Roles in authentik are for permissions in authentik. You want a group instead. Group memberships are send via OIDC.

I’m not sure if you’ve ever had a public project, but for most people, be it YouTube, twitch, github, whatever, its not so easy. Negative comments grate on you, and, over time, can really take a toll.

William Osman interviewed a bunch or creators about this: https://youtu.be/DVCpKfedfok

Its not as easy as to call people out. Some people go great lengths out of spite, doxx you, send you death threats… Is it really worth it? Not that a “fuck off” will work anyway.

You say people will join you but they really don’t. The reality is there are a ton of crucial open source projects being run by one person on the edge of burnout. See curl, xy, etc.

Money absolutely would help and I wish the EU would put additional funding into this.

I would put truenas on the NAS, also put a VM on truenas with 16-24G of RAM.

Create a kubernetes or docker swarm cluster with server 1 and the nas vm and just have everything as containers. This way you just have one resource pool, and the containers will be started wherever there are enough resources available. The containers will mount NFS shares from truenas which truenas will create automatically as ZFS datasets. ZFS supports snapshots.

This is probably the way, because a traditional “mail server” is actually 4-5 different servers working together.

• postfix for SMTP
• dovecot for IMAP
• amavis to plug in…
• spamassassin as anti spam
• clam-av as antivirus

And they can all be very easily misconfigured to break everything completely. Great learning experience though.

AES is already post quantum crypto so that sounds a bit marketingy.

Nextcloud has collabora integrated.

I would put this stuff behind VPN.

Seems weird to me, the router would need to do deep packet inspection of DNS and selectively block specific ones. It feels more like you’ve set up your DNS to do forwarding instead of resolution. Can you post a network diagram and the DNS config?

Do tcpdump host $server instead. Otherwise you will only see the request (the response goes to a different port).

Just to be sure you do dig A @server $domain (with the “A”) and can confirm the following

SERVER is your server

;; ANSWER SECTION is empty (or doesn’t exist)

;; AUTHORITY SECTION mentions your local DNS server

Also check

dig NS @server $domain

Is your server in the answer section?

Here is how I would diagnose (I’m assuming you have Linux / WSL on a client)

1. Check the DNS record is actually set (yes do it again)
2. Do these steps on the client:
3. dig $domain check which server answered
4. dig a $domain should give a record
5. dig a $domain @server to make sure you’re querying the right server

If none work, probably network issue (DNS boind to wrong IP, firewall, etc)

If 3 and 5 work but 4 doesn’t, your DNS isn’t authorative.

If only 5 works DNS settings on the client is wrong.

Thank you, I deleted my post so as to not share false info.

deleted by creator