You can use socks server for download toorrents. Best choise insert socks traffic to wireguard connection and use sockd for outgoing and clean wireguard + port forwarding for incoming connections.
And you can use i2p network for download torrents in that networks. qBittorrent support it in experimental mode.
I use my home server as media library and cloud gaming device (kvm with sunshine). Also I hosted my friends web sites and some my sites.
hosting my home lab’s server on hetzner would have been much more expensive I think.
But in reality, this will only allow you to receive incoming mail. In order for outgoing mail to work, it is necessary that the mail server and all the strapping go through the VPS to the Internet. This requires a rather complicated configuration of iptables, and I recommend that you simply either fill up the mailer on a VPS (there will be a maximum of gigabytes of mail. it’s not that heavy), or buy a static address at home.
If you still decide to go the hard way, here’s an approximate plan for what you need to do in the spirit of iptables, because setting it up in firewalld is a real torment.:
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A OUTPUT -m owner --uid-owner 924 -j MARK --set-mark 0x300
COMMIT
where 924 is the postfix user ID, you may have a different number. check it out
ip route add default via 10.8.12.4 dev wg0 table 100
adding the default route via the VPS address to the routing table 100. replace 10.8.12.4 with the address of your VPS and wg0 with the name of the interface for communication between the VPS and home. Then
ip rule add from all fwmark 0x300 lookup 100
We are sending all packets with the label 0x300 to the routing table 100. In other words, the postfix user will have his own custom routing table via VPS.
This creates several problems due to the fact that with this configuration, it may not be possible to connect to postfix via your server’s interfaces. But in basic case all will work. Bypassing this problem will create even more complex routing rules and will generally be overkill. But if you’re interested, write to me and I’ll sign it.
Well… as I already wrote, my home server is literally on the Internet because I rent a static public IP address from the provider.
But if you have a VPS, then you just need to do port forwarding to your server with a VPS, and then add the following entries to the mx DNS server:
you.domain. 21600 IN MX 10 you.first.vps.
you.domain. 21600 IN MX 20 you.second.vps.
Where 10 and 20 are the server priority Or if the VPS is part of your domain then:
you.domain. 21600 IN MX 10 first.vps.you.domain.
you.domain. 21600 IN MX 20 second.vps.you.domain.
first.vps.you.domain. 21600 IN A 1.1.1.1
second.vps.you.domain. 21600 IN A 2.2.2.2
And if you also have IPv6, you can do
first.vps.you.domain. 21600 IN AAAA fd00::1
second.vps.you.domain. 21600 IN AAAA fd00::2
Where 1.1.1.1, 2.2.2.2, fd00::1 and fd00::2 are the addresses of your VPS
You also need to enter the address in the SPF:
you.domain. 21600 IN TXT "v=spf1 +mx -all"
What does it mean
v=spf1 is the SPF version.
+mx – it is allowed to send mail from the IP addresses specified in the MX records of the domain.
-all – prohibits sending from any other servers (hard refusal).
Also, in order for the signature to work on the mail server, you need to make several TXT entries (for a detailed explanation, see my links about DKIM):
keyname.__domainkey.you.domain. TXT "v=DKIM1; ...%DKIM params%"
and
you.domain. 86400 IN TXT "v=DMARC1...%dmarc params%"
And you need ask you VPS provider set PTR for you VPS IP address with first.vps.you.domain. Or some providers access that config in web panel.
Thanks, I’ll give it a try sometime.
On my home server. My ISP gives me a static address and makes PTR records for only about $1.5 per month.
I have been using my own email for many years (to this day). Everything is working great. The main thing is to have a static IP and be able to specify your domain in the PTR record of the ip address.
In general, you will need: postfix (https://wiki.archlinux.org/title/Postfix) OpenDMARC (https://wiki.archlinux.org/title/OpenDMARC) OpenDKIM (https://wiki.archlinux.org/title/OpenDKIM) Dovecot (https://wiki.archlinux.org/title/Dovecot) Some interface to choose from (soGO, roundcube) Maybe graylists, ClamAV, SpamAssassin, or something else to protect your mailbox from spam and viruses. And if you want filtering functionality, then you also need Sieve.
Well… In my case, as many potatoes as you want. Even if I grow it on an industrial scale, I will only need to pay 4% sales tax. And for myself, I can grow at least 100+ kg of potatoes without any problems. (Because of the size of the plots, I can literally grow tons of potatoes).
