I personally prefer using public key encryption over passwords for ssh authentication. There’s no need to rely on third-party VPN providers (like ZeroTier or Tailscale) or hosting your own “vpn server” for that purpose as ssh trafic is already encrypted.

The drawback of following the route you suggested is that you have to operate yet another service that could be misconfigured, potentially causing you to lose access to your server. If you’re keen on further restricting access, consider whitelisting your static(!) IP address, the IP address ranges associated with your provider or the ranges assigned to your country for an additional layer of security.

Core performance boost is like inbuilt overclocking. When you disable it, you’ll get normal performance, and the temperature should be lower as well.

I’ve compiled a list of resources for someone else just getting started:

• https://github.com/awesome-selfhosted/awesome-selfhosted
• https://github.com/awesome-foss/awesome-sysadmin
• https://www.reddit.com/r/selfhosted
• https://www.reddit.com/r/homelab
• https://selfhosted.show/
• https://www.youtube.com/@RaspberryPiCloud <- german
• https://www.youtube.com/@TechnoTim
• https://www.youtube.com/@AndreasSpiess
• https://www.youtube.com/@bitlunislab
• https://www.youtube.com/@Level1Linux
• https://www.youtube.com/@LearnLinuxTV
• https://www.youtube.com/@WillieHowe
• https://www.youtube.com/@LAWRENCESYSTEMS
• https://www.youtube.com/@CrosstalkSolutions

I’ve been there with a bad power supply. The support team sent not just one, but two power supplies without asking too many questions. I hope it’ll be smoother for you.

I can only support that. This is what I am running for my small business as well and it’s been super smooth for roughly a year now! Especially self service and auto-registering based on domain names turned out to be really nice features (for a business). In my homelab I just enjoy having a nice ui.

https://github.com/zitadel/zitadel

https://zitadel.com/

I came from Authentik which was nice too but nowhere as feature rich as zitadel.

That’s the reason for rcf 4941. It randomises the host part of your IPv6 address.

https://datatracker.ietf.org/doc/html/rfc4941

Backups are easily done with virtual machines as well. Taking, moving and restoring such backups is in fact much easier than moving docker containers between hosts as you don’t have to differentiate between volumes and locally mounted directories for example. That being said, depending on the use case, containers can be a nice and lightweight solution to separate applications on a userspace level

This depends on the machine you have.

I would choose a hypervisor, if I had plenty of RAM (32 GB+) and CPU and wanted to have everything properly separated with the option to easily redo things, backup VMs and container, experiment with different setups and also wanted to learn new things. There are plenty of options. Proxmox might be the easiest to get started with and also to get help from the selfhosted community.

If I had limited resources, I would just use docker/docker-compose directly. It is more commonly used than lxc and doesn’t have the overhead of a VM.

Regarding safe and secure access: This is a rabbit hole.

I personally don’t use cloudflare, a lot of people do. Use a reverse proxy and generate a ssl certificate for all domains used. (Traefik, caddy, npm et cetera). Try to keep services up to date. Separate networks from each other. Think about which services you really have to expose publicly.