In theory Incus and LXD by default will be slightly heavier than docker; they run a a lot more bare-metal services (ex. systemd) in container giving them more flexability and a VM like feel, which would 99% of the time be wasted resources in a docker container

They also dont have nearly as much ‘out of the box’ support as Docker/Podman might, especially for single process containers.

That being said docker used to run on lxc until not too long ago, so there’s still many similarities between the 2

Depending on your threat model incus/lxd won’t add too much security as they generally use the same background software as docker, leaving things kernel exploits as vulerable as just docker

Damn, I’m just repeating what ive heard but its weird the whole team isn’t doing as much moderating as one’d expect

(edit: might not be sole) Dev/moderator doesnt want a team but has some health issues presumably, so definitely can’t manage it themselves. This is just the aftermath of a couple months of that

KVM makes proxmox type 1

I haven’t spent much time tinkering with it but the plug-n-play xbox experience uses the joystick like a mouse cursor, not like the android-tv’s joystick to select menus - which is obviously sub par

Though this is more of a proxmox ease of use issue than docker, personally I swapped from it to pure debian server/host to run a similar manual setup with podman - so everything runs right on the host.

In theory I think you can achieve this with proxmox ssh’ing into the host and just treating it like a usual debian

Depends on the device, but on devices like android no.

I can’t say I’ve gone through with it myself, but in theory you could have a host somewhere connected to a VPN that you send a your tailscale traffic through as an exit node

Though if you have hairpin mode on your router/switch I believe it works, just most not bought specific for it don’t have the option

remminia is a client (I believe for rdp and vnc), but to host you’d need some type of server.

The best and fanciest today is sunshine but it requires some kind of gpu for encoding - so probably out of the question for an RPI

The next are all pretty similar, (I myself have most experience with vnc so I can attest to it): xrdp/rdp, vnc, and nx

Half of them try and create their own virtual desktop to stream, but so you probably want to stream a real desktop - x11vnc does a great job at this (and if anything has too many options)

Way too dependent on the setup, a container with absolutely no outside access theoretically just has the kernel, but usually we want to communicate with our docker images not just run them

I think it only works with pure gtk applications, so others just wont have the CLI option to launch

Just to clarify I’m talking about using it for only the virt-manager window, not the whole desktop

I actually did this and reccomend for a power user (for me it was proxmox didn’t quick enough implement virtio-fs), but in case you want a full proxmox like setup I got some recommendations:

• Use LXD-ui. Its a bit annoying with the certificates but gives a nice n easy to use ui (I was only able to figure out how to get this working with the snap, but I didn’t try too hard)

• Setup Virt manager through gtk Broadway. This one requires your own security implementations so definitely don’t just open it to the whole internet, but it allows you to manage VM’s in a browser intuitively.

• Setup ssh, vnc, sunshine, tailscale, a device local to the host you can connect to any number of remote desktop solutions you can cause it all likelyhood setting things up you will break a thing or 2 and it sucks having no access to your device

• Use syncthing or resilio sync to share files between a client and the host PC, saves a lot of time trying fancier stuff like rsync (can probably be used to setup multiple servers storage backup, in case of power outage or whatever but I personally only have 1 host)

Fabric has some amazing open source projects dedicated to performance.

Idk if any multithread it yet but its my current go to for low end systems

I’m not an expert but one could funnel all web traffic through a VPN if they needed right? Gaining possibly even more obscurity and shifting the trust to a company vs a small user

(relative whether that’s an upgrade or not in privacy)

I can imagine eventually but I don’t think that’ll be their prioritized focus for a bit, cause it doesn’t seem like it’d have a massive useage case

Maybe do some gtk Broadway funkyness if they feel like playing god and want browser access

If you want to really get into it, you can just hose a wireguard instance in a LXC then use iptables for all your routing.

Relies only on FOSS software and gives you a pretty high level of control, but obviously is less intuitive

Ngl proxmox would be your best bet then, especially for reliability and being able to forget about most of the linux background.

Qemu is what proxmox uses behind the scenes, but puts an easy to use webUI in front of everything, minus a couple less used/less stable features some power users like

Shit eh, my googling skills must be falling