My latest project runs on a VM I use vscode’s ssh editing feature on. I edit the only copy of the file in existence (I have made no backup and there is no version control) and then I restart the systems service.

So what if I mess it up? Big deal. The discord bot goes down for a few minutes and I fix it.

Same goes for the machine configs. Ideally the machines are stable, the critical ones get backups, and if they aren’t stable then I suppose the best way to fix it would be in prod ( my VMs run debian, they’re stable).

Pretty much all monitoring solutions on the market track cert expiration nowadays. I get an alert when any of my certs have <5 days left

It requires an LTE capable gateway and a data plan. As for the rest you can simply write your routing tables so that if the main gateway doesn’t work, use the secondary gateway with lower prio.

Indeed, but in that case an off-the-shelf SMTP relay works fine.

So to be clear, you want traffic coming out of your VPS to have a source address that is your home IP?

let’s go back to fundamentals and assume for a second that your VPS provider allows these packets out and your VPS initiates a TCP connection like that. It sends a TCP SYN with source: home address and dest: remote.

The packet gets routed to the remote. The remote accepts and responds SYN/ACK with source: remote and dest: home address.

Where do you think this packet will get routed? When it gets there, do you think the receiving server (and NAT gateways in between) will accept this random SYN/ACK that doesn’t appear to have a corresponding outgoing packets sent first? If so, how?

You need a proxy for outgoing to avoid your source server being on a residential adress, which all but guarantees all mailservers using spamhaus etc will block you by default. DKIM and DMARC are needed in their own right but an SPF fail will already make your mail fall into spam.

Not really. Your VPS’s public IP is not yours to change, for obvious reasons, and it’s unlikely that your hosting provider will let you send packets from your VPS using a source address that is incorrect. if they let you, then any replies to those packets will evidently get routed to the actual IP, ie your home IP. If you really want to forward SMTP to your VPS (which has less chance of being on a Blocklist by virtue of not being a residential IP), I suggest declaring your VPS as your SMTP sender in SPF, instead of declaring your home IP and trying to make that work with the VPS IP. The VPS can then be configured as an SMTP relay (this is a key feature of SMTP) to your home instance, or you could forward all traffic on the appropriate ports at the TCP level, but I don’t advise doing this.

I hope you understand that if what you’re asking was possible, I could rent a VPS, spoof your IP and receive traffic meant for your IP without any issues. For the same reasons, I think the other commenter mentioning x-forwarded-for headers is wrong if you’re not using DKIM (and even then it’s iffy). Otherwise I could just write a payload with mailto: whatever, from:you@yourdomain and x-forwarded-for: your home IP and pass SPF checks without having control over your IP.

if you’re still confused about SMTP feel free to ask more questions

It exists, but it’s generally really small shops that I wouldn’t feel comfortable recommending.

The bigger hosting providers are fine with the status quo, because it means their support tickets are from people who at least know something about anything rather than complete noobies who need help resetting their password (not that there’s anything wrong with that, it’s just higher volume and not what hetzner staff is trained on)

There are several remotely controlled torrent clients, transmission comes to mind. It has web interface and state of the art is that the webpage registers itself as a magnet: link handler so clocking one adds it to the remote server (disclaimer: I don’t actually know that that is a feature of transmission. I use a client that is integrated with my router and it has this despite the router not being particularly nice)

OpenLDAP can do this for you, and it has nice web interfaces that allow for self-serve account management and much much more.

Revolt is a matrix-compliant client and server combo. It’s easier to deploy than synapse+element but obviously you miss out on some fringe features. There’s also the issue that a lot of the hard parts of setting up a matrix server are due to the video part.

Since OP wants video chat and screen share first and foremost, and since revolt and matrix both use jitsi for this, OP can use straight up jitsi and set up matrix/revolt later.

That’s nice, but since android 11 you can’t do that anymore.

It can’t do that. You give it an empty folder and that folder is sync’d.

Funnily enough containers are fundamentally apparmor+ a chroot under the hood

Funnily enough containers are fundamentally apparmor+ a chroot under the hood

Consumer motherboards have some USB ports that have standby power @2A. Or the power supply has a 5vsb rail as well, that’s where that comes from.

Usually you define a VLAN dedicated to your IPMI devices, only accessible through an access-controlled way (usually, VPN served by the firewall but don’t do that if you’re virtualizing the firewall for obvious reasons). The DC might offer a VPN of their own specifically for this purpose, or you can pay them for more space to install a physical firewall but that’s a more significant investment.

Ultimately best practices say not to expose the IPMI to the internet, but if you really have no choice and your thing is up to date then you only need to fear 0-days and brute force attacks, the login pages are usually pretty secure since access is equivalent to physical access. You will attract a lot of parasite traffic probing for flaws though.

Tbh I worked on a campus where we had total free access to our bays in the local DC (like 5 minutes away by car), even in the dead of night we just had to make a call to not get stopped at the door, and even then IPMI is still just so much more convenient than sitting on the floor with your laptop, a VGA screen and PS2 keyboard among your tools in a loud DC with mandatory earplugs and an eye on the nitrogen fire supression that really has no reason to trigger but it could and that is terrifying.

Or you could have IPMI and be sat at your desk with coffee and listening to music. Your choice really, I wonder why iLO licenses are so expensive :P

I’d avoid buying new. For the same price as new, you could get a server or 5 from liquidation auctions and old stock. Companies basically give away 5 year old hardware when the warranty expires (the reason they buy new is the warranty, so they can blame it on Dell if they lose a lot of money and Dell doesn’t try to help).

Fyi Intel and AMD don’t count TDP the same way.

In a sane world heat output = power consumption (yes not exactly but for our purposes it works) but Intel has a fudge factor to it’s TDP number and AMD straight up doesn’t count power or heat output in it’s TDP formula and basically just makes it up (the formula includes such factors as “how hot should the part run ideally?”). They more or less agree in general but just because the 2 numbers are the same doesn’t mean they are comparable.