pcouy

2 years ago was already amazing for someone who tried to play CS 1.6 and trackmania using wine 18 years ago

What I did is use a wildcard subdomain and certificate. This way, only pierre-couy.fr and *.pierre-couy.fr ever show up in the transparency logs. Since I'm using pi-hole with carefully chosen upstream DNS servers, passive DNS replication services do not seem to pick up my subdomains (but even subdomains I share with some relatives who probably use their ISP's default DNS do not show up)

This obviously only works if all your subdomains go to the same IP. I've achieved something similar to cloudflare tunnels using a combination of nginx and wireguard on a cheap VPS (I want to write a tutorial about this when I find some time). One side benefit of this setup is that I usually don't need to fiddle with my DNS zone to set up a new subdomains : all I need to do is add a new nginx config file with a server section.

Some scanners will still try to brute-force subdomains. I simply block any IP that hits my VPS with a Host header containing a subdomain I did not configure

These services usually use either or both of passive DNS replication (running public recursive DNS resolvers and logging lookup that returns a record) and certificate transparency logs (where certificate authorities publish the domain names for which they issue certificates). A lot of my subdomains are missing from these services

It does not seem to be the case. Was it the full domain for this instance ?

I started working on a PR right after cross posting this.

Since I believe this is mainly a documentation issue, I'm trying to gather some feedback on this guide in parallel of submitting the pull request in order to have it merged into the official documentation

The closing parenthesis got caught into the link (at least with my client), turning it into a 404. You should add a space

I don't game that much on pc anymore, but this reminded me of this post about Linux gamers providing good bug reports.

Things have been going well for me, using docker-mailserver.

I followed the setup guide, did everything in the DKIM, DMARC and SPF documentation page. The initial setup required more involvement from me than your standard docker-compose self-hosting deployment, but I got no issues at all (for now, fingers crossed) after the initial setup : I never missed any inbound e-mails, and my outbound e-mails have not been rejected by any spam filter yet.

However, I agree with everyone else that you should not self-host an important contact address without proper redundancy/recovery mechanism in case anything goes wrong.

You should also understand that self-hosting an email address means you should never let your domain expire to prevent someone from receiving emails sent to you by registering your expired domain. This means you should probably not use a self-hosted e-mail to register any account on services that may outlive your self-hosted setup because e-mail is frequently used to send password reset links.

I will definetly look into this. I've been using tube archivist for a while now, but it eats so much RAM (especially the Elastic search dependency IIRC)!

The worst thing about eclipse I've had to deal with is its git integration. The conflict resolution tool is awful and half the terminology diverges from plain git.

The fact that it has a "Push & Commit" button also drives me mad far more than it should

As usual, I subscribed for the giggles and I keep getting dragged into unsolicited rabbit holes of useful knowledge. Thanks for being an awesome community

I did not try it out yet, but I will make sure I do. I love a lot of things about the approach you described