2xsaiko

For the IMAP login issue, I'm pretty sure this is the cause looking at the "unknown user" error:

userdb {
  args = username_format=%u /etc/dovecot/users
  driver = passwd-file
}

Have you set up the users in that file (/etc/dovecot/users) if you even want to do that instead of just using passwd? Also note %u is the full user string including domain. Not sure how that plays together with auth_username_format=%n which is just the user name.

Personally I just have

userdb {
  driver = passwd
}

so I don't have anything further to go off of.

Okay, there are two different issues here. First, the mail delivery.

You have

mydomain = domain.com
myhostname = mail.domain.com

and getting

Relay access denied (in reply to RCPT TO command)

This means that received mail is addressed to a domain that is not configured for local delivery, and the mail server is not accepting it to be relayed to the actual target server. This is a good thing, you do not want to have a public relay under any circumstances because it would mean people could make your server launch spam anywhere.

As for why it's not configured to accept that domain for local delivery, you need to look at the mydestination setting:

mydestination (default: $myhostname, localhost.$mydomain, localhost)

The list of domains that are delivered via the $local_transport mail delivery transport. [...]

(from postconf(5).)

You left it at the default value, so it will accept mail addressed to mail.domain.com, localhost.domain.com, and localhost. You'll probably want to set that to additionally contain $mydomain (at least that is how mine is configured).

Also, something else:

My server’s hostname is domain.com not mail.domain.com (mail.domain.com is what my MX record points to), but this shouldn’t really matter as I configured postfix with:

You'll want those to match up, system hostname and postfix's myhostname, since you'll need to set the PTR record of your IP to match the hostname your SMTP server identifies itself as, and otherwise your server's IP resolves to mail.domain.com while the canonical hostname is domain.com. It will work for mail, it'll just not be nice when your server's IP resolves to mail.domain.com for stuff that isn't mail and that isn't the canonical hostname. I recommend giving it some other hostname (or just setting both to mail.domain.com if the system just handles mail).

I think in this case I would translate “Lager” as “warehouse”

Every time I read something about Enlightenment I have to think about this post: https://what.thedailywtf.com/topic/15001/enlightened

Everyone knows. There’s nothing to “find out”.

You have NixOS, it’s easy to give it a custom session path for that.

Also I would use systemd-cat so the output goes into the journal instead of nowhere.

Most computers with (at least) two network interfaces will do. If it's something too crappy your throughput will be limited by CPU speed but I can't tell you exact recommendations here. Here's OPNsense's hardware recommendations for example, they're not high at all. Off-the-shelf devices that allow you to do this should probably be fine too.

I'd put Linux on it and use nftables but BSD PF seems to be very popular for firewalls (OPNsense/pfSense are built on this) which I have never used so consider that too.

Not a professional networking guy either but here's my opinion.

What I would do is use the ISP router as is, open all ports on it (except to itself, hopefully it doesn't do that...), and put a firewall in between the router and everything else that controls the actual access to everything behind it (in bridge mode between the two network interfaces of the firewall, so you only have the one network).

Could a potential second router also assign addresses to devices in that globally routable space directly?

Devices in IPv6 assign addresses themselves via SLAAC, you just need one device advertising the prefix which the ISP router should already do. The firewall should be able to just purely be there for packet filtering. If you need fixed addresses for public facing servers I would just assign them manually to the respective boxes as you likely also need to add them to public DNS manually anyway.

Huh, I thought I looked through them all when I tried it last time. I’ll check again.

Do you self-host Jitsi? The public instance has absolutely unusable FPS for streaming gameplay which is pretty much the only thing I still use discord for because it’s the only thing that seems to do it well. I read somewhere you can turn up the FPS on a self-hosted Jitsi though.

Settings -> Output:

• Output Mode: Advanced
• Recording -> Type: Custom Output (FFmpeg)

OBS allows you to use everything FFmpeg supports with the "Custom Output (FFmpeg)" recording type.