Thank you, it’s a lot of work and I could get by with a lot less but I’d like to essentially have enterprise level everything for me to just fuck around with and provide to friends as i see fit. It’s a bit if a hodgepodge of well implemented stuff stuck together with duct tape and bubblegum but im refining it slowly all the time.

I fr hate using AI to troubleshoot because I can feel how it makes me lazy, but sometimes using AI is better than banging my head against a wall for 10 hours. And usually i stop once I find a productive line of research or investigation to follow.

For local DNS i run FreeIPA since everything in my network is domain controlled. I’m gonna look into adding filtering through that, but we’ll have to see how it goes.

Theres so much I end up handling manually with my UDM that at this point i might rather just install open source routing software on it atp. I don’t even use the web UI for wireguard because I can’t even specify the allowed IPs for a connection.

I just turned off ad blocking. I can set up network wide filtering without relying on proprietary incompetence.

I’m not entirely sure how I want to run my ad blocking yet. I left adblocking on for the wifi subnet because I don’t mind it there, and I have ublock origin on my PC. I might use PiHole but my DNS on my network is actually managed by FreeIPA so making sure everything works properly there is paramount. I’m pretty sure I can do that easily but I need to test it to make sure my forward zones work as expected and nothing breaks.

Yeah I found some documentation from Ubiquiti afterwards that said all DNS requests would get proxied, although it didn’t mention it wouldn’t forward dynamic updates.

I did use dig, but I didn’t do a trace which probably would’ve been helpful. I just didnt anticipate that id be getting MITM by my own infra.

Bitwarden as Vaultwarden enables TOTP.

I actually have a hybrid setup. My public DNS and my mail server are in the cloud as those are too important to risk going down. I also have a FreeIPA replica in the cloud to help manage them. Then I set basically everything else up in my homelab because I don’t care if roundcube goes down so long as IMAP and SMTP still work.

I have the renewal process itself automated, just not the replacement process.

I selfhost my own mail server (my primary mail in fact).

My LE certs expired on Christmas eve, when I was also getting sick. I didn’t realize my mail server was down for a week until about NYE. Luckily Postfix queued all my emails and there was nothing important lost, but I am reevaluating self hosting my mail server. That being said, this was also the worst issue I’ve faced in over a year of self hosting mail. And it only arose because my dumbass still hasn’t automated my certificate rotation.

ofc!

grayjay, it’s an app developed by Louis Rossman to combine a lot of streaming platforms into one privacy and security respecting app. it does have billionaire backing tho if that yanks your chain

I agree with you but that doesn’t mean everyone does. Whether you like it or not, social media platforms are going to be used. OP is just sharing a tool they built and believe may be useful to others for free. There’s no need to shit on their work just because you ideologically disagree with the underlying services managed. Again, I feel the same way as you but OP is contributing a useful tool to the people; that is seldom a bad thing. I could see myself using this to boost my LinkedIn presence, because it’s one of the few things I have and need in my early career. Would I like to get rid of my LinkedIn? Absolutely. Do I despise most social media platforms (including Lemmy to a degree)? Definitely. Do I appreciate OP for making and sharing this? You bet I do.

I just haven’t gotten around to setting it up is all.

I am also trying to degoogle/debigdata my life, but it seems we’re taking radically different approaches to it. I wish you luck in your journey!

I set up a mail stack on Rocky Linux with Postfix, Dovecot, and rspamd. I don’t need a database because it’s all LDAP on the backend, and I don’t have webmail setup right now because I’m lazy. It’s a bit of a hassle to get up and running well but it’s pretty solid and I’m careful about managing my domain reputation so I don’t have any issues with my mail being delivered.

I have NFS shares from my ZFS pools on Proxmox

This is really helpful, thank you!