You’re in Germany? I read about all the hurdles and just went with DIY because I didn’t want to deal with all that. Maybe in the future I will go the official route but even then I feel like it will be worse than what I currently have in terms of HRT.

Hm, okay, that does sound like the real client IP will get lost and every connection will appear to come from the proxy then. It would be good if that were passed somehow. My current setup adds the X-Forwarded-For header for example.

Oh interesting, I’ll have to look into that. Is this with that “proxy protocol” I’ve seen mentioned? If not, does this preserve it pass through the client socket address?

Tbf, technically data is still decrypted at the reverse proxy and then re-encrypted. So if someone manages to reconfigure the proxy or read its memory somehow they could read traffic in plain text.

However then since they have to control the VPS, they could also get a new cert for that domain (at least the way I’ve configured it) even if it was passed as is to the real host via a tunnel and read the plaintext data that way, so I don’t think a tunnel protects against anything.

If someone manages to get root (!) access on this VPS it’s over either way.

Yes, you can just use a reverse proxy for IPv4 only and point it to the IPv6 upstream. That is what I do, with a separate DNS record which then combines the two. See the DNS records for id.knifepoint.net (CNAME), http.vineta.knifepoint.net (AAAA, A) and vineta.knifepoint.net (AAAA).

The reverse proxy config and certificate management is set up with NixOS, if it helps: https://git.dblsaiko.net/systems/tree/nixos/defaults/v4proxy.nix https://git.dblsaiko.net/systems/tree/nixos/modules/sys2x/v4proxy.nix

Two different rDNS names, for stuff that uses it. For example if you want to run mail and an IRC bouncer under different domain names.

Tbh I haven’t had too many problems with Postfix – however it is certainly a footgun and it would be nice to have fewer parts to connect together, and better defaults. I might try it out, it looks interesting.

From its web page it sounds like it is both a MTA and MDA, has a built-in spam filter, plus has calendar, contacts and file storage. Do you know how it compares to my current setup of Postfix, Dovecot, and rspamd (and Nextcloud for the others)?

It’s a name that I saw online a handful of times and always thought was incredibly cool. Then came across it again recently trying to pick a name, while I was looking through related names, and it immediately became a top candidate. And it also works well in both German and English which is also something I wanted.

Ah! I was wondering actually! Auto-translator just kept it as man ting fang.

Yay ^_^

Yeah, the patch coming off is what I would be worried about as well, especially also when showering. Patches would be my top alternative because they also last a while but it’s just an extra thing to have to be careful about.

Congratulations on overcoming your needle phobia! :)

Ah, that sucks :(

Is there a reason not to do injections (unless you have bad enough fear of needles so that you can’t do it)? To me it seems to be by far the best option in every way (at least price, effectiveness, frequency of administration, convenience) and I see no reason to pick anything else. Not that I personally have much of an alternative anyway because I’m doing DIY right now.

Damn, yeah I heard people can be completely oblivious when they already know you for a long time. We’ll see!

I kinda want to wait long enough with my parents to a point where it has already become extremely obvious haha.

It sounds like you need a split DNS setup. systemd-resolved can do this for example. As soon as you need any sort of slightly more complex DNS setup using just resolv.conf isn’t going to cut it.

Ah okay, so you know some behind the scenes info or at least more than just this. My bad, but tbh you should have lead with that because initially I thought you completely misread what the text was saying because I pretty clearly read the queer mentions as “this is not just transphobic attacks by bigots” (see my other comment). Sorry!

There isn’t really, you can probably use sendmail as well. Postfix is just the MTA I’m used to and know can do all of this.

From what I’ve heard about sendmail’s config file, I personally wouldn’t want to use it specifically though…