They say it’s the breast, but they’re likely not fans of the motto either.

Divers wearing headphones? Regardless, I suspect that after a million years there won’t be much left of the headphones.

I use it for all of my external services. It’s just wireguard and traefik under the hood. I have no familiarity with bunkerweb, but pangolin integrates with crowdsec. Specifically it comes out of the box with traefik bouncer, but it is relatively straightforward to add the crowdsec firewall bouncer on the host machine which I have found to be adequate for my needs.

It’s not, though?

I use Pangolin (https://github.com/fosrl/pangolin)

Have you considered running Wireguard or Headscale instead of keeping SSH open? I don’t know how big an issue it is since you’ve changed the SSH port and use keys, but opening SSH in any respect freaks me out.