DNS challenge so you can get a wildcard cert? Or is it still per domain? I haven’t looked recently but it seemed difficult but I’d like to avoid transparency log installs where I can.

*autofs

Is it any good?

What expected problems did podman end up surorising you with? Is the software more stable and not constantly updated like docker? I want to move to podman at some point as well and I understand for a lot of cases it is just “drop in” but I run a lot of containers and I’m skeptical it’ll be that simple.

Especially with software distros like home assistant and matrix both explicitly pushing you to official docker due to some features.

Down votes be damned, you are right to call out the parent they clearly dont articulate their point in a way that confirms they actually understand what is going on and how an open source model can still have privacy implications if the masses use the company’s hosted version.

Throw up a pihole container and it’ll show you what is being queried pretty easily right on the dashboard.

This mentality is backwards. Hosting email has pitfalls yes but in a world where more people do it the less deep those pitfalls will become.

If you are curious and want to host email go for it!

So?

Hahah. You must be bored.

Caddy is the answer. Makes running a reverse proxy with certs totally straight forward.

Right you said that above and that is what resulted in my larger response. Reiterating without any more information doesn’t really change your position in a tangible way. I appreciate that is your stance and many others’ stance. I think we need to encourage the opposite to change the landscape of the internet.

We, selfhosters and sysadmins alike, need to change our tune around the position of “do not self host email.” It only serves to keep email in the grip of big tech. Yes it is difficult and someone without any experience shouldn’t start there but it is definitely manageable and not nearly as hard as it is made out to be.

There are multiple email “distributions” nowadays making the software stack set up and maintenance effectively an exercise in running a regular Linux distro upgrade. Mailinabox and mailcow to name two off the top of my head.

The DNS records are relatively straightforward to set up and validate with these mail distros, they basically tell you what to put and provide ways of validating you did what they said you should. There are also many ways to test that you set them up properly by having a service validate them via email you send to the testing service, e.g. mail-tester.com and dmarctester.com, finally DMARC has a report function builtin so you can get regular delivery reports that come directly from the servers that are choosing what to do with your email giving you a clear signal when there are problems.

You don’t have to jump into hard mode around a clean IP either you can offload that for a nominal fee to an email service provider if you don’t want to try your luck, e.g. MXroute.com has a one time fee for multiple domains.

Yes email is convulted and confusing at times and scary to host given how essential it is but I’d encourage anyone with the time and desire to do it.

That’s correct and a good way to test it out.

“invisible cryptography” I sure hope this isn’t an empty promise. The number one gripe I have with matrix/element is the absolutely horrendous crypto dance they make you do.

Ampache, good web interface and subsonic client support.

Munin is a tried and true solution. It installs on the server creates graphs and makes it easy to see a stair step graph to problems like out of memory.

I’d also highly recommend installing atop and having it collect stats every 1 to 2 minutes. You can go to a crashed server and step through what was running in a “top” like interfsce. I install atop on any server as a means for post incident diagnosis.

I’m also hopeful fcast gets some more love. The ability to mirror my whole android screen to an fcast server would be great they have servers for Mac, Linux, Windows, and Android but not a lot of clients.

Grayjay integration works well I use it instead of casting.

Is there a good mobile workflow for this?

Ampache with subsonic for app support.

This is what I do as well. I use terraform/tofu and add two entries whenever I add a new domain, one for my external provider and one for my pihole pointing at my internal IP for my home network.