The first one also has better code coverage and way more pulls on Docker Hub.

This is common in rolling releases

Happened to me on Ubuntu with minor kernel updates including regressions lol

I went through the same process as you. They clarified the issue three days after release though https://pi-hole.net/blog/2025/02/21/v6-post-release-fixes-and-findings/#%3A~%3Atext=your local network.-%2CCustom%2Cconfigs+not+loading%2C-Sorry%2C+this+probably

I don’t know, I only play Sims 4 on the EA app and I read of people getting their EA account banned for playing multi-player games on Linux, so I did not even try.

I got both Steam and EA App versions running on my Steam Deck and desktop (the latter runs Bluefin). For the EA app I used Lutris, it works like a charm.

In addition to the BIOS settings, I had to create a systemd service that prevents Linux from disabling Wake-on-LAN on shutdown.

Yeah, I use Caddy for that, as I only use DNS-01 for local-only services.

I have been using BunkerWeb for the past 4 years and have been mostly happy with it. Its default settings are sometimes a bit agressive but you can change those globally or service per service.

I encrypted my professional laptop’s drive in order to prevent access to company data and code in case of theft. And I’ll probably encrypt my personal laptop as well because the SSH key can access company code.

As for the desktop, I didn’t and probably never will, because theft is less likely and that would be a pain to handle for nightly backups (it is turned on with Wake-on-LAN and then a cron backs up my home directory to my NAS).

Finally, I won’t encrypt my NAS as well for the same reason: it would quickly become a hassle as I would have to manually decrypt the drives every time it boots after a power outage.

This is anecdotal experience, but last time I left Wireguard on for an entire day and it accounted for 5% of battery usage that day.

I believe you swapped DoT (TLS, port 853) and DoH (HTTPS) in your message. I have yet to be in a network that restricts port 853, but if I could I would rather use DoH on Android.

I’m not familiar with Nextcloud, but from reading the How to use this? section of the README I believe you can run it behind a reverse proxy:

--publish 80:80 This means that port 80 of the container should get published on the host using port 80. It is used for getting valid certificates for the AIO interface if you want to use port 8443. It is not needed if you run AIO behind a web server or reverse proxy and can get removed in that case as you can simply use port 8080 for the AIO interface then.

(Emphasis mine, in “Explanation of the command”)

My understanding is you only have to forward traffic from the reverse proxy to the port 8080. It uses a self-signed certificate though, so you might check if the reverse proxy you are using checks certificates signatures for upstream servers.

It is possible, what you’re looking for is a reverse proxy: it’s an HTTP server that will listen to the standard ports for HTTP and HTTPS that will redirect traffic to the chosen service based on the domain name or URL.

In your case, every subdomain would point to your VPS’s IP and traffic that’s for mastodon.example.tld will be seemlesly proxied to your Mastodon container.

Do some research on Caddy or Nginx, and I strongly recommend you learn Docker Compose and Docker networking, it will help you make it easier to maintain everything.

PS: CNAME pointing to A record is the way to go. You can do it one better by having a CNAME entry for *.example.tld, so that you don’t have to create a CNAME entry for every new service you deploy, but you better make sure that your reverse proxy won’t proxy requests to an unexpected container when requesting a bogus subdomain.

If I understand correctly, it’s just a fancy donation?