seems a little too barebones for my use case. Thanks for the suggestion though!

I’ve spoken with a colleague who’s more experienced with physical networking (my work is mostly cloud based) and it seems the issue is that i have a dumb switch in-between my server and my managed router/switch so nothing is crossing VLANs properly. We figured this out because I did a packet capture on my network and did two DNS queries, one from my machine on my VPN network to the DNS server and one from the docker container to the DNS server. Both sent the same query except my machine got a response and the container did not. I am a bit skeptical that it’s purely a VLAN issue, but this DNS server hasn’t had any other issues with other subnets that aren’t dealing with VLANs so when you’ve eliminated the impossible all that remains is the improbable.

It is not

resolved sucks imo. i usually disable it and manually set the resolv.conf, or use something else. it has no way to force it to check name servers in a specific order and it has a memory so it’ll use the same name server for multiple checks even if it’s not the right name server. if these things were configurable, I’d agree that it’s good. but they’re not and it makes it very difficult to use in a lot situations.

i think I’ll give that a shot