I like named volumes, externally created, because they are less likely to be cleaned up without explicit deletion. There’s also a few occasions I need to jump into a volume to edit files but the regular container doesn’t have the tools I need so it’s easier to mount by name rather than hash value.

I haven’t used it nearly as much as VirtualBox but Boxes (flatpak) is definitely a breeze to use. It uses KVM under the hood I think. If your