The Tunnel daemon creates an encrypted tunnel between your origin web server and Cloudflare’s nearest data center, all without opening any public inbound ports.

From https://www.cloudflare.com/products/tunnel/

The good news is that in order to exploit the new vulnerability, the attacker first has to obtain kernel level access to the system somehow - by exploiting some other vulnerabilities perhaps.

The bad news is once Sinkclose attack is performed, it can be hard to detect and mitigate: it can even survive an OS reinstall.

Focuses on garbage these days

Cloudflare tunnel is an option, you can even scrap your own nginx

Unless you’ve used something secure for formatting or wrote data to the SD after, consider attempting data recovery.

Speaking of Cloudflare, if you’re okay with not self hosting, then there’s Cloudflare Pages which is good for hosting static websites.

I think the minimap gets colored in red in such areas but I agree a better indicator or a hint could be nice.

In case of moonrise towers, if you just cross the bridge back to town you can long rest there and come back.

I’m running Arch on my RPI 4b+ and quite happy with it.

The installation was pretty simple IIRC - I did run into some issue with uboot which was easily solved by searching for the error on the internet.

Arch Linux ARM ships with a mainline aarch64 kernel and uboot by default, but if you are interested in running the RPI kernel and their boot loader, there’s a custom pacman repo and instruction on the forums: https://archlinuxarm.org/forum/viewtopic.php?t=16144

All in all I don’t think arch needs that much maintenance on a non-critical home server - just make sure to check for config updates every now and then and reboot after kernel upgrades.