Just SSH. Every public facing piece of software (I.e. a web interface) adds more complexity for misconfiguration or security vulnerabilities.

You can mount you remote filesystem locally and use your local file manager and text editors to manage most tasks. If you use ansible you can make changes to a local configuration and deploy the state to the server without needing to run anything special on the server side. It is especially effective if you also run docker.

And for monitoring I usually just have a tmux with btop running. Which is fine if you don’t need long term time series data, then you might want to look at influxdb/grafana - but even those I would run locally behind a firewall, with the server reporting the data to the database.

When I saw that there was a pihole update to a new major version I got so excited hoping it would finally support DoH or DoT - nope. So disappointed.

Sticking with Adguard then.

You should absolutely have web environment integrity. Your browser should not allow the website to do things that you don’t approve of, so the integrity of your computer can be ensured.

Wait, that’s not what they mean, is it? Oh no … 🙄

Yea, I feel like Google has this a bit backwards. As always, I like to turn the metaphor on it’s head. You’re not visiting a website, you’re inviting a website. You’re allowing the website to use your system resources, bandwidth, CPU cycles, etc. And what you do with your own system is none of the websites business. They can protect their business model on the server side, if they need to. But maybe they just need better business models.