• 0 Posts
  • 3 Comments
Joined 1 year ago
cake
Cake day: June 23rd, 2023

help-circle
  • This may be a long shot, but it’s what I do, so it might be an option: Set up a crypto gateway like CipherMail which will automatically decrypt inbound email and sign/encrypt outbound. The result is that your Thunderbird will never get to see an encrypted email, decryption is handled transparently before it hit’s your inbox. Obviously, if you don’t trust your email provider, this is not an option.

    This isn’t simple and hence not for everyone, also comes with dependencies on your email provider, but it works flawless for me ever since I set it up. I run my own email server, hence adding in CipherMail wasn’t a big deal.


  • Thomas@lemmy.zell-mbc.comtoSelfhosted@lemmy.world*Permanently Deleted*
    link
    fedilink
    English
    arrow-up
    22
    arrow-down
    2
    ·
    edit-2
    1 year ago

    You would expose the port to your host which makes the db acessible by anything running on the host, docker or native. Something like

    `port

    • 5432:5432 `

    But I would recommend running a dedicated db for each service. At least that’s what I do.

    • Simpler setup and therefore less error-prone
    • More secure because the db’s don’t need to be exposed
    • Easier to manage because I can independently upgrade, backup, move

    Isn’t the point about containers that you keep things which depend on each other together, eliminating dependencies? A single db would be a unecessary dependency in my view. What if one service requires a new version of MySQL, and another one does not yet support the new version?

    I also run all my databases via a bind mount

    `volume

    • ./data:/etc/postgres/data…`

    and each service in it’s own directory. E.g. /opt/docker/nextcloud

    That way I have everything which makes up a service contained in one folder. Easy to backup/restore, easy to move, and not the least, clean.