Regardless, they are used to make adjudications. You can be the one to sink millions of dollars suing the feds after the Denny you a job.

Pocketbase supports oauth, do you expose adding custom providers (possibly in the .env.docker)? In line with the other guy, all my users are already setup elsewhere. It's increasingly a nonstarter to have a) a wasted identity provider and b) redo all this work for every new app.

Although it is a nice step up to have multi-user support at all.

If your pi is one of the old 32-bit processors, then no- linuxserver no longer supports that isa.

If you tunnel ssh over a tun device then there is no really difference except you obviously have to handle the routing yourself (as you noted). There are differences in the traffic signatures, but we're not trying to traverse the Great Firewall are we? SSH also adds overhead. SSH channels are resilient and exceptionally managed within SSH but they are still there and adding encapsulation over whatever it is you're trying to do.