I’m sorry, but have you never had actual Cheddar?

In that case I can really highly recommend it. Nixos on the server is fantastic anyways, and the only hurdle to recommending simple-nixos-mailserver is that most people are not familiar with nix… 😄

It’s a bit unconventional maybe, but I vote simple-nixos-mailserver - IF you are curious / willing to learn nix. It’s essentially just sanely configured dovecot, postfix, rspamd.

My config for those three combined is about 15 lines, and I have never had an issue with them. Slap on another 5-10 lines for Roundcube as a webmail client.

Since it’s Nix, everything is declarative, so should SOMETHING happen to the server, you can be up and running again super quickly, with the exact same setup.

Fail2ban allows you set different actions for different infringements, as well as multiple ones. So in addition to being put in a “local” jail, the offending IP also gets added to the cloudflare rules (? Is that what its called?) via their API. It’s a premade action called “cloudflare-token-multi”

We expose about a dozen services to the open web. Haven’t bothered with something like Authentik yet, just strong passwords.

We use a solid OPNSense Firewall config with rather fine-grained permissions to allow/forbid traffic to the respective VMs, between the VMs, between VMs and the NAS, and so on.

We also have a wireguard tunnel to home for all the services that don’t need to be available on the internet publicly. That one also allows access to the management interface of the firewall.

In OPNSense, you get quite good logging capabilities, should you suspect someone is trying to gain access, you’ll be able to read it from there.

I am also considering setting up Prometheus and Grafana for all our services, which could point out some anomalies, though that would not be the main usecase.

Lastly, I also have a server at a hoster for some stuff that is not practical to host at home. The hoster provided a very rudimentary firewall, so I’m using that to only open necessary ports, and then Fail2Ban to insta-ban IPs for a week on the first offense. Have also set it up so they get banned on Cloudflare’s side, so before another malicious request ever reaches me.

Have not had any issues, ever.

I am using both and this somehow made it to my phone, wtaf

Dang, oof

FWIW, Lidarr works the worst out of the arr stack for me too. I don’t know if there’s just not enough well indexed material in my sources or what, but yeah, not great.

If your entire experience with the arr stack has been Lidarr so far, give it another shot! Sonarr and Radarr work absolutely perfectly. It’s just such a nice feeling to open Jellyfin (or I guess Plex) on the TV and go “oh nice new episode is out!”

Might even be worth checking if https://github.com/NixOS/nixos-hardware has a straight-up fix for the issue.

Generally I agree with everyone else, Linux Mint is great.

However, if you really want to not worry at all, you could just buy a laptop from e.g. Tuxedo or System76. They come with Linux preinstalled (I think in the case of Tuxedo at least, you even have a choice of which Linux Distro?), and are guaranteed to have no hardware “difficulties” with Linux, i.e. even if you put another distro on it, you won’t encounter driver issues.

(Those have become very rare anyways, but do put a damper on the “Firsttime Linux Experience” if you do encounter them…)

Generally I agree with everyone else, Linux Mint is great.

However, if you really want to not worry at all, you could just buy a laptop from e.g. Tuxedo or System76. They come with Linux preinstalled (I think in the case of Tuxedo at least, you even have a choice of which Linux Distro?), and are guaranteed to have no hardware “difficulties” with Linux, i.e. even if you put another distro on it, you won’t encounter driver issues.

(Those have become very rare anyways, but do put a damper on the “Firsttime Linux Experience” if you do encounter them…)

Matrix does have stickers

As others have said, you can completely disable the stock launcher through ADB commands. At that point, if you hit home, you’ll be asked which app to perform that action with. Select your launcher, click “Always”, and done.

Dang that’s impressive

Or disappointing, Idk

Vikunja seems to check all your boxes

You can even just do Ctrl+A, Ctrl+C, Ctrl+V.

It somehow feels… Wrong, but it just works.

Thanks! Yep, same thought about the version checks. I’ll spin up a VM for now and see if that allows for suitable experimentation, otherwise fingers crossed I don’t brick the device.

The web-server thing is probably safer, agreed, but packaging my own update is just so much more tempting… :D

Oh whoops I thought you were 0v0 🤦🏼‍♀️ Thanks anyways though :D

Hey, thanks, but that’s the A5x, a newer Android tablet. Different hard and software

Fantastic.

Since the zip also includes a bunch of shell scripts, I think it’s possible I could also just install ssh directly - but the image will certainly make experimenting in a VM the safer option until something works out… ^^

Oh man, I can’t wait to get home from work on Friday (currently stuck on the other side of the country 🫠)

Edit: also, can I somehow buy you a beer/coffee somewhere?