Adding to this: doesn’t CAD usually want 3D acceleration? I would definitely try running the CAD software with the same VM configuration you plan to use in your Proxmox VPS first before progressing to make sure it (a works at all and b) is responsive enough. You could even try nesting Proxmox in Proxmox to emulate the kind of performance you’d had on a VPS.
SnipeIT just cares about serial numbers, models and manufacturers (you can just use a serial number in the asset tag section) for assets and I think consumables drop a bunch of those requirements. You might be able to put groceries under consumables? I’m less familiar with consumables in SnipeIT to be honest.
SnipeIT is really good and supports SSO including via LDAP.
They don’t need to be interested though. You could conceivably dump all the password you collect in an attack and just start trying them automatically like you would any other breach. Find a bunch of bank accounts and your chances you getting away with millions are high. Not to mention: a breach like this means changing all your saved passwords to re-secure them which is a multi-day affair.
Self-hosting removes the risk of somebody compromising Bitwarden’s servers and adding malicious javascript to send off your master password to a bad actor instead of just processing it locally like it’s designed to.
I don’t think ZFS can do anything for you if you have bad memory other than help in diagnosing. I’ve had two machines running ZFS where they had memory go bad and every disk in the pool showed data corruption errors for that write and so the data was unrecoverable. Memory was later confirmed to be the problem with a Memtest run.
What distro and version of that distro are you using? Did you install gpg from the repository or elsewhere? What version of gpg are you running?
If your domain will NEVER send e-mail out, you only really need and SPF record to tell other servers to drop e-mail FROM your domain. Even that’s somewhat optional. If you ever plan on sending ANY outbound (you should at very least for the occasional ticket) then do DKIM, DMARC and SPF. The more of these you do, the less likely e-mails FROM your domain are to be flagged as spam.
PatchLess