Findmysec

If you can only use port 22 for multiple SSH endpoints (for example), then yes your going to need multiple IPs. Or Port-mapping as a compromise

In short, you need a reverse-proxy + traffic segregation with domain names (SNI).

I don't remember much about ingresses, but this can be super easy to set up with Gateway API (I'm looking at it right now).

Basically, you can set up sftp.my.domain/ssh to 192.168.1.40:22, sftp.my.domain/sftp to 192.168.1.40:121 (for example). Same with Forgejo, forgejo.my.domain/ssh will point to 192.168.1.50:22 and forgejo.my.domain/gui will point to 192.168.1.50:443.

The Gateway API will simply send it over to the right k8s service.

About your home network: I think you could in theory open up a DMZ and everything should work. I would personally use a cheap VPS as a VPN server and NAT all traffic through it. About traffic from your router maintaining the SNI, that's a different problem depending on your network setup. Yes, you'll have to deal with port-mapping because at the end of the day, even Gateway API is NodePort-esque when exposing traffic outside.

I'm assuming you don't own a phone /s

Needs to be compatible with said tablet, not always the case

Ah, I get it. Jabber/IRC over TOR for you

You'd receive traffic on IP:PORT, that's segregation right there. Slap on a DNS name for convenience.

I might have my MetalLB config lying around somewhere (it's super easy, I copied most of it from their website), I can probably paste it here if you'd like.

Exposing services publicly on the Internet is a L3-L4/L7 networking problem, unfortunately I don't know enough about your situation to comment.

Edit: the latter end of your post is correct. You could route to different end-points that way

Why do you need to self-host it if it's decentralized?

Use doom emacs

I used tmux extensively at home with a pimped out config. But then I started using it on servers at work which don't let me configure it, so I'm just using default keybindings now.

TBH something like ratpoison would be more of my thing if I ever switched to WMs except it's no longer maintained (sucks). I don't want to spend too much time configuring it though so bspwm is probably out of the running already. Do you think I'll like i3? I've heard people calling it bloat. Well I suppose if you're not using dwm/ratpoison you're OK with so called bloat anyway

You don't need to. It connects over TOR and has no back-end servers that it relies on. Briar and Simplex have forward secrecy and are the only two I would personally use

Simplex, Jabber, Briar?

I'm sure there's something over I2P too

Guys, please move to something using TOR/I2P. I've been saying it for a long time now, but clearnet services are just asking to be taken down.

Unfortunately for Europe though, the US has a massive incentive for something like TOR to function appropriately, because their military uses it too.