Thank you, it’s a lot of work and I could get by with a lot less but I’d like to essentially have enterprise level everything for me to just fuck around with and provide to friends as i see fit. It’s a bit if a hodgepodge of well implemented stuff stuck together with duct tape and bubblegum but im refining it slowly all the time.

I fr hate using AI to troubleshoot because I can feel how it makes me lazy, but sometimes using AI is better than banging my head against a wall for 10 hours. And usually i stop once I find a productive line of research or investigation to follow.

For local DNS i run FreeIPA since everything in my network is domain controlled. I’m gonna look into adding filtering through that, but we’ll have to see how it goes.

Theres so much I end up handling manually with my UDM that at this point i might rather just install open source routing software on it atp. I don’t even use the web UI for wireguard because I can’t even specify the allowed IPs for a connection.

I just turned off ad blocking. I can set up network wide filtering without relying on proprietary incompetence.

I’m not entirely sure how I want to run my ad blocking yet. I left adblocking on for the wifi subnet because I don’t mind it there, and I have ublock origin on my PC. I might use PiHole but my DNS on my network is actually managed by FreeIPA so making sure everything works properly there is paramount. I’m pretty sure I can do that easily but I need to test it to make sure my forward zones work as expected and nothing breaks.

Yeah I found some documentation from Ubiquiti afterwards that said all DNS requests would get proxied, although it didn’t mention it wouldn’t forward dynamic updates.

I did use dig, but I didn’t do a trace which probably would’ve been helpful. I just didnt anticipate that id be getting MITM by my own infra.

Bitwarden as Vaultwarden enables TOTP.

it pisses me off so much. what do you mean theres no way to set the priority of nameservers or to force them to be resolved in a specific order? no i don’t want a public nameserver thats only there as backup to take precedence over my local nameserver thats necessary for kerberos to work!

I think the biggest problem is that developing each other underlying subsystems without the rest is a hassle. As such no one has come up with a non-systemd dbus replacement. But there is a lot that can be replaced. There are some systemd services i just turn off immediately woth new installs and use something else because they’re such dogshit (looking at you resolved).

god i fucking hate systemd-resolved

if sysv init or open rc are ed and sed, then systemd is Visual Studio or Pycharm; they have some functionality that overlaps but they scopes of what they do are completely different

So people hate on systemd because they interpret it as an init system thats gone too far and has thus violated the unix principle. in reality systemd is an entire suite of tools based around a very feature rich and robust service management suite that also includes an init system. there is something to be said about the Linux ecosystem’s reliance on systemd, but there are no comparable tools. this is why Arch uses systemd. if you dont want to use systemd, you can use distros like Arco Linux; however currently Gnome no longer works on Arco

I actually have a hybrid setup. My public DNS and my mail server are in the cloud as those are too important to risk going down. I also have a FreeIPA replica in the cloud to help manage them. Then I set basically everything else up in my homelab because I don’t care if roundcube goes down so long as IMAP and SMTP still work.

bluetooth can be a common frustration point, but the Windows shared folders should work. Do you mind me asking what you’ve tried so far?

meanwhile i set a wait and save so i have time to finish getting ready and uber tells me it’s already arrived.

Just make sure to either read the Arch News so you can avoid most breaking changes, or use paru as your AUR helper as it has a config option to automatically pull the news for you

I have the renewal process itself automated, just not the replacement process.

I selfhost my own mail server (my primary mail in fact).

My LE certs expired on Christmas eve, when I was also getting sick. I didn’t realize my mail server was down for a week until about NYE. Luckily Postfix queued all my emails and there was nothing important lost, but I am reevaluating self hosting my mail server. That being said, this was also the worst issue I’ve faced in over a year of self hosting mail. And it only arose because my dumbass still hasn’t automated my certificate rotation.

How up to date are your graphics drivers/backend?