KaninchenSpeed

Writing this from PostmarketOS on the fp5, it does run, but getting mobile data to work is an adventure (at least with my isp). I haven't tried the WIP kernel to get the speaker working, the mic doesn't work at all currently, so only calling with a bluetooth headset. Battery life is a bit less than android. I'll probably dual boot with Ubuntu Touch or Lineage for the next while.

If your ok with the thickness of the fp5, then get it over the fp6. Linux and custom rom support is much better, also usb 3.

The performance drop from virtualizing nics shouldn't be nearly as big. How are you passing the vlans to the VM? are you passing all over one virtio nic or one virtio nic for each.

The setup I ran for multiple years was basicly a bridge interface on the host for each vlan and a seperate virtio nic to the opnsense VM for each, I got almost 10 gbit/s like that with 8gigs of ram for opnsense and 4 or 8 cores (I cant remember) with hyperthreading of a 2nd gen epyc. I didn't do any optimisations for virtio.

If you already have/can run a local server, then maybe storing the luks passphrase there and running a script on it which sshs into the remote server end enters the stored passphrase on command. Maybe a simple http server triggers it, which you could auth using forward auth of your reverse proxy, so you wouldnt need to implement auth in your script.

Of cause the passphrase is stored in plain text, but that will be the case in any case not using a tpm.

You could do notifications with a simple webhook of your favourite chat app, or by running a ntfy server (and app) and also sending the notification with a curl from a initrd script.

Nooo~

I'm currently running gnomes rdp server as a terminal server in a test VM. The rdp performance is so much better than x11 or wayland (with waypipe) forwarding for anything 3d.

Also you get gnomes login screen so you can do active directory/ldap login.

Changing servers is as simple as changing the server ip on the client.

Or if you want to move whole classes/users without user interaction, you can create a dns subdomain for that class/user which points to the correct server for that class/user, which you can change, of cause this only works if each class/user is only using one terminal server at a time.

I don't think sr-iov even officially in the drivers yet, I would give it a few months to mature. The performance is probably enough for 8 VMs with google earth tho, but you would probably need multiple for 30 people.

The intel arc pro b50 can do sr-iov according to wendell and its sub 500$

I've never used network manager on a server and don't understand your routing configuration, im assuming you have wg0 configured to have a default route (ip route list).

You should be able to connect a docker network to the vpn by using a macvlan insted of a bridge type network and set the parent interface of it to the wg0 interface.

docker network create -d macvlan \ --subnet=<internal vpn network>/24 \ --gateway=<gateway ip> \ -o parent=wg0 vpn-net

modified from the docker documentation

Probably also set an ip-range on the network to make the auto assigned ips not conflict with other wireguard nodes (see linked documentation).

Make sure the allowed ips in the wireguard configs are set correctly.

You can also do ipv6 like this, see the end of the linked documentation page.

Voltage drop probably isn't a problem here, because your sensor draws verry little power. If you can get POE for cheap then thats a better option.

Das ist also Carbon Capture mit Umwegen?

You could get a cheap usb a to c 2.0 cable, cut it and extend the wires with some 4 conductor J-YStY cable or what ever is common where you live. The sensor probably doesnt use enough power to cause a significant voltage drop.

Oder wenn Polizisten Datenabfragen aus privaten gründen machen