Newer macOS is not Unix certified.

It’s UNIX 03 compliant https://en.m.wikipedia.org/wiki/Single_UNIX_Specification

One or two Linux distros were (are?) UNIX certified, though.

Haha yeah that was the counter example I was thinking of. I agree completely — you could make a Gentoo from source beginner distro, and I think you could make it reasonably “idiot proof,” but it would still be a bad user experience most likely (too much time spent compiling).

If your distro can’t be forked into a “beginner distro” then it’s fundamentally flawed IMHO.

To be clear, I’ve used Arch as my daily drivers for a while, and while it’s not the best fit for my needs (I use Debian mostly), there’s nothing that I experienced that was incompatible with a “beginner” distro.

You can also drop cache for debugging by running something like echo 3 | sudo tee /proc/sys/vm/drop-caches

But remember that the kernel knows best — this RAM will automatically be freed up when needed and you should never run this except for debugging (or maybe benchmarking).

I switched from raspberry pi and orange pi to a cheap Intel NUC, and I think it’s just a much nicer experience.

The pi is great fun, but the HW transcoding on a NUC “just works,” and the SSD and 16GB RAM opens a lot of doors. My N100 NUC was less than $150, and it included everything (case, power supply, 500GB SSD).

My pi found new life as an off-site backup: attach a big HDD, set up WireGuard, and have a cronjob do daily rsync and snapshots. I have it set up at in-laws, and it works great.

man rot13 ;)

I’ve been super happy with it. Knock on wood it’s been super reliable. I have a single ZFS drive, take snapshots with various retention policies, nothing fancy.

Another fun thing is to set up a reverse proxy on it as an endpoint for services on your local (home) network which can only be accessed by VPN. For example, my Jellyfin service isn’t public facing, but I didn’t want e.g. my parents to need to set up WireGuard. So instead they can point their TV to a raspberry pi on their network to access the service — even a first gen RPI can handle Jellyfin reverse proxy over WireGuard for moderate bitrates!

WireGuard, and an external HDD. Run at a remote location for off-site backup.

I do this with a raspberry pi 3 at the in-laws. I copied the data over locally before setting it up, and after that it’s just nightly incremental rsync, which is fine even over my slow (35Mbps) upload.

For very simple tasks you can usually blindly log in and run commands. I’ve done this with very simple tasks, e.g., rebooting or bringing up a network interface. It’s maybe not the smartest, but basically, just type root, the root password, and dhclient eth0 or whatever magic you need. No display required, unless you make a typo…

In your specific case, you could have a shell script that stops VMs and disables passthrough, so you just log in and invoke that script. Bonus points if you create a dedicated user with that script set as their shell (or just put in the appropriate dot rc file).

EulerOS, a Linux distro, was certified UNIX.

But OS X, macOS, and at least one Linux distro are/were UNIX certified.

IIRC Torvalds uses Fedora.

(Debian for me.)

Remote backup server would be my suggestion.

Configure it with a VPN to talk to your home network and set it up at a trusted friend’s or family’s place.

I do this with a raspberry pi and an external HDD that takes daily/weekly/monthly snapshots, with daily rsync. Works nicely for me.

I’m guessing it’s because the developers either have a different speciality that they focus on, are employed to support specific hardware, or both.

It’s mostly so that I can have SSL handled by nginx (and not per-service), and also for ease of hosting multiple services accessible via subdomains. So every service is its own subdomain.

Additionally, my internal network (as in, my physical LAN) does not have any port forwarding enabled — everything is over WireGuard to my VPS.

My method:

VPS with reverse proxy to my public facing services. This holds SSL certs, and communicates with home network through WireGuard link configured on my router.

Local computer with reverse proxy for all services. This also has SSL certs, and handles the same services as the VPS, so I can have local/LAN speeds. Additionally, it serves as a reverse proxy for all my private services, such as my router/switches/access point config pages, Jellyfin, etc.

No complaints, it mostly just works. I also have my router override DNS entries for my FQDN to resolve locally, so I use the same URL for accessing public services on my LAN.

Getting TLS certs will be complicated

I just use Let’s Encrypt with a wildcard domain — same certs for public and private facing domains. I’m sure this isn’t best practice, but it’s mostly just for me so I’m not too worried :)

Yeah I don’t expose Jellyfin over the Internet, so it doesn’t matter for me, and wouldn’t work at all over WAN (unless VPN’d to home network).

Also, it’s all reverse proxied, and there’s nothing preventing having two Jellyfin hostnames, e.g., jf-local.mydomain.com and jf-public.mydomain.com.

Another fun trick you can play is to use a private IP on your public DNS records. This is useful for Jellyfin on Chromecast for instance — it uses 8.8.8.8 for DNS lookup (and ignores your router settings), so it wants a fully qualified domain name. But it has no problem accessing local hosts, so long as it’s from 8.8.8.8’s record.