shrugal

joined 1 year ago
[–] [email protected] 8 points 5 months ago* (last edited 5 months ago)

I agree with everyone here that self-hosting email is never easy, but if you still decide to go down this route then here are two tips that I personally found very helpful, especially when you decide to host it at home:

The first is to get an SMTP relay server. That's just another mail server that yours can log into to actually send its mail, just like an email client would. That way you don't have to worry about your IP's sending reputation, because everyone will only see the relay's reputable IP.

Second is to configure a Backup MX. That's an additional MX DNS entry with lower priority than the primary, and it points to a special mail server that accepts any mail for you and tries to deliver it to the primary server forever (or something like an entire week). So when your primary server is unreachable other sending servers will deliver mail to the backup, and it delivers the mail to the primary as soon as that's back online.

You can get these as separate services, but some DNS providers (like Strato for example) offer both with the base domain package. It makes self-hosting an email server much simpler and more reliable in my experience.

[–] [email protected] 24 points 5 months ago

Welcome to the Linux community. :)

You will probably never understand everything about Linux and all of its included and associated systems. That's completely fine, no one does! That's why we are many, and it's what asking for advice or help is for. You can just learn whatever interests you at your own pace, and know that there will always be interesting things you haven't seen yet.

[–] [email protected] 3 points 5 months ago* (last edited 5 months ago)

I really like the idea of creating a decentralized network that has a fair monetization model built right in, instead of relying on donations like the Fediverse. Crypto got a very bad rep, but this kind of stuff is exactly what it's good for imo.

It also has some core features that are missing from other similar messengers, like multi-device sync. And lastly, the devs seem pretty capable and open as well. They are very transparent with their work and seem to have the right ideas about where things should go and which trade-offs to make. E.g. their reasoning for not using the Signal protocol seems solid to me.

So I'm hopeful, but time will tell if it all works out.

[–] [email protected] 31 points 5 months ago

The thing is, Reddit also has money and lawyers. LW doesn't, so it's understandable that they play it safe imo.

[–] [email protected] 2 points 5 months ago (1 children)

Good to know I guess, but yea that's a bit too speculative for my taste.

[–] [email protected] 4 points 5 months ago* (last edited 5 months ago) (3 children)

Looks ok to me, what in particular do you take issue with?

[–] [email protected] 5 points 5 months ago* (last edited 5 months ago) (5 children)

This UsenetServer discount link gives you 1 trial month for $1, then $50/year after that, and includes a 1TB TweakNews block and a paid PrivadoVPN account.

[–] [email protected] 1 points 5 months ago

Completely agree! There are solutions for letting Lidarr download from Deezer and Tidal, but afaik no other music streaming services for some reason.

[–] [email protected] 3 points 5 months ago (1 children)

I'm transcoding everything to 320kbps MP3s. It's much much smaller than flac, and I can't hear the difference even if I try.

[–] [email protected] 1 points 5 months ago* (last edited 5 months ago)

Trying to finish the Horizon Forbidden West story, but it's a bit meh. Really sad about that! The HZD stories were great, and the world is as beautiful as ever, but I stopped caring at some point with the newest one. Other than that, I just bought the Age of Wonders 4 season pass and am trying out the new races and traits.

[–] [email protected] 3 points 5 months ago

Fedora, I usually wait 1-2 weeks for the last bugs to be found+fixed and extensions to catch up, and then just upgrade in-place. Haven't had a major upgrade problem for years now, it's mostly as smooth as any other offline update. And I don't feel like I have to reinstall the OS every few years on Linux either.

[–] [email protected] 1 points 5 months ago

united, indivisible republic

So no federalism anymore, just one centralized state power.

All baronial and other feudal estates, all mines, pits etc. shall be converted into state property

The mortgages on peasant farms shall be declared state property

All private banks will be replaced by a state bank

All means of transport: railways, canals, steamships, roads, posts etc. shall be taken in hand by the state

So the state owns and manages all land, all finances, all infrastructure, and all means of mass transportation, on top of all the things the state controls already.

Idk what you think centralization of power looks like, but imo this is it.

 

Hey everyone,

My personal server of choice is a DiskStation right now, and I'm using the default reverse proxy for all my subdomains. I went through a few stages to secure them, and now that I'm finally finished (famous last words heh?!) I thought I'd document my approach and provide some configs and code. I've seen a few unanswered questions here and there about how to do this on Synology, so hopefully this helps a few people.

The guide covers limiting access to local IPs, as well as adding Basic or SSO authentication. The main goal is to integrate well with the GUI and access control profiles, and to leave all existing and autogenerated files untouched, so updates and changes via the GUI still work as expected.

Here is the basic idea:

The nginx server config is located in /etc/nginx/, and the reverse proxies are defined in the sites-available/server.ReverseProxy.conf file inside that folder. There's one server directive for every proxied site, and the DSM config adds a include .acl.<random string>.conf* directive if you set up an access control profile for a site. That * at the end there is crucial, because it means we can manually add more configuration files with the same prefix, and they will automatically be included and applied to all sites using this access control profile.

There are also include directives for the main and http scopes, as well as for the default DSM server directives. This means we can inject configurations in these places, just by adding correctly named files to the conf.d folder.

For Single Sign-On (SSO) authentication we run a Vouch-Proxy instance to handle the communication between nginx and the OIDC server. We also need to spin up another nginx reverse proxy and forward requests to it, because the built-in one doesn't support the required auth_request directive. Its container script just copies the default reverse proxy configuration with some modifications, and it is set up to reload whenenver the original file changes.

Link

 

So I know what AC3 means of course, but what does AC3D mean in some releases?

view more: next ›