Running Jellyfin off of a VPS provider seems needlessly expensive. I guess server hardware has an upfront cost, but having real hardware to host it on at home will be far more cost effective long term, especially for storage.

Yeah, that’s my main concern. I believe the Immich developers have said they have no desire to implement it, though… Which is fair enough, it doesn’t work for my desired use case though.

I want all data to be encrypted before it even reaches the server. Yes, I don’t want to trust even my own server for my image backups :), particularly since I would want to use something like Immich to provide photo backups for friends and family and I don’t even want to technically have access to their unencrypted photos unless they explicitly share them. I kind of want the attack surface for my photos to be as small as practical too. It’s almost certainly worse to have them available on my device unencrypted than a dedicated server, but it’s worse to have them unencrypted on both (and I want photos available on device so, thems the breaks).

I get that a lot of people won’t care about this and that they’d rather be able to run the image recognition features of Immich on the server and stuff, but I don’t think it’s entirely unreasonable to want encryption for this. If nothing else I’d love to be able to back up photos for friends and family and legitimately be able to tell them that it’s encrypted and I can’t see any of it. It’d be even sweeter if they could do image recognition on device and sync that metadata (encrypted) to the server as well.

I’m kind of disappointed by the lack of encryption. It sounds great, but I don’t want to trust the server.

I have a catchall inbox so I can just make up any email I want and everything gets forwarded to the catchall inbox. It’s pretty easy to set up if you do host your own mail server (which is relatively easy for receiving mail). Obviously this doesn’t integrate with bitwarden or anything, though. If you want to forward emails to your main email account on a big provider you’re going to have to make sure your server can send emails you can potentially use a relay service for this, or just set it up yourself (you’ll mostly just need some DNS records for SPF / DMARC / DKIM).

Oh no! I’m sad to see that you’ve run into troubles :(.

There are other “fully put together” solutions like mailinabox and mailcow, that could be worth looking into for you. I haven’t used them personally, but you might find them worth looking into. I’d never heard of mailu before, actually.

Totally understand the desire to just move to a hosted solution after running into these problems, but even if you do that I think you should keep running a mail server in the back of your mind for the future — you’ve already learned a lot about it I’m sure, and maybe with a bit more experience you’ll be ready to tackle it again :).

I don’t actually use any of the fully assembled solutions like mailinabox, and I wonder if in the future it might be a good idea to try configuring everything manually. You already have some familiarity with how mail works at this point, and having more control over the setup and how everything fits together might actually work out for you. Personally I’m running an OpenSMTPD + Dovecot mailserver and having a great time. I’d recommend it.

https://poolp.org/posts/2019-09-14/setting-up-a-mail-server-with-opensmtpd-dovecot-and-rspamd/

Either way, I think you should keep using a custom domain for e-mail because then you have options in the future :).

They usually get it sorted out pretty well, but their response times can be a little slow. It’s potentially not a huge deal for you, and overall they’ve been okay… this is sort of understandable because they’re in New Zealand and seem to want to make sure their support staff are paid well (though they were bought by a larger company recently, so I’m not sure if this still holds, seems like it did as of 2019, though):

• https://iwantmyname.com/blog/making-customer-support-sustainable-with-a-small-team-based-on-a-tiny-island
• https://iwantmyname.com/blog/the-one-salary-experiment-ten-years-in

This makes them seem like a cool company, and I’d like to support them… But despite that I do feel a little disappointed paying more for a worse service, and I think they really need to invest in providing interfaces for some of the more advanced DNS settings, particularly if their customer support is going to be limited by their own admission.

They also have some blog posts about customer service that give me some weird vibes…

• https://iwantmyname.com/blog/how-to-become-the-customer-that-every-support-team-member-loves

Definitely in support of their customer service team in this example, and don’t want them to be treated poorly or sworn at or anything… But it’s a little weird to put this on blast like this and I think it’d be a better look to just leave it at “these are the things that would help us help you, we need to make sure accounts are secure so we can’t just ignore passwords, etc etc”

And it’s also a little weird that they have this post complaining about some web-hosts poor interface and customer service too:

• https://iwantmyname.com/blog/bad-documentation-is-bad-customer-service

Neither of these are particularly bad, but I guess it makes me a bit disappointed that I’ve run into similar problems with them, and I’m not sure they’re doing enough to address things on their end.

