This is basically what i ended up doing in one year of experiments, building and rebuilding.

Proxmox with unpriviledged LXCs. The only VM runs OPNsense, isolates services into 3 different vlans: internal for LAN/VPN only services, external for a couple public websites I host, and auth for authelia and lldap. Only internal can reach the others always through a reverse proxy lxc, the other vlans are blocked in opnsense and can only reach outside internet for eventual updates or api calls. No services can reach the 192.168.1.0/24 subnet with all the home devices (no smart home stuff).

Bulk storage is on a 4x12TB raid z1 array. The NAS dataset can be accessed via a cockpit lxc, with samba, the only one that sits on my LAN. Some services (like forgejo, immich, paperless) use their own dataset on the same pool.

Apart from cockpit, only opnsense sits on my lan as well. All the lan devices pass through it+reverse proxy to reach the other services.

Snapshots and backups are handled with zfs_autobackup and proxmox backup server, which runs on the repurposed old server, on which i also backup a subset of important files.

oh, and at least for the home one: put a raspberry pi (or similar, maybe even nanoKVM) into your rack, and connect it. it’s awesome for maintenance. I have a rs232 connected pi and can control from bios, bootloader, shell of my proxmox.

I was eyeing the nanokvm, pcie version, for that exact reason. My Pi runs pihole, but is otherwise separated from the server.

every lxc runs in its own /30 subnet, only having the firewall local. There are a few bigger networks at home, iot (mainly wifi, client isolated), family for our laptops/tablets/mobils, guest network, tor-access wlan and other stuff

I was also looking at setting up a router/firewall with another minipc and a 2.5G pcie ethernet switch. Kinda long term project

I have never done this, but maybe you can try creating a torrent and sharing it with your friend, or using plain http/https with a download client lile jDownloader, so that it automatically resumes the download and handles errors

Control engineering student here. This is accurate and goes straight to the uni friends group chat. I love it.

No significant input lag, i use Xournal++ and in one semester for a single course i tend to make a single file of 120+ pages.

I use the integrated pen, which also slots into the chassis to recharge, but other pens that use the same wacom protocol also work, i use an HP one alongside the integrated one from time to time

I’m using EndeavourOS with Plasma on a Thinkpad L13 Yoga G4. A recent update fixed the ACPI message SW_TABLET_MODE, so now the device automatically disables the keyboard after a couple seconds of being flipped, and plasma switches to tablet mode automatically. From there, everything works with zero problems. I use it to take notes in uni and switch often from normal laptop work to tablet mode for note taking.

I didn’t notice exactly when it was fixed, but since I bought it and until some time ago there was a problem with I think an I2C device that prevented the switch, and I had to use a set of cobbled together scripts to manually do it

I mean, in the 50th anniversary Eleven mentions to Clara that working for UNIT is his job. I’d pass that honestly

Because the 1000 requests/10 minutes on my server are done by AmazonBot, mostly. Followed by ASNs from Huawei, Azure and the like.

I use Maalit (or is it Maliit? I can never recall). It works and has an extended symbols button, just like a mobile phone osk. It doesn’t have a proper configuration panel, it’s instead configured by gsettings or something, I have never actually tried. It also as a quirk with a swipe-down gestures that is used to disable it, and is sometimes activated accidentally by the palm of the hand. But apart from that, really nice experience overall.

I can recommended the latest KDE Plasma, I use it on my 2-in-1. Some quirks here and there, but very good in general, especially if yoh set up gestures to switch between workspaces. I also tried gnome but that was ages ago.

I use OpenTracks, but mostly for runs. But it can track simple walking though.

I too have this bug, on Tizen OS client. I H Have been procrastinating reporting it on github for ages now

I was actually quoting an episode of the thick of it:

Stewart: “are you an american or an american’t, Peter?” Peter: “What does that mean? It doesn’t mean anything, it’s not even a word”

“That doesn’t mean anything, it’s not even a word”

CAN WE GET MUCH LIGHTER

Sure, I’ll be happy to help

Is forward auth from reverse proxy supported in this fork? It isn’t mentioned in the README, so I assume it is not

E pensare che una volta queste idee da parte di zio paperone erano un monito e un’esagerazione

The documentation says what settings you need to enable for it to work. It also says that it takes the remote user in the X-Remote-User header. I use Authelia and it puts the remote user in the Remote-User instead, so i added a middleware to traefik that renames the header to the one expected by radicale. The only problem remaining is that radicale presents the auth page anyway, and you have to login with the same username as the auth header but with any password

I used both radicale and baikal. Both work great. Both support CalDAV and CardDAV, to sync with them you need thr davx5 app on android. I ended up going with radicale because it supports proxy authentication and I can use it with Authelia

Second this. Works really well in a stable distro like Proxmox. Unfortunately however the community is only on discord. With some other patches linked there you can also use the gpu both on the host and split in vGPUs for virtual machines at the same time. I used it for some time on Arch Linux host + Win10 VM for CAD. Worked fine, but frequent arch updates borked everything often. On proxmox I never had such problems.