Security is a give and take, and with bleeding edge you have to balance it more. Yes bleeding edge can mean bleeding hearts when a security issue is discovered in new code. But just as often, if not more frequently, it also means you get security patches before almost anyone else. And the AUR is insecure, as it’s a user repository. But 99% of the time if you read the PKGBUILD (it’s really easy, you can usually skim it) and check the sources you’ll be fine. The AUR being insecure isn’t bad, it just means you need to put more effort into checking on stuff and you need to be responsible for your security. These aren’t bad habits to have in general, but it’s a bit of a learning curve coming from systems that expect to handle most of your security for you.

I think it’s important to keep in mind here that there is a very marked difference between vanilla Arch and its derivatives. A lot of derivatives will set up a lot of base system software with sensible defaults, whereas with vanilla Arch it’s often up to you to find out that you need that software, and then you also need to figure out a lot of configuration. Not having to do that saves you from a lot of issues.

Snaps are a closed-source proprietary packaging format that Canonical controls. And they have also altered apt on Ubuntu to download snaps first before native packages. You may be using snaps right now without realizing it, which is also part of the issue.

I just haven’t gotten around to setting it up is all.

I am also trying to degoogle/debigdata my life, but it seems we’re taking radically different approaches to it. I wish you luck in your journey!

I set up a mail stack on Rocky Linux with Postfix, Dovecot, and rspamd. I don’t need a database because it’s all LDAP on the backend, and I don’t have webmail setup right now because I’m lazy. It’s a bit of a hassle to get up and running well but it’s pretty solid and I’m careful about managing my domain reputation so I don’t have any issues with my mail being delivered.

I have NFS shares from my ZFS pools on Proxmox

This is really helpful, thank you!

I’m mainly concerned about auth with this one, it seems a little too barebones for my use case. Thanks for the suggestion though!

I’ve spoken with a colleague who’s more experienced with physical networking (my work is mostly cloud based) and it seems the issue is that i have a dumb switch in-between my server and my managed router/switch so nothing is crossing VLANs properly. We figured this out because I did a packet capture on my network and did two DNS queries, one from my machine on my VPN network to the DNS server and one from the docker container to the DNS server. Both sent the same query except my machine got a response and the container did not. I am a bit skeptical that it’s purely a VLAN issue, but this DNS server hasn’t had any other issues with other subnets that aren’t dealing with VLANs so when you’ve eliminated the impossible all that remains is the improbable.

It is not

resolved sucks imo. i usually disable it and manually set the resolv.conf, or use something else. it has no way to force it to check name servers in a specific order and it has a memory so it’ll use the same name server for multiple checks even if it’s not the right name server. if these things were configurable, I’d agree that it’s good. but they’re not and it makes it very difficult to use in a lot situations.

i think I’ll give that a shot

did you pass through the disks or straight on zfs?

one of us one of us one of us

I really really like Fedora Server, but any RHEL derivative is my go to for servers. I use Rocky Linux when I need something closer to RHEL, and Fedora server for pretty much everything else. I highly recommend Cockpit as well (main reason I like Fedora server) as it has allowed me to so easily manage all of my servers from a single point.

here we go again

i am a fag and idc if im a beta

nixos looks fun but doesn’t really seem like the thing for me, at least jot yet anyways. im not totally into the whole atomic desktop thing atp so no thank you

oh believe me i am

this is the way

on my main system i have arch with a partitioning scheme that has worked well for me because i took time to research and identify what i needed from it. i even got full disk encryption working after the fact!

on fedora i click automatic partitioning, wipe the drives i want, and don’t do more than that because the partitioning screen feels extremely confusing.