I don’t think I’d tell anybody not to use them because they have been good for the most part, but they’re not as fully featured as other registrars in my experience, and they’re more expensive.

It’s pretty common to be able to use your own nameservers. The only registrar that doesn’t allow this afaik is cloudflare. I’m sure there’s probably others that don’t allow this, but most that I have seen seem to allow you to use your own nameservers.

Why do you say you can only have 2 nameservers? I’m sure not all registrars / TLDs will support it, but you can certainly have more than that. I’ve personally had 5 before, but I’m pretty sure you can have even more.

I believe Hurricane Electric allows you to do zone transfers to their nameservers, so I think in theory you can use their nameservers as additional backups. The SOA records will match too because of this, but even if you did something crazy like manage RRs on different nameserver providers without zone transfers I don’t think this would be a problem (well, aside from it getting out of sync unless you’re really careful). The SOA records are mostly used for zone transfers afaik and resolvers won’t really care about them, so even if they don’t match everything should work, no?

I was wondering if somebody was going to mention the he nameservers :). I couldn’t figure out how to get them working, but it seems like a good option! I want to figure out if I can use them as backup nameservers in addition to my own at some point…

I use them right now, but I’ve been disappointed lately and I’m considering moving away. They’re more expensive than other options and you have to contact customer service for some things, but their response times are pretty slow. E.g., they don’t have an interface to add glue records, so you have to ask them to do it… when I did this it took them a couple days to get back to me, and they forgot to add the IPv6 records too. My other domains are registered elsewhere (for cheaper) and they just had an interface to do this and it happened instantly. I keep running into problems like this with iwantmyname and it’s been kind of frustrating. I had problems with their name servers dying for a bit recently too… I was happy with them for years, but they’ve caused enough problems for me lately that I’m wondering why I’m paying extra for them.

You have to use their name servers though, don’t you?

Ah! No worries! I’ve had similar issues with lemmy before.

deleted by creator

Yes, that’s very fair :). You could do this very easily on a cheap VPS or a raspberry pi or similar, but if you haven’t done any self hosting before there would be a bit of a learning curve / investment. Might not be worth it for you, but it seems like you’d get a much cleaner and more elegant solution out of it.

XMPP didn’t really die a natural death, it was kind of murdered. It’s still around though, and works great, but of course the problem is as you mentioned — your friends probably aren’t using it.

You mentioned you’re not really hosting things, but… wouldn’t the easiest solution be to host radicale somewhere so you can just sync your calendars with all of your devices using CalDAV? That seems far cleaner than using syncthing and other services + radicale to sync the calendars.

To be honest, antivirus software is just not really a security tool. If you’re at the point where malicious software is running on your server you’ve already lost and it’s hard to know what extent the damage will be. Having proper isolation is much more important (something which, tbh, Linux isn’t quite as great at as we’d like to think, at least not with additional effort… mobile operating systems seem to take the isolation of applications a lot more seriously). You could maybe argue that the anti virus software is useful for monitoring, but I’d rather have some stronger guarantees that my application isn’t going to take my lunch money and private keys than a notice a day later that something sketchy is on my machine… I won’t flat out say a virus scanner is completely useless, because of course you can contrive of scenarios where one could be helpful, but they’re kind of dubious.

Also yeah, ClamAV afaik isn’t really used like a typical windows antivirus. It’s mostly used on mail servers to scan email attachments. It’s not necessarily even looking for “Linux viruses”.

AFAIK this is not what happens on NixOS. Every package gets installed into a directory that’s a hash of its dependencies in the nix store, but there’s no special isolation or anything on NixOS (well, when the packages are built there’s some isolation, but that’s mostly to keep the builds honest). That said, NixOS is a little better than most distros about creating separate daemon users for services with different permissions, but I don’t think it’s done universally. I love NixOS and it has many benefits, but I don’t think this is one.

Is something local like org / org-roam (maybe in a git repo for sync) out of the question? If you’re messing with IMAP for this I can’t imagine a git repo with text files (optionally gpg encrypted, well supported by org) would be off the table.

It’s harder than a beginner would expect, but also not as bad as everybody says. It’s doable and we shouldn’t discourage everybody from trying it (but don’t use it for anything important until you’re sure it works). Just make sure you set up SPF / DKIM / DMARC and rDNS properly and you’ll most likely be fine. If you’re scared or frustrated you can use a relay for send. Receiving is easy.