When you have it built, throw it in a container and run it in Lambda. You'll be able to run it anywhere if you package as a container.

No. Just change the location.

Here is a decision tree for NPR's best scifi/fantasy books. I just started crossing these out with the phone's image editor when I finish one.

I've been using Fleksy for years but there are some apps that don't work well with it. Notably, Connect for Lemmy. Backward swiping for deletes only does one word at a time and up/down swiping for managing autocorrect doesn't work either.

There are a few other apps with their own quirks as well. 90% of the time it's great though.

Mostly as kodi/plex front ends. I've set them up as a kubernetes cluster in the past but they didn't have enough ram to run my torrent client. Now I just use an old Thinkpad running talos.

I have a pair of SE215s that are basically the same.. I've had them for years.

I bought a Qudelix 5K and learned how to solder short replacement cables for them.. I just clip it to my shirt or bag or whatever. Since its LDAC you really can't tell the difference from using a wire either. It's a great setup actually.

It auto discovers machines/instances/VMs/containers in the mesh and figures out the secure routing on the fly. If you couldn't ensure a consistent IP from the home address it wouldn't matter.. The service mesh would work it out.

It is probably overkill for this project though.. Something to think about...

Istio is a service mesh. You basically run proxies on the vps and the rpi. The apps make calls to localhost and the proxy layer figures out the communication between each proxy.

Duck dns is just a dynamic dns service. It gives you a stable address even if you don't have a static ip.

This would be nice because I don't need a static ip and I don't have to leak my ip address.

How does the VPS know how to find your rpi?

Could you not just use something like duck dns on a cronjob and give out that url?

I would also need to figure out how to supply ejabberd with the correct certificates for the domain. Since it's running on a different computer than the reverse proxy, would I have to somehow copy the certificate over every time it has to be renewed?

Since the VPS is doing your TLS termination, you would need an encrypted tunnel of some sort. Have you considered something like Istio? That provides mTLS out of the box really.. I've never seen it for this kind of use case but I don't see why it wouldn't work.

What worries me about the "systemd does everything as a tightly integrated package" is the too-big-to-fail aspect.

It's been the default for ~10 years and it hasn't been an issue yet.. Even if it did "fail" the solution would never be to roll an entirely different init system. That would be absurd. If there is a bug, it gets patched.

I'd be worried that we're seeing a lot of configurations that can't be pulled apart piecemeal-- for example, if you need a feature not available in systemd

You can run services independently of systemd. There is no reason you couldn't have whatever feature you want and systemd at the same time.

you need to deactivate a systemd component due to an unfixed vulnerability.

When vulnerabilities are discovered there is disclosure to maintainers, a patch is released, and then an announcement is made publicly with the instructions on how to fix the problem. I've never seen an instance where the industry collectively says "There's a vulnerability here but we aren't going to fix it. Good luck!" Especially for such an important layer of the stack.. There's no way that is going to happen.

Same. Been using them for years and they've always been solid.

Same. I haven't used a Mac seriously since my 2004ish G5 power mac.. I've been on Linux pretty much exclusively for 20 years. My current job gave me a new apple silicon Macbook though and it's almost unbelievable how good of a machine that is. I think 90% of that comes down to the chip but still... The software is still mostly just fine but the chip is in a class of its own.