This is an interesting read, even if it is a few years old https://arstechnica.com/gadgets/2021/09/examining-btrfs-linuxs-perpetually-half-finished-filesystem/
I gave up on it in in 2016 and it sounded all the same back then too with too many people giving it a pass for unacceptable behavior. I don't think anything has really changed since.
It was fine for me too, right up to the point that it really wasn't.
I've been burned by btrfs before. Never again. It's not a good file system, especially for multi disk systems.
Yes you can do that. I do with opnsense. The username and passwd are not obvious though - they're probably not what you use to login to the ISP portal with.
Most ISPs will have a brief FAQ on how to use third party equipment with the basics of what settings are important for your connection. You just need to enter them in to pfsense correctly. Also, sometimes searching for "<ISP_name> pfsense" can find useful blogs and articles.
It'd be nice if email clients automatically checked for public keys for any email you enter in the To fields. With a nice prompt that keys have been found to Encrypt the message with. It doesnt sound too difficult and it could lead to much wider adoption of secure emails.
Unfortunately most people get their email free because companies like reading it and stopping that means it might become a paid for service. Something I'm happy to pay for, but many wouldn't be.
You can download the public key from the web interface. I then imported it in to gpg with a gpg --import public.asc and then used the above commands to generate the WKD structure.
No worries, I thought it was pretty interesting and I'd never heard of it before so thought I'd share.
The most difficult part for me was configuring nginx to properly serve the files. The gpg part was actually the easy bit.
There's 2 methods, one uses a subdomain and one doesn't. Without is called 'direct'. No special DNS entries required really. I have a wildcard subdomain entry which works for me. Just so long as the key is available over HTTPS using one method.
Building genuinely secure computer systems is incredibly difficult. You might even be in systems/software and be thinking "yeah it is hard", but to be really secure it's 1000x harder than that. So everything you use off the shelf from any vendor is a massive compromise and has holes in it. But on the other hand most people don't need really secure systems.
I've been using it for a few years. Really handy way if avoiding cooperate firewall rules.
How'd you set that up with Opnsense fail over? I have an opnsense VM with input straight from the ISPs FTTP box to the NIC on my server. So I can't fail over to my second proxmox box without swapping the cable over.
I just setup netboot.xyz this evening as an experiment. Is pretty cool.