Just use the defaults. It is much slower and CPU heavy but the end result is way better

Ansible honestly. You can use Ansible to report on facts. Outside of that you Aldo could use Telegraf+influxdb+grafana

Mautrix?

Neither honestly. However, I am also not really the unskilled user trying to self host

I don’t think you can with caddy

It would make more sense to sell a management service

Yes

However, it is better just to move all users to ldap

Fine, use Netbird or whatever else floats your boat.

Debian and occasionally rocky and fedora

It is all about risk management. What you are doing now is pretty solid. It might be easier to have them use a mesh VPN like netbird or tailscale

Wouldn’t you want at least some TCP?

The UI is cleaner

It uses UDP so I have my doubts

Can Wireguard to NAT traversal? Let’s say I have a publicly facing server A and then two devices B and C behind two separate nats. Can B reach C directly via hole punching by A?

Get someone with strong IT knowledge. Don’t try to do it yourself as it will backfire.

Compression?

Netbird is easier to use although it is a little less developed

I’m interested in Tinc but there isn’t a lot of documentation

K3s is lighter and less complex

FreeBSD isn’t going to have the same support as Linux.

Under Linux you could use Ceph or even garage object storage. There are plenty of other options. Maybe you could try to get Linux stuff working on BSD.

Alternatively you could setup a highly available NFS share.

I don’t “support” any company. I buy products that I need or want. If they are good I buy more.

$$$

Most Linux container runtimes have health checks build in

What are you trying to do? Debian is pretty solid but you also could go with Rocky Linux or tons of others. Heck, you could even buy a Red hat license if you felt like it for some reason.

I also am sometimes of a idiot

I don’t blame a lot of IT professionals for not wanting to self host. Especially if they are maintaining services for a living. When you do that same thing you do at work at home it gets very annoying quickly.

Honestly it would be really cool to see more self hosting in the farming space. I want to see a iot system that it run by the farmer.

Before we know it there will be a server room at each farm

I think you need to be at least somewhat technical

Wait, why wouldn’t they? They could wipe the entire disk if they so choose

I think it is likely an option on both Linode and Digital ocean

How so? They clearly say physical access is not in there threat model. If someone has root it is game over.

If you set it up incorrectly you can perform an attack called vlan hoping.

You also need to setup Firewall rules to properly isolate zones

Only if you don’t set it up correctly. You should set which devices are allowed to set which vlans and then make sure client devices aren’t authorized to send or receive tagged packets.

You then combine that with a firewall only needed traffic allowed.

Skip the TPM and secureboot as those are pretty useless

• SElinux

• monitoring

• proper containers (ideally rootless)

• separate accounts for each function and permission set. Your containers should run as a low privileged user

Don’t do one or two

Don’t do ZFS on ZFS. It will destroy performance.

I personally go for EXT4 as is solid and light weight. It is also somewhat resistant to power loss

Ufs seems weird to use outside of flash

My personal preference is Linode and maybe Azure

I don’t understand. Why would you store VM disks on NTFS? This isn’t a viable solution and you need to rethink your design. Also for guest filesystems I would go with ext4 as it has lower overhead while still being reasonably modern.