2xsaiko

Ah okay, so you know some behind the scenes info or at least more than just this. My bad, but tbh you should have lead with that because initially I thought you completely misread what the text was saying because I pretty clearly read the queer mentions as “this is not just transphobic attacks by bigots” (see my other comment). Sorry!

There isn’t really, you can probably use sendmail as well. Postfix is just the MTA I’m used to and know can do all of this.

From what I’ve heard about sendmail’s config file, I personally wouldn’t want to use it specifically though…

Yeah, this should work (assuming by email client you mean MTA).

Alternatively, you can set up Postfix to deliver mail over SSH to another MTA by defining a new service in master.cf that calls sendmail on the destination server. This postfix could run in a container as well or on the host, whatever is reachable.

Old NixOS configuration for that here, see the default_transport and masterConfig parts: https://git.dblsaiko.net/systems/tree/modules/sys2x/mail/relay.nix?h=ssh-mail

Alternatively, if you don’t have another mail server somewhere that you want to relay to, the simplest option is probably to just have Postfix deliver into a local mailbox and access that over IMAP (the imaps port should not be blocked, right? You can use a non-standard port though). Turn off non-local delivery though.

I didn’t say that. I would say it makes it much less likely though especially for someone who is openly trans and given someone who has text like “trans rights are human rights” on her web page. Of course it’s not impossible, but it would certainly be hypocritical and goes contrary to the vibe I’m getting from her.

You’re the first one who brought this up. Where is the context for what you are talking about? Which people are saying she’s a bigot?

People I trust who know a lot about community organizing or whatever you want to call this, and are more involved in Matrix than me, told me that this conflict is a lot more complex than just what this document describes.

So I suppose, don’t draw any conclusions just yet if this is the first time you’re hearing about this like it is for me.

Did we read the same text file? I’m seeing none of what you’re talking about. The person who wrote this is also trans.

It’s noteworthy because this is usually the type of attacks a trans person gets from transphobic trolls and not from her own community. Drives the point home that this is not exclusively transphobia.

Kanidm has LDAP support but it’s read-only. You should prefer OAuth though since LDAP is locked to password login.

INWX has been great so far, have been with them for about 6 years at this point. Also had good experiences with their customer support.

I run Postfix, Dovecot and rspamd on my server. The configuration is here: https://git.dblsaiko.net/systems/tree/configurations/polaris

There’s also the Simple NixOS Mailserver project which is an abstraction on top of these and has a few more things. I’ve never used it myself though.

Of course, you also have to set up all the standard email setup like DKIM, DMARC, SPF and so on here.

Me too, but it’s now a subscription only. I wouldn’t recommend it to people who didn’t already buy the original.

I use borgbackup, with daily backup to borgbase.

At some point I want to set up a distributed file system between multiple locations as both a backup target and also a network share with automatic snapshots or some other undelete mechanism, but I still need to get the hardware for that and the current setup works well

True. I knew I should have left that as “NFS 4” because someone would comment this. From what I’ve read (never used it), NFS 3 is very different to 4 and also just kind of not worth using, especially just for Windows, since it has no security at all.

Please just use Kerberos instead of fiddling with uids. It’s the only sane way to get NFS access controls and user mapping. Works on both Linux and macOS (but there’s no NFS on Windows anyway).

I’d say you can run the Kerberos KDC on the NAS but if Synology has some locked down special OS you’ll need another machine for that (edit: but you say you have other servers already so that shouldn’t be a problem).

Unfortunately SMB is so screwed that you can’t reuse ordinary Kerberos for authentication there, which is unfortunate if you want to have both that and NFS. I’ve yet to look into whether Samba AD can be used for both.

This seems super overcomplicated. What I would do is put all the subdomains on the public DNS, let HTTP(S) through the firewall for the respective hosts, deny everything from outside of your local network on the http server that isn’t under the HTTP challenge path and then run the HTTP challenge as you would for a public site.

Then you can get certs, everyone outside trying to access will get 403, and inside the network you can access as normal.

Of course you’ll have to trust your http server’s ACL for that, but I’m just going to assume servers like nginx (which I use) have a reliable implementation.

Are you talking about these? They don’t look like they have a PCIe slot…

In any case, the specifications say

Form factor Low-profile 119.65 x 68.9 x 17.24 mm (Without bracket 119.65 x 68.9 x 12 mm)

It would need a PCIe slot, not a SATA connection. But I assume it doesn’t have that either then.

I have the QNAP TL-D800S. It’s an 8 bay DAS but there is also a 4 bay variant. Works well for me. It uses SFF cables to connect to the PC and comes with the appropriate PCIe card which seems more robust to me than anything USB for this.

Any registrar worth using has an API for updating DNS entries.

I just found this with a quick search: https://github.com/qdm12/ddns-updater

Yeah, when I got started I initially put everything in Docker because that’s what I was recommended to do, but after a couple years I moved everything out again because of the increased complexity, especially in terms of the networking, and that you now have to deal with the way Docker does things, and I’m not getting anything out of it that would make up for that.

When I moved it out back then I was running Gentoo on my servers, by now it’s NixOS because of the declarative service configuration, which shines especially in a server environment. If you want easy service setup, like people usually say they like about Docker, I think it’s definitely worth a try. It can be as simple as “services.foo.enable = true”.

(To be fair NixOS has complexity too, but most of it is in learning how the configuration language which builds your operating system works, and not in the actual system itself, which is mostly standard except for the store. A NixOS service module generates a normal systemd service + potentially other files in the file system.)