dblsaiko

The database store is in /var/lib/postgres. You can just connect that disk somewhere else and start the database using the same (important!) major release of Postgres. I think the major version number is in the folder name. Then do whatever from there.

Poob has it for you.

Bought music from iTunes (not Apple Music, the streaming service!) is DRM-free just as Bandcamp, and I’ve lost music from my Bandcamp profile as well because the artist deleted their account (which I luckily downloaded most of beforehand).

The effectively only difference is Bandcamp offers lossless downloads.

Hm, okay, that does sound like the real client IP will get lost and every connection will appear to come from the proxy then. It would be good if that were passed somehow. My current setup adds the X-Forwarded-For header for example.

Oh interesting, I’ll have to look into that. Is this with that “proxy protocol” I’ve seen mentioned? If not, does this preserve it pass through the client socket address?

Tbf, technically data is still decrypted at the reverse proxy and then re-encrypted. So if someone manages to reconfigure the proxy or read its memory somehow they could read traffic in plain text.

However then since they have to control the VPS, they could also get a new cert for that domain (at least the way I’ve configured it) even if it was passed as is to the real host via a tunnel and read the plaintext data that way, so I don’t think a tunnel protects against anything.

If someone manages to get root (!) access on this VPS it’s over either way.

Yes, you can just use a reverse proxy for IPv4 only and point it to the IPv6 upstream. That is what I do, with a separate DNS record which then combines the two. See the DNS records for id.knifepoint.net (CNAME), http.vineta.knifepoint.net (AAAA, A) and vineta.knifepoint.net (AAAA).

The reverse proxy config and certificate management is set up with NixOS, if it helps: https://git.dblsaiko.net/systems/tree/nixos/defaults/v4proxy.nix https://git.dblsaiko.net/systems/tree/nixos/modules/sys2x/v4proxy.nix

The experimental status is more about that not everything is implemented yet (not that everything can be implemented, for example due to HTML not being oriented around having multiple pages in a document), so you have to write a bit of raw HTML sometimes. This is an example of how raw HTML looks, it’s the shell for my webpage.

There’s experimental HTML support. I’m using Typst as a static site builder for my website.

Two different rDNS names, for stuff that uses it. For example if you want to run mail and an IRC bouncer under different domain names.

Lists with 100k items? Impressive. I can see how with a document like that it will run out of memory. Is it a stack overflow? You could try increasing the stack size in that case.

As a Typst enjoyer I have to say this isn’t it imo from a quick look at the readme. Typst’s mix of markup and code modes is excellently designed and a high bar for anything to beat, and this looks like it doesn’t come remotely close. (I do have to say, I also heavily dislike Markdown in general)

Yup, anything you can come up with will only work as well as putting “Delete after reading.” in the mail. You have to trust the recipient.

Tbh I haven’t had too many problems with Postfix – however it is certainly a footgun and it would be nice to have fewer parts to connect together, and better defaults. I might try it out, it looks interesting.

From its web page it sounds like it is both a MTA and MDA, has a built-in spam filter, plus has calendar, contacts and file storage. Do you know how it compares to my current setup of Postfix, Dovecot, and rspamd (and Nextcloud for the others)?

My #1 advice is to keep domain and mail/whatever else hosting separate. You can transfer your domain to another registrar, and then get an email hosting service that allows you to use your own domain.

That way you can move your email to another provider without also having to move your domain and vice versa.

My domain registrar is INWX, and I host my mail server on my own VPS so I can’t speak to the quality of any mail service but Hostinger allows you use an external domain.

That DNSSEC status does not have anything to do with being able to transfer your domain AFAIK, that is instead generally something different called Transfer Lock.

To transfer your mails, what I did in the past was just connect the two mailboxes via IMAP to a local client and copy everything from the old mailbox to the new one (or to a local one first, whatever). As long as both sides support IMAP, you don’t have to have any special support from either provider. But it’s probably nice to have.

You can connect non-Gmail mailboxes to the Gmail app but there are better alternatives. Thunderbird as you said, for Android there’s K9-Mail. Personally I use KDE’s KMail and Apple’s Mail app on my computers/phone. YMMV.

Jolla C2 looks pretty interesting.

It sounds like you need a split DNS setup. systemd-resolved can do this for example. As soon as you need any sort of slightly more complex DNS setup using just resolv.conf isn’t going to cut it.

Looks like my teeth necklace dream might become a reality without having to resort to questionable means.

(Seriously though, this is great!)