Yeah, my plan will be to use a domain that I don’t actually use for my email to start with, make sure that I can reliably send and receive mail with it. Then add my normal email domain for sending-only to start, will just need to add it to my spf and dkim records. Once I test with that and verify that I can reliably send mail then I can fully switch things over.
Still trying to decide what do do about full disk encryption.
Thinking that maybe I can host a decryption key on private github repo, have the preboot environment use a local key to download the decryption key to ephemeral storage and use it to unlock the disk. This doesn’t make it truly secure because anyone with access to the boot partition could figure out what is happening and do it manually. but it would make it difficult enough that a bored sysadmin at the vps provider couldn’t just browse me data easily.
I’d really like it better if I could have it send me a push notification to my phone to authorize the unlock. Maybe I can set that up with how ever I decide to host the decryption key.
Yeah, my plan will be to use a domain that I don’t actually use for my email to start with, make sure that I can reliably send and receive mail with it. Then add my normal email domain for sending-only to start, will just need to add it to my spf and dkim records. Once I test with that and verify that I can reliably send mail then I can fully switch things over.
Still trying to decide what do do about full disk encryption.
Thinking that maybe I can host a decryption key on private github repo, have the preboot environment use a local key to download the decryption key to ephemeral storage and use it to unlock the disk. This doesn’t make it truly secure because anyone with access to the boot partition could figure out what is happening and do it manually. but it would make it difficult enough that a bored sysadmin at the vps provider couldn’t just browse me data easily.
I’d really like it better if I could have it send me a push notification to my phone to authorize the unlock. Maybe I can set that up with how ever I decide to host the decryption key.
If you’re email is going to be important / mission critical, let someone else host it.
yeah, I know. that why I want to do it.