Just close 443 and use VPN with ACME DNS challenges for your certs. That'll help make it even more secure, nothing is fool proof though and a VPN is a good first step
If nobody votes 3rd party then we'll never have a 3rd party candidate that matters.
It's like bicycle infrastructure. Nobody wants to ride bikes on a highway, but you won't see bike riders until there's a trail somewhere for them to ride on. You can say it never matters and that there aren't any cyclists out there, but you're wrong. I think there's a lot of Americans looking for another party right now.
Just had an example of this working for me. Parsec only publishes a .deb file, and the flatpak is out of date / unmaintained. They don't have Nvidia decoding anywhere but Ubuntu. But with distrobox / boxbuddy I can get a fully-featured parsec install that runs on a distrobox. Works perfectly, and even has an application in my host application menu. It's bad ass
I believe bazzite is on btrfs by default. I just like the concept of a read only root filesystem. It helps make everything more stable so far for me personally
The root filesystem is immutable, not the entire filesystem. So when you do upgrades and things it's super easy to roll back and you never need to rebuild your entire OS if a package is messed up or something.
Tbh I'm not great at explaining it, I'd just look up a YouTube video for it.
It's awesome. The packages don't matter because you use distro box if there's not a flatpak that works already. I have an Ubuntu distro box for tools for things that don't work on fedora.
It uses ublueos for an immutable which is rock solid. Idk how to explain it well, but it's the only distro I want anymore.
If u do end up trying it and find a package that doesn't work, ping me and I'll get you a command you can run to do it
Just close 443 and use VPN with ACME DNS challenges for your certs. That'll help make it even more secure, nothing is fool proof though and a VPN is a good first step