And yes, I use UV lamps for seedlings every spring. Just like literally everything in my village. This happens when the daylight is very short. These are the countries with risky agriculture. I think it would be funny for some foreigners to watch the picture of the village where in every house at night with ultraviolet light shining on the windowsills =)
archlinux + podman / libvirtd + nomad (libvirt and docker plugins) + ansible / terraform + vault / consul sometimes
UPD:
archlinux - base os. You never need change major version and that is great. I update core systems every weekend.
podman / libvirtd - 2 types of core abstractions. podman - docker containers management, libvirtd - VM management.
nomad - Hashicorp orcestrator. You can run exec, java application, container or virtual machine on one way with that. Can integrate with podman and libvirtd.
ansible - VM configuration playbooks + core system updates
terraform - engine for deploy nomad jobs (docker containers. VMs. execs or something else)
Vault - K/V storage. I save here secrets for containers and VMs
consul - service networking solution if you need realy hard network layer
As a result, I’m not really sure if it’s a simple level or a complex one, but it’s very flexible and convenient for me.
UPD2: As a result, I described the applications level, but in fact it is 1 very thick server on AMD Epic with archlinux. XD By the way, the lemmy node from which I write is just on it. =) And yes, it’s still selfhosted.
I’ll do the “Ku” pose from the movie Kindzaza a couple of times and the dog will come running to jump around me. For some reason, he loves it when I do that.
I often clean and place aromatic oils in the rooms + live plants.
The only way to connect the SIM number directly is to hack the VoWiFi protocol, but this is not trivial and you still need to install the SIM in the server.
Option 2 - Buy a home SIP2GSM gateway. But it’s quite expensive (by the standards of my region anyway). SMS work with SMPP, calls work too. For goIP I wrote telegram SMS gateway if you interesting: https://github.com/lifespirit/telegram-smpp-bot
Or use SIP providers from your region/operators that support SIP connectivity and then enable full calls redirection. For calls ok.
UPD: or just use VoWiFi from mobile phone. But you need sim slot in phone.
Anyway in all another way you need install asterisk/freeswitch and write config fot it. And linphone client.
the idea is that: all your applications work under the same user. or at least under the same group. because this is exactly how the differentiation of rights is applied.
A good plan is to create some kind of user in all three containers and run qbittorrent, samba and the third application under it.
A bad plan is to run everything under a random user with 777 rights, but this is a really bad plan.
Create a user in all three containers and work under it. That is not hard. Run qbittorent with that user. Config will be there: /home/user/.config . Then set that user for samba. I don’t know third app , but I think you can find how change user in manual.
You can use Revolt. Literaly Discord clone. https://github.com/revoltchat
Her argument for being vocal is that her and her generation will have to live with the consequences of our fuckups the longest and hardest.
Surprise, but if you stop generate energy by oil you can’t have hard industry. It is quite difficult to cast steel without huge energy consumption. And aluminum is even more difficult. But for some reason, no one wants to ride horses and abandon airplanes. Them can stop buy industrial products. And problem will gone.
And no, strangling heavy industry in your country until it is evacuated to China is not a fight for the global environment.
It is convenient, of course, to tell what idiots everyone around is without having worked a single day in heavy industry. And in Greta’s case, without having worked a day at all, apparently. I suggest she work at the factory for a couple of years and then repeat her statements.
And it is better to live for a couple of years in a country with a less mild climate. Let’s say where it is -30 in winter. Surely she doesn’t hope that all 9 billion people will fit into the warm bosom of the Gulf Stream? Pollution from heating is also very significant. We don’t even turn off cars here in some cities because then we just won’t start them.
You really won’t see this in the USA, because few people even reach the border. After September 11, the United States is fine with eliminating threats. For example, the United States knew about this attack for 2 weeks.
UPD: I also remind you that after September 11, the United States did not limit itself to one person but beat up an entire country
You need to create an MX record in the DNS zone of your domain. Something like:
@ IN MX 10 my.zome.
@ IN MX 20 server1.my.zome.
You can create 1 MX record or more. 10 and 20 server priority for input mails.
Then you need to create an spf record. There are several options here. For example
allows you to send emails from A domain records, then from MX domain records and prohibits from all other hosts.
Theoretically, you can only create an SPF record with A but without MX and dont create MX DNS records. Although I have not tried this configuration.
This is the minimum set after which you will get into spam, but at least the letters will reach.
You also need to make a PTR record to avoid spam folder, but this is not possible on a dynamic IP.
interesting facts about LVM:
You can make a volume snapshot of the system before a major change (for example, an update).
You can enable caching and use HDD together with SSD cache
You can build raid 0,1,5 directly on LVM (you still need modules from mdraid)
Even without a raid, you can expand the partition beyond one disk to another or migrate the partition from disk to disk (without even disabling it)
However, all this is done from the console and I do not know if there is a GUI.
I just use linphone with flexisip. I don’t understand why SIP dropped out of this chain.
And yes, there are encrypted 1-on-1 or group chats and you can send photos and documents. As a bonus, you can connect a SIP provider to access the telephony line.