2xsaiko

Now that I think about it, dovecot drops permissions for security reasons (login runs as the “dovenull” user). It’s probably not a good idea to try to circumvent that actually.

What do you mean by “more powerful” wrt CMake?

CMake is a turing-complete language with some APIs that Meson either doesn’t have an equivalent yet because it’s comparatively new (for example, until 2023, there was no built in way to get a relative path from two paths, and if you wanted that you had to shell out to an external program), or they aren’t going to add because it doesn’t fit their design.

Meson is (intentionally) limited in terms of extensibility, instead it tries to come with everything built in that you need, even down to specific library support like Qt, from what it seems like to me. For example, you cannot define your own functions, it ships builtin modules but does not allow other packages to provide their own (for example like KDE’s Extra CMake Modules), to name a few that I’m familiar with and why I was put off using it so far.

I have yet to see how actually limiting that is, going to try to move the project I’ve been working on for years that relies on some of these CMake features to Meson soon and see how it fares. But considering that big projects like GNOME use it all over the place it’s probably workable in practice, I’ll just have to rethink the existing approach a bit.

Is that considered bait?

Wasn’t it? Go’s build system is very much not what I would call an example of good design (exhibit A: load-bearing comments and file names).

Nice!

I meant that for my one IP address, I set it to have a PTR to multiple domain names.

Don’t do that, yeah. If set it should always point to one domain name, the canonical name for that host, and the domain name should resolve back to that IP.

See https://serverfault.com/questions/618700/why-multiple-ptr-records-in-dns-is-not-recommended

Try Meson first, it should support compiling GNU assembly via the C compiler from what I can find. I’ve been using CMake for years because it is more powerful (finally trying out Meson though for a new project) but in contrary to Meson it is easy to use the wrong way if you don’t know what you’re doing. Meson is very clean in comparison, and also very easy to get started with. (And both these are absolutely better than autotools)

(If only c++ build systems caught up to Golang lol)

Terrible bait

Try this I suppose

userdb {
  args = username_format=%n /etc/passwd
  driver = passwd-file
}

And maybe similar with passdb and /etc/shadow?

What do you have your passdb set to if you don’t mind me asking?

The defaults. Doesn’t show up in doveconf -n.

Currently I have multiple PTR records for all the subdomains I’m using, which hasn’t caused problems yet…

Wait, what? PTR is set on an IP address, not on a domain name. It should resolve to the canonical domain name of the host behind that IP.

Your postfix is set to deliver to lmtp:unix:private/dovecot-lmtp so you need to create the socket there:

 service lmtp {
-  unix_listener lmtp {
+  unix_listener /var/spool/postfix/private/dovecot-lmtp {
     group = postfix
     mode = 0600
     user = postfix
   }
 }

(though for me the path is /var/lib/postfix/queue/private/dovecot-lmtp. YMMV)

What would you suggest I set the PTR record to?

Set system hostname, PTR, and myhostname to NAME.domain.com where NAME is a unique name that you made up (e.g. I have ‘polaris.dblsaiko.net’). This also makes adding more hosts later less awkward (as opposed to having the hostname be domain.com).

For the IMAP login issue, I’m pretty sure this is the cause looking at the “unknown user” error:

userdb {
  args = username_format=%u /etc/dovecot/users
  driver = passwd-file
}

Have you set up the users in that file (/etc/dovecot/users) if you even want to do that instead of just using passwd? Also note %u is the full user string including domain. Not sure how that plays together with auth_username_format=%n which is just the user name.

Personally I just have

userdb {
  driver = passwd
}

so I don’t have anything further to go off of.

Okay, there are two different issues here. First, the mail delivery.

You have

mydomain = domain.com
myhostname = mail.domain.com

and getting

Relay access denied (in reply to RCPT TO command)

This means that received mail is addressed to a domain that is not configured for local delivery, and the mail server is not accepting it to be relayed to the actual target server. This is a good thing, you do not want to have a public relay under any circumstances because it would mean people could make your server launch spam anywhere.

As for why it’s not configured to accept that domain for local delivery, you need to look at the mydestination setting:

mydestination (default: $myhostname, localhost.$mydomain, localhost)

The list of domains that are delivered via the $local_transport mail delivery transport. […]

(from postconf(5).)

You left it at the default value, so it will accept mail addressed to mail.domain.com, localhost.domain.com, and localhost. You’ll probably want to set that to additionally contain $mydomain (at least that is how mine is configured).

Also, something else:

My server’s hostname is domain.com not mail.domain.com (mail.domain.com is what my MX record points to), but this shouldn’t really matter as I configured postfix with:

You’ll want those to match up, system hostname and postfix’s myhostname, since you’ll need to set the PTR record of your IP to match the hostname your SMTP server identifies itself as, and otherwise your server’s IP resolves to mail.domain.com while the canonical hostname is domain.com. It will work for mail, it’ll just not be nice when your server’s IP resolves to mail.domain.com for stuff that isn’t mail and that isn’t the canonical hostname. I recommend giving it some other hostname (or just setting both to mail.domain.com if the system just handles mail).

You have NixOS, it’s easy to give it a custom session path for that.

Also I would use systemd-cat so the output goes into the journal instead of nowhere.

Most computers with (at least) two network interfaces will do. If it’s something too crappy your throughput will be limited by CPU speed but I can’t tell you exact recommendations here. Here’s OPNsense’s hardware recommendations for example, they’re not high at all. Off-the-shelf devices that allow you to do this should probably be fine too.

I’d put Linux on it and use nftables but BSD PF seems to be very popular for firewalls (OPNsense/pfSense are built on this) which I have never used so consider that too.

Not a professional networking guy either but here’s my opinion.

What I would do is use the ISP router as is, open all ports on it (except to itself, hopefully it doesn’t do that…), and put a firewall in between the router and everything else that controls the actual access to everything behind it (in bridge mode between the two network interfaces of the firewall, so you only have the one network).

Could a potential second router also assign addresses to devices in that globally routable space directly?

Devices in IPv6 assign addresses themselves via SLAAC, you just need one device advertising the prefix which the ISP router should already do. The firewall should be able to just purely be there for packet filtering. If you need fixed addresses for public facing servers I would just assign them manually to the respective boxes as you likely also need to add them to public DNS manually anyway.

Huh, I thought I looked through them all when I tried it last time. I’ll check again.

Do you self-host Jitsi? The public instance has absolutely unusable FPS for streaming gameplay which is pretty much the only thing I still use discord for because it’s the only thing that seems to do it well. I read somewhere you can turn up the FPS on a self-hosted Jitsi though.

cgroup names can be read from /proc/PID/cgroup.

pgrep --exact "$1" \
  | xargs --no-run-if-empty --replace cat /proc/{}/cgroup \
  | sort --unique

What does a driver manager do that isn’t solved with a normal (graphical) package manager? Automatically picking the correct one for your GPU?

I see that it can be slower because of having all the dependencies included with the flatpak itself instead of relying solely on whats installed on the system.

No. Packing its own libraries wouldn’t make it slower. If anything it would be the extra access checks added by the sandbox (which is optional FWIW, apps don’t have to use it). I haven’t ever used Flatpak but I would assume the sandbox impact is minimal if at all noticeable.

Kanidm

Yup!