My method:

VPS with reverse proxy to my public facing services. This holds SSL certs, and communicates with home network through WireGuard link configured on my router.

Local computer with reverse proxy for all services. This also has SSL certs, and handles the same services as the VPS, so I can have local/LAN speeds. Additionally, it serves as a reverse proxy for all my private services, such as my router/switches/access point config pages, Jellyfin, etc.

No complaints, it mostly just works. I also have my router override DNS entries for my FQDN to resolve locally, so I use the same URL for accessing public services on my LAN.

The one I’ve heard replaces “brains” with “money.”

It can be daunting to get into the hobby, there are a ton of niches.

To start: where are you? I’m in the USA, so that’s where my experience is.

License: required to transmit on the ham bands; you can listen without a license.

Range: are you looking to talk to people in your city/region? If so, a cheap “walkie-talkie” style (called “HT” in the biz — best avoid “walkie-talkie”) is a good place to start. These VHF/UHF (very/ultra high frequency) radios are affordable — something from Baofeng(~$30) or similar will work just fine, though they are often looked down on (I have one — for the price, it’s great). You will have the most luck if there is an active ham scene in your area, in large part because they may have a repeater, which can greatly extend your range. Many regions will have scheduled “nets” where you just go around and chat.

If you’re looking for the ability to chat with folks on the other side of the world, you’ll want to look into HF (high frequency). This is much lower frequency, thus longer wavelength, than the handheld VHF/UHF HTs. So…the antennas take up a lot of space. Mine is 52 feet long, in the attic. And the radios are much more expensive (more like $1k new). ICOM 7300, Yaesu FT710 are popular entry level units (but you also need power supply, cables, and antenna).

That said: if you just want to listen to HF, the antenna doesn’t matter as much at all, and you can use an SDR (RTL-SDR probably works?) for listening. You can probably also find a used shortwave radio that covers some of the HF ham bands.

As a long-time Debian user, I’d have to throw my vote behind Slackware for the title of most UNIX-y, which is I guess a bit different from most Linux-y.

Debian got me through grad school, but Slack got me through undergrad on a hopelessly underpowered old ThinkPad — Volkerding is a legend, and Slack will always be dear to my heart.

This happened to me when Debian switched from SysV to systemd. I am not the only person who experienced this (e.g., https://bbs.archlinux.org/viewtopic.php?id=147478 ).

This is not to say the systemd behavior is wrong, but it essentially changed the behavior of fstab. Whether this is Debian’s fault, Arch’s fault (per the above link), systemd’s fault, or my fault is a fair question. But this committed that most egregious of sins per our Lord and Savior Torvalds — it broke my userspace.

My favorite was when the behavior of a USB drive in /etc/fstab went from “hmm it’s not plugged in at boot, I’ll let the user know” to “not plugged in? Abort! Abort! We can’t boot!”

This change over previous init behavior was especially fun on headless machines…

Getting TLS certs will be complicated

I just use Let’s Encrypt with a wildcard domain — same certs for public and private facing domains. I’m sure this isn’t best practice, but it’s mostly just for me so I’m not too worried :)

Yeah I don’t expose Jellyfin over the Internet, so it doesn’t matter for me, and wouldn’t work at all over WAN (unless VPN’d to home network).

Also, it’s all reverse proxied, and there’s nothing preventing having two Jellyfin hostnames, e.g., jf-local.mydomain.com and jf-public.mydomain.com.

Another fun trick you can play is to use a private IP on your public DNS records. This is useful for Jellyfin on Chromecast for instance — it uses 8.8.8.8 for DNS lookup (and ignores your router settings), so it wants a fully qualified domain name. But it has no problem accessing local hosts, so long as it’s from 8.8.8.8’s record.

I have set up local DNS entries (with Pi-Hole) to point to my srrver, but I don’t know if it possible to get certs for that, since it is not a real domain.

So long as your certs are for your fully qualified domain there’s no problem. I do this, as do many people — mydoman.com is fully qualified, but on my own network I override the DNS to the local address. Not a problem at all — DNS is tied to the hostname, not the IP.

I think you need to include energy cost in the preparation stage. Bread requires a hot oven, which is a real amount of electricity — it’s close to $0.40/kWh where I live. From this link it says that a bread maker uses only .36kWh, but an electric oven would be more like 1.6kWh. So bakita single loaf of bread, you end up with a not insubstantial fraction of the total cost going to heating the oven.

Of course, many bulk foods require heat, so it gets a little sticky this way. Oats/oatmeal probably wins out here, as you can just soak them overnight.

Just don’t try plugging it into a Raspberry Pi 5.

No data loss, but won’t work without changing your kernel. The other way around is much worse though — you can use an RPi5 to make a BTRFS drive which essentially only works on RPi5s.

https://en.m.wikipedia.org/wiki/Virtual_console

Right, that’s what the & exit is supposed to prevent, since it’s already logged out.

I did all of grad school with i3wm. And I spent a very, very long time in grad school…

I always ran startx & exit to prevent someone from VT switching to a logged in console if my screen was locked :)

Been a while but isn’t that very insecure? Gotta run startx & exit ;)

Any chance you have a DMZ set up on your router?

On your router, are there any settings specific to any host (other than the server maybe)? For example, a static IP or a port forwarded rule.

Do you have a VPN on the phones? Can you traceroute from your phone to the server and post that? (I like PingTools for Android.) You should have 1 hop (you -> server, nothing in between).

Can you verify that you are on the same wifi including same wifi channel? Phone on 5GHz but Linux box on 2.4GHz, for example.

Some mobile clients make it easy to accidentally downvote. I sometimes see that I accidentally downvoted a comment from time to time.

PingTools has been useful for me (though I mostly just use it for iperf).