I have both running right now. Mint on my laptop and media server. Debian only because it was previously required for Home Assistant support, (support which they’ve now dropped.)

Both distros are extraordinarily reliable, but I much prefer Mint. Debian is more focused on security and some of the design choices focus on that over usability. My LAN is completely locked down and only accessible via Wireguard and the physical systems are only accessible to me, so IDK how much better security it provides in my situation. Mint has every package I’ve ever needed prebuilt while I have had to build some packages for Debian.

Bottom line: As much as I like Mint, for me there is not sufficient reason to switch from Debian to Mint or visa-versa, but if I were installing from scratch I’d choose Mint every time.

Nomachine with local & Wireguard access only.

I think Anydesk can be trusted as much as any company. They did notify users when a breach occurred a couple of years ago. By contrast Teamviewer was hacked and blamed their customer’s “password reuse” for years before finally admitting they had a breach. The company cannot be trusted.

I use Anydesk occasionally to help friends but never leave it running if it’s not actively in use.

The battery limiting capability was an absolute requirement and I also ended up with a Dell. Having a display and keyboard always available is also great for some tasks.

I had a similar failure while I was out of the country for a month. My Raspberry Pi didn’t come back after a power blink. Home Assistant, Wireguard tunnels, security cameras, Jellyfin, Syncthing backup and DNS all failed until I returned. After looking at possible solutions I ruled out buying redundant hardware because of the cost, and more importantly the time and complexity of implementing and maintaining everything.

Instead I bought a small, relatively inexpensive laptop and a router with plenty of processing power and memory. I moved my Wireguard endpoints, DHCP and DNS server to the router and everything else to the laptop and disconnected my UPS completely.

If the router is up, WG connectivity, DNS, DHCP and wifi are up. The router does reset on power failure, but my ISP has no local power backup so Internet is out until power is restored anyway.

This laptop loafs along at 10 watts and costs about $2 per month to operate despite our high electric rates. My old UPS drew 75 watts most of the time even when there was nothing plugged in and cost more than $16/month to run. The laptop’s battery is firmware limited to a 70% charge so the battery will last years without degrading and making other battery issues unlikely. It provides 7 hours of operation if power fails compared to an optimistic 20 minutes for the UPS. Power blinks (and there have been plenty) have no effect on the laptop at all.

I’ve been happy with this configuration. It has worked flawlessly for almost 2 years.

You got a year? Ubuntu must be improving! I’d typically get 2-4 months and then have to spend hours troubleshooting to get something working again. I can’t remember the last time that happened to one of my Mint installations.

You aren’t alone having stability problems with Ubuntu. As much as I like the OS, my Ubuntu installs always broke and required troubleshooting at some point. Right now I only have Ubuntu installed on a bootable USB ssd that I use for backups and other disk operations, but even on that the desktop crashes regularly.

I eventually got tired exploring different distos and switched back to Mint. It’s been running with regular updates and upgrades on my desktop PC for 5 years and 3 on my laptop. I’ve had very few problems. Debian has been just as stable on my server.

I’m no security expert and my biggest concern with self-hosting is making a configuration error in the OS or some app, or missing a critical update that allows someone access to my personal data. In order to reduce the attack surface and management requirements my network can only be accessed through Wireguard. The random open WG ports do not respond to unauthenticated packets, so someone would have to have access to my configurations to be able to get past my firewall, at least in the absence of some yet unknown vulnerability. Of course that won’t prevent mistakes being made on PCs (especially Windows) but it’s one less thing to worry about.

Wireguard clients on our PCs and phones make connecting and accessing media and files a breeze. There are no third parties involved so enshittification by some company’s security breach or sudden monthly fee isn’t going to happen.

I have a Bosgame mini-PC that is completely inaudible unless you get close to it. Power draw is <15 watts under light load meaning that even with the high electricity rates where I live it costs less than $3.50 a month to operate. I’ve avoided hard drives because I don’t want to listen to them whine, so no comment there. Two simultaneous 1080p Jellyfin streams increase CPU utilization by less than a percent and it still is under 5% with a couple of other Docker containers running.

Good luck setting everything up to your liking.

It’s also possible to configure Linux to automatically pause a Virtualbox VM when the window is not in focus so Windows doesn’t keep burning CPU cycles when not actually in use.

I’ve tried various methods to run a couple Windows programs I use occasionally and most reliable method I’ve found (without buying a commercial package like Crossover) is a VM. With a decent multi-core processor and enough memory the only downside I’ve found is it makes my laptop run warm.

Raspberry Pi OS is based on Debian. You should be able to do what you’re describing and more by enabling SSH even without changing the OS.

Assuming it’s a Pi 3, Wireguard will work on it, as will Syncthing (useful if you add an SSD) but the interface bandwidth is limited so it can be a bit slow. That may not be too much of a problem though. My cable Internet’s upload speed is limited to 20Mbps, and despite the limited bandwidth both Wireguard and Syncthing are surprisingly useful.

Started with it on a server but moved it to my Openwrt router. If the router’s up the tunnel’s up.

TMO has had IPV6 implemented for mobile devices for years. There’s no way they only implemented IPV4 on a home/business service that uses the same network and the same towers.

Does their current equipment (and yours) support IPV6? If so CGNAT won’t be involved.

Your WG network is a separate subnet. Add it to PAPERLESS_ALLOWED_HOSTS to allow access.

A few years ago I booted up Windows after months of exclusively using Linux. When I ran Windows Update it deleted and overwrote my Linux partition! This wasn’t a grub issue, my files were gone and even file recovery utilities couldn’t find much. Plenty of others have experienced the same thing.

This is still happening and is unquestionably pure maliciousness on Microsoft part.

not that any of this is doable in the near future, since i’m behind cgnat and won’t get my colocated bounce server up until spring.

Doesn’t IPV6 allow direct external access even when cgnat is in use for IPV4?

When I was running a mesh topology I often had the same issue. Switching to a star topology fixed pretty much everything.

I’ve been using Syncthing for years and it’s been almost flawless with only rare file sync errors that are clearly shown in the UI. Was going to switch to Nextcloud for everything. Looks like I’ll be sticking with Syncthing for the foreseeable future.

Thanks for posting this.

Google Safe Browsing looks to be have been built without consideration for open-source or self-hosted software.

IMO Google Save Browsing was built with consideration for open-source and self-hosted software, but it has nothing to do with user safety, just like blocking Android apps from 3rd party sites has nothing to do with user safety. The harder they make it to move away from their products by making using alternatives difficult, the more money they make and money is now the only objective. Even if this only adds a fraction of a fraction of a percent to their profit it’s something Google will implement.

The old social contract of businesses being of benefit to the community as a whole in addition to making a profit is long gone.

Yes. I had them blocked via my firewall because of the constant traffic they generated and blocking Internet access causes constant bulb resets. The resets are known to TP-Link and according to a couple of sources they created a private firmware release that fixed it. TP-Link failed to publically release that firmware, and last time I checked deny it ever existed. I replaced the bulbs with 3rd Reality Zigbee bulbs that work perfectly.