Take a look at Kavita for selfhosting bools!

Kagi lenses “focus” the search. So normal web search definitely can contain fediverse results, but with the lens switched on, you ONLY get fediverse results.

Named mine after “objects” from Iain M. Banks’ Culture Novels.

Currently I have:

• gsv
• hub
• excession
• drone

Nice and short, and map roughly to the “power level” of the hardware, so to speak.

And my Yubikeys are named after Special Circumstances agents 😄

I’m sorry, but have you never had actual Cheddar?

Hairspray is already a step too far for “just throw it up in a know” tbh

How do you keep your hair UP all day?!

Like, seriously asking. Just… Cannot get it to stay up

In that case I can really highly recommend it. Nixos on the server is fantastic anyways, and the only hurdle to recommending simple-nixos-mailserver is that most people are not familiar with nix… 😄

It’s a bit unconventional maybe, but I vote simple-nixos-mailserver - IF you are curious / willing to learn nix. It’s essentially just sanely configured dovecot, postfix, rspamd.

My config for those three combined is about 15 lines, and I have never had an issue with them. Slap on another 5-10 lines for Roundcube as a webmail client.

Since it’s Nix, everything is declarative, so should SOMETHING happen to the server, you can be up and running again super quickly, with the exact same setup.

Oh shit, yes, hosting at-home and with a non-static IP sounds like hard mode, oof.

I am hosting at a server provider (guess I am dependent on them, but at least it’s on their existence, not on a policy-of-the-day), with a static IP. Had no problems with MS/Google, only with T-online, who wanted me to host a website on the domain with clear contact information.

Fair TBH. It is such a critical service to keep working.

But it does feel pretty amazing to free yourself of the whims of a provider 😅 I assume that’s why you have not gone back either? ^^

I’m using Hetzner in Germany. Need to message them to say you want the relevant ports opened (spam protection measures), happens within an hour usually.

I quite like their service, but of course use full disk encryption etc

Selfhosting. (But I recognize that that is not an option for everyone.)

Fail2ban allows you set different actions for different infringements, as well as multiple ones. So in addition to being put in a “local” jail, the offending IP also gets added to the cloudflare rules (? Is that what its called?) via their API. It’s a premade action called “cloudflare-token-multi”

We expose about a dozen services to the open web. Haven’t bothered with something like Authentik yet, just strong passwords.

We use a solid OPNSense Firewall config with rather fine-grained permissions to allow/forbid traffic to the respective VMs, between the VMs, between VMs and the NAS, and so on.

We also have a wireguard tunnel to home for all the services that don’t need to be available on the internet publicly. That one also allows access to the management interface of the firewall.

In OPNSense, you get quite good logging capabilities, should you suspect someone is trying to gain access, you’ll be able to read it from there.

I am also considering setting up Prometheus and Grafana for all our services, which could point out some anomalies, though that would not be the main usecase.

Lastly, I also have a server at a hoster for some stuff that is not practical to host at home. The hoster provided a very rudimentary firewall, so I’m using that to only open necessary ports, and then Fail2Ban to insta-ban IPs for a week on the first offense. Have also set it up so they get banned on Cloudflare’s side, so before another malicious request ever reaches me.

Have not had any issues, ever.

I am using both and this somehow made it to my phone, wtaf

Yeah, +1.

I’ve been an avid fan of applocation launchers like rofi and dmenu on the desktop forever, and the “swipe down and immediately search” feels as close as it can get to the mobile equivalent of those.

When I first switched to nix, I made an error copy-pasting my hashed password into a secrets file.

Reninstalled the system 5 times, each time immediately locking myself out, almost

Managing ~35 machines without issues now though.

FWIW, Lidarr works the worst out of the arr stack for me too. I don’t know if there’s just not enough well indexed material in my sources or what, but yeah, not great.

If your entire experience with the arr stack has been Lidarr so far, give it another shot! Sonarr and Radarr work absolutely perfectly. It’s just such a nice feeling to open Jellyfin (or I guess Plex) on the TV and go “oh nice new episode is out!”

I recommend using Usenet for German stuff, all the private trackers I have tried in the past were… seedy.

Yes, you need to pay for access to the Usenet, but it’s worth it for German language audio IMO.

Check out scenenzbs.com, no need to pay to search there. Check if everything you need is available, though likely, it will be.

I have not had a failed download yet.

Noita!

Also the Dead Cells DLCs.