AlexanderESmith

Git

Nagios Core. Free, does all the things you listed.

Re-reading my own post, it occurs to me that if we really want a lot of people running their own email system, someone would need to basically document/automate the whole thing, make recommendations on providers, and figure out how to do the whole thing cheap and push-button. Get huge numbers of people running a semi-standard config so email services and RBL maintainers can get used to it and build up a tolerance (and processes) for dealing with it without being blockers.

I guess what I mean is that even a single user email system is a pain.

Want to send an email from one person to another? Stupid easy, I can do that with a single command.

Want to be able to send messages over long periods (years) to friends/family AND clients AND prospective employers (who are probably running their own email system) AND various businesses that you are trying to get support or services from? Well, okay, but the more messages you send, the more chances for some douche (or automated system) to report as spam because they think that anything other than @yahoo or @gmail is a hack-spam (I’ve had this happen, and had someone call me frantically telling me that my identity was stolen, and I had to tell them it was actually me; People are fucking stupid). And if you navigate all that, you still have to worry about your IP going wayward because you needed to change your infrastructure for some reason (switching regions, system types, whatever), and if that happens you basically start from scratch with an IP that might have had a shitty reputation (even if only due to range association).

And it’s not just needing to maintain your IP/domain/account reputation with dumb people/systems/lists. You also need to set up SPF and DKIM or you’ll be summarily rejected (even though SPF has fallen out of favor, some services still use it, or use both). One time config, sure, but not intuitive unless you work with systems all the time, and it’s just a matter of time before they introduce yet another secure email verification system that you need to jam into your DNS (or server, or header, or…).

So now you’re sending mail (probably), but you still have to receive it. More DNS configuration, and you have to make sure your email server never goes down, or you permanently miss any messages you might have gotten (yes, email systems are supposed to retry, but I’ve seen a LOT of admins at very recognizable names in email basically just retry for 15 minutes then dump the mail, rather than keeping their outbound queue backed up for multiple days).

And god help you if you set up multiple incoming servers, because now you have to deal with some kind of centralized storage, which itself also needs multiple nodes to avoid yet another SPOF. Again, not super hard by itself, but now you’re basically designing multi-tiered infrastructure, which you have to maintain and pay for. We’re definitely in for more than you’d end up paying for an email service, and that’s not counting your personal time at all (which even a single hour of is probably double the monthly cost of an email provider’s top tier offering, if you know how to manage all this crap).

TL;DR, you’re still not wrong that centralization is very, very bad, but if you actually care about people receiving your messages, and not missing any important incoming messages, it’s not easy to deal with. Not saying people shouldn’t try it, but they need to be ready for a mountain of headaches.

You’re not wrong about centralization being bad, but email is a pain in the ass at scale. Reputation, block lists, any downtime, client bullshit, infrastructure costs… about a hundred things can go wrong, and any one of them is a SPOF.

Email being hard is not a myth, and saying it is dismisses a ton of legitimate concerns.

To be clear; DevOps isn’t a role, it’s a methodology.

As for docker; Learn Linux fundamentals first. Docker is just automation, and it’s worthless if you don’t understand what you’re automating. Same goes for Ansible.

IaC is great, but there are too many people who don’t know what the hell their underlying infrastructure does, how different parts talk to reach other, or how to properly manage it, and trying to build a TON of it, hoping that’ll make up for it.

Bare metal (or a test VM treated as if it were bare metal) first. All other things later.

20 year seasoned admin here; Nevermind not being worth “free”, I wouldn’t use them if they literally paid me to.

Gitlab is a bloated mess. I don’t know anything about forgejo, but I’m hearing a lot of good things.

At any rate, you don’t need either of them. Learning how to host a raw git repo is extremely beneficial, even if you want to move to Github/Gitlab/Forgejo/etc later.

I have two labs; one on-prem (lol my home office) and one in AWS. Depending on what you’re doing and how “shiny” you want it to be, you can go pretty far in AWS for less than $50/mo (and a little less far for $20). And that comes with the added benefit of haing AWS skills for your resume.

For hosting on AWS, chose services that run well on nano/micro instances. For everything else, run it from home (network policies notwithstanding, see 3 paragraphs down).

Also AWS, if you’re setting up a VPC with proper private/public subnetting (and you really should), don’t use their NAT gateway. It’s WAY too expensive. I set up a NAT gateway on a T3.nano and it costs me $3.74/mo (theirs would have been like $35/mo, which would have blown half my AWS budget on just that). I don’t remember if I used this specific article as a guideline, but he did exactly what I did (specifically the iptables config), so I’m confident in pointing you to him.

As for on-prem; look into Beelink’s offerings. I just got two of their miniPCs ( specifically these ) for $150 total (on sale) and will be moving some of my heavier stuff (matrix, fediverse) from AWS to these. You don’t need these specific ones, check their store, it has a section for models on sale, find something you like and get it cheep.

Now, I know you can’t host anything on their network that would touch the Internet, but something like these would be great for self-hosting Plex/Jellyfin, or other services that are technically only local, but also still technically on the network (hell, you don’t even need their network; buy a second-hand Netgear router and make your own private network). Those mini-PCs would also be great for learning linux, since you said you can’t really run VMs. if you want to learn about general self-hosting (web services like Apache/nginx, get a little PHP or Python site going, etc) you can do that totally locally on your private network, and it’ll be the same experience as doing it in the cloud (except no one but you can see it, but hey, everyone needs a “dev” environment; Cloud can be “production” if you want an audience).

Hope this helps!

Everything in this reply is correct.

To add; You can’t run a business’ infrastructure from recommendations on a forum, most especially email. There’s a ton you’d need to learn about hardware, networking, DNS, email services (as in daemons that run ontl the server), and interoperability between your services and whoever is being communicated with (including RBL and other elements of sender reputation). If you’re not a full-time admin, even attempting to recommend an on-prem solution (of any kind/complexity) is an incredibly bad idea.

Source: I’m an admin for a living, specializing in internet facing systems and their security.

Source addendum: I have been offered a shitload of money to set up and maintain an in-house email system (in their case; setting up a mass email system akin to Sendgrid or AWS SES), and spent a significant amount of time describing to the offering party why it’s a terrible idea and they don’t want to deal with it. I know that in your case you’re talking about simple business email accounts, but it’s a comparable level of bullshit (just on a different scale).

I recommend that any business that needs infrastructure hire an admin, even if only an occasional contractor. Especially if they want to “keep it simple”.

It sounds like they’re just being cheap and asking their “computer friend” to provide free labor. There’s a reason people who do this kind of thing make a lot of money; Its a pain to set up, and it’s a pain to keep it running withiut being insecure or losing data due to [insert critical issue here].

Good enough for me. Just remember to keep us in mind 👍

I don’t have Windows on any of my gaming machines, so I can’t really use something that depends on it.

Now, if you also target Wine during unit tests as a compatible base system, I could get into that.

Always self-host anything you can (reasonably).

In this case, don’t self-host a password vault. Use a locally encrypted password storage app, and keep it in a self-hosted storage solution (which should also be encrypted).

People want to put too much shit online, opens you wide up for attempted hacking (especially if you use what everyone else uses).