r0ertel

joined 8 months ago
[–] r0ertel@lemmy.world 1 points 1 month ago (2 children)

I think this is exactly what I'm looking to do. Thanks for such a detailed writeup!

I did some reading last night and think it lines up with what you're saying. I found docker-mailserver with some configuration. The only thing I need to add is mail filtering to folders and I think that's included.

[–] r0ertel@lemmy.world 2 points 1 month ago (2 children)

I'd like to hide behind the service that I'm paying for without incurring extra fees for retaining it all. I can figure out the pull side by using fetchmail or something to a server that hosts dovecot, but the sending side is confusing since I'd need something that can receive my email and send it via the service. It's only 1 email address, so I'm not looking for a mail relay, but something like a full caching mail proxy.

 

Does anybody here self-host a mail-by-proxy solution? If so, I'm interested to hear about your setup, experiences and any drawbacks. I have a custom domain and a hosted email service with a very small amount of storage. I'd like to host something locally so that I can keep all my email without stressing about the space. I also want to be able to use email on my phone and computer and a web interface for tablets or while traveling. Finally, I'd like emails that I send to be stored locally so I can search it. Does anybody else already do something like this? I can forge my own path, but oftentimes, somebody else is already doing it better.

[–] r0ertel@lemmy.world 1 points 1 month ago (1 children)

I started watching the video. I was not aware that LetsEncrypt supported wildcard certificates. Does this mean that your internal network uses the same domain name as your externally-hosted services?

[–] r0ertel@lemmy.world 2 points 1 month ago

I tried step-ca to start with, but my primary use case was for certs in the cluster, which cert-manager is more suited for natively. Maybe step-ca has improved, I was using it in the early days. My goal isn't a short lived cert as much as it is to have an easy configuration and to learn.

[–] r0ertel@lemmy.world 1 points 1 month ago

I think it may support it, but it's not well documented. I'll need to read up a bit. I started with helm charts but like how operators, um operate. They upgrade on their own and are very stable. Honestly, though, it was mostly because I wanted to learn how they work.

[–] r0ertel@lemmy.world 3 points 1 month ago

I think this is what I'm going to do.

[–] r0ertel@lemmy.world 1 points 1 month ago (2 children)

Yes, monthly is too fast. I'm using a K8s operator for cert-manager which defaults to a month. I think I can patch the CSV with an annotation that will bump that out, but when the operator updates the CSV then I need to repatch it.

I was polling the community to see if there's something that is easy to use but I was not able to find in my searches. It seems like a common problem.

Part of my problem is that I chose to use a K8s operator for cert-manager which isn't easy to configure. Had I used a helm chart, i'd have bumped the root cert to 10 years and forgotten about it.

 

How do you manage the distribution of internal TLS network certificates? I'm using cert-manager to generate them, but the root self-signed certificate expires monthly which makes distribution to devices outside of K8s a challenge. It's a PITA to keep doing this for the tablet, laptop and phones. I can bump the root cert to a year, but I'm concerned that the date will sneak up on me. Are there any automated solutions?

[–] r0ertel@lemmy.world 8 points 1 month ago

OK, easy solution: don't open outlook.

Most of the time that I'm in the office, my laptop is closed anyways, you know, for collaboration.

[–] r0ertel@lemmy.world 1 points 1 month ago

I wouldn't doubt that. I just wanted to pretend for a moment that the thing they're taking from us would result in the one thing that they seem to fear the most.

[–] r0ertel@lemmy.world 8 points 1 month ago (3 children)

With all the employees back in the office, they'll have plenty of time to hang around the water cooler and discuss all the ways to unionize. Leaving the company is great as an individual, it sends a message. Unionizing helps to restore the balance of power vs rights and is exactly what Amazon doesn't want. This (IMHO) is how you "F them hard". Additionally, it'd send a message to the other companies who want to flex on the people who make the company work.

[–] r0ertel@lemmy.world 3 points 1 month ago (1 children)

Indent to find an article to back up what I remember and in 2020, a woman was held in contempt of court and jailed for refusing to provide a passcode. The case was later overturned.

[–] r0ertel@lemmy.world 1 points 1 month ago (8 children)

Double check this in the state or country you're in. I recall something from a few years ago where the police could force you to give a swipe pattern and maybe pin since these items are not covered in the same way that a password is.

view more: next ›