Wasn’t really about triggering, I had just seen a post that ChatGPT will refuse to acknowledge that he is one.

In that case I can really highly recommend it. Nixos on the server is fantastic anyways, and the only hurdle to recommending simple-nixos-mailserver is that most people are not familiar with nix… 😄

It’s a bit unconventional maybe, but I vote simple-nixos-mailserver - IF you are curious / willing to learn nix. It’s essentially just sanely configured dovecot, postfix, rspamd.

My config for those three combined is about 15 lines, and I have never had an issue with them. Slap on another 5-10 lines for Roundcube as a webmail client.

Since it’s Nix, everything is declarative, so should SOMETHING happen to the server, you can be up and running again super quickly, with the exact same setup.

Elon Musk is a Nazi, AND the Chinese government murdered student protestors in the 1989 Tiananmen Square Massacre.

Is this some peasant meme I am too NixOS to understand?

(Joking, joking. A good system settings center is important for graphically managed distros.)

Meh. Each service in its isolated VM and subnet. Plus just generally a good firewall setup. Currently hosting ~10 services plubicly, never had any issue.

Did all that, minus the no ssh root login (only key, obviously) plus one failed attempt, fail2ban permaban.

Have not had any issues, ever

Fail2ban allows you set different actions for different infringements, as well as multiple ones. So in addition to being put in a “local” jail, the offending IP also gets added to the cloudflare rules (? Is that what its called?) via their API. It’s a premade action called “cloudflare-token-multi”

A high-quality laptop without any branding.

I’m currently using a 9-year-old, woefully underpowered laptop made by Xiaomi. Full aluminium unibody, and NO logo. Not printed on, not etched in, not glistening only in the right light. NO LOGO.

I’m not a billboard. I’m not responsible for your brand recognition. Ironically though, far more people have come up to me and asked “hey, what laptop is that” than ever would have cared if there was a logo on it.

It also just looks and feels fantastic, all-aluminium-no-logo just looks so sleek.

So yeah. I will not be upgrading until I find another laptop of the same build quality, with no logo. Tuxedo has that option for most of their laptops, but for some reason not for their only current full-aluminium body -.-

Oh, and don’t come at me with stickers.

We expose about a dozen services to the open web. Haven’t bothered with something like Authentik yet, just strong passwords.

We use a solid OPNSense Firewall config with rather fine-grained permissions to allow/forbid traffic to the respective VMs, between the VMs, between VMs and the NAS, and so on.

We also have a wireguard tunnel to home for all the services that don’t need to be available on the internet publicly. That one also allows access to the management interface of the firewall.

In OPNSense, you get quite good logging capabilities, should you suspect someone is trying to gain access, you’ll be able to read it from there.

I am also considering setting up Prometheus and Grafana for all our services, which could point out some anomalies, though that would not be the main usecase.

Lastly, I also have a server at a hoster for some stuff that is not practical to host at home. The hoster provided a very rudimentary firewall, so I’m using that to only open necessary ports, and then Fail2Ban to insta-ban IPs for a week on the first offense. Have also set it up so they get banned on Cloudflare’s side, so before another malicious request ever reaches me.

Have not had any issues, ever.

Why tho? Over here they don’t need refrigeration, keep longer, and are still salmonella-free. Really unproblematic to eat them raw as well.

I am using both and this somehow made it to my phone, wtaf

Yeah, +1.

I’ve been an avid fan of applocation launchers like rofi and dmenu on the desktop forever, and the “swipe down and immediately search” feels as close as it can get to the mobile equivalent of those.

When I first switched to nix, I made an error copy-pasting my hashed password into a secrets file.

Reninstalled the system 5 times, each time immediately locking myself out, almost

Managing ~35 machines without issues now though.

Dang, oof

FWIW, Lidarr works the worst out of the arr stack for me too. I don’t know if there’s just not enough well indexed material in my sources or what, but yeah, not great.

If your entire experience with the arr stack has been Lidarr so far, give it another shot! Sonarr and Radarr work absolutely perfectly. It’s just such a nice feeling to open Jellyfin (or I guess Plex) on the TV and go “oh nice new episode is out!”

Might even be worth checking if https://github.com/NixOS/nixos-hardware has a straight-up fix for the issue.

I have been scrolling on the front page for a couple of minutes now, and I was going to write that it’s literally all conspiracy theories, but that’s not true, there’s also some “sponsored” posts AKA ads sprinkled in.

What a sad joke.

If you think the fediverse is too centralized, you can always host your own instance. You get all the same “free speech” benefits (plus no free-speech ban on drugs and porn), without having to put one foot into that cesspit of a site.

Edit: oh, and that has to be the worst moderation system ever devised - at least if you are a woman or any kind of minority. Good fucking luck in finding a random jury of users who will ever, ever ban a racist or sexist piece of shit on a platform like this. Come to think of it, that’s probably the idea and justification behind the system: being able to loudly proclaim “we have a democratized ban system ensuring moderator overreach is impossible!” does make a great dogwhistle for “you can be a terrible human on here, don’t worry”

• has a dick so utterly ginormous that even the slightest bit of arousal drains a sufficient amount of blood from his system to make him pass out

Yeah :(