Let’s encrypt also don’t provide client certificates, or intermediates that allow you to sign them, which really is a shame.
Let’s encrypt also don’t provide client certificates, or intermediates that allow you to sign them, which really is a shame.
It can still prevent vectors of persistency.
That’s patently false.
Yes machinectl is the interface for nspawn
You can have a look at systemd-nspawn and machinectl actually. Sounds like exactly what you’re looking for :)
AppArmor or SELinux, OSSEC, TPM and SecureBoot boot chain.
What you want is bind views. You can configure bind to resolve different views for different segments allowing you to have the same (sub) domains to different ips
First off you should realize that the registrar’s and domain name servers don’t have to be the same. Feel free to use any registrar (ex: namecheap, gandi, etc) and host the domain name server anywhere else.
Secondly, if you want a good API for dynamic updates, I’d recommend looking for something that supports nsupdate
, which is bind’s built-in update mechanism. It’s supported almost everywhere, including by let’s encrypt clients like Lego.
Can’t believe no one has mentioned Inovelli yet. Developed with the community, with OTA support in Z2M, they are absolutely fantastic and incredibly flexible!
https://inovelli.com/ blue series
PCIe absolutely does support disconnecting devices. It is a hot swap bus, that’s how ExpressCard works. But it doesn’t mean that the board/uefi implements it correctly.
You should be good to go. Make sure vfio is loaded in the modules-load.d
vfio
vfio_iommu_type1
vfio_pci
vfio_virqfd
Make sure the module options are set correctly and the kernel module is blacklisted in /etc/modprobe.d/vfio.conf
options vfio-pci ids=1000:0097
blacklist MODULE_NAME
Make sure.IOMMU is enabled in your kernel command line (ex via grub): intel_iommu=on iommu=pt
This is probably not complete, but it should get you pretty far into allowing you to add the pci device in the hardware config of your vm
WordPress shop maybe?
Not sure about you latter point tbh. I run an email server, with nothing but grey listing and spamassassin and the amount of spam is absolutely minimal.
Proper config and fail2ban easily takes care of direct attacks.
Nevertheless, I wouldn’t recommend it to anyone but the most determined.
The domain won’t change that. Even with a static IP if it’s coming from an ISP owned up block you’re likely going to get banned. Even with reputable VPS’ it’s hard. Make sure you have DMARC, DKIM, and SPF setup, but even then almost certainly going to get banned. The big player are creating and inherent monopoly instead of improving their spam filters.
As you’ve mentioned, I highly recommend you look at Prosody for the server. It is by far the easiest, but also really really good. The only thing ejabber might be better at is for extremely large deployments with failover and load balancing.
XMPP doesn’t use sip, it has its own protocol for voice and video calls (called Jingles). All servers, afaik, support it. On the other hand, SIP/RTP servers such as FreeSwitch and Asterisk do support Jingle bridging!
OMEMO and GPG support is purely a client side thing, so server support is irrelevant. Though some servers can be configured to refuse to pass unencrypted messages.
With XMPP bridges are usually implemented as external components (a feature built-into the XMPP standard). Slidge franeworm seems to be the latest and greatest in terms of external bridges: https://sr.ht/~nicoco/slidge/ a WhatsApp bridge is built using it: https://git.sr.ht/~nicoco/slidge-whatsapp
Sounds like your problem could easily be solved with a symlink…
Also for externals see: https://stackoverflow.com/questions/571232/svnexternals-equivalent-in-git/18088319#18088319
Does it work in local only ?