i have finally un-flared my cloud completely (and it only involved a 6 hour long dns rabbit hole, because I’m deranged enough to selfhost my own authoritative dns resolver and it took a bit to find one that fits my needs and then a while to get everything working correctly)

also, that somehow un-fucked outgoing networking on my matrix server?????

computers are inscrutable sometimes

as for the software stack, I initially wanted to use gravity (by the authentik dev), but turns out it just refuses to return TXT records longer than 255 bytes (like, yknow, DKIM) instead of splitting them up like a normal DNS server, so I went with powerdns+poweradmin instead, plus the rfc2136 ACME plugin for caddy

(that being said, I still have use cases that gravity would be a good fit for, so I’ll probs keep it around on a different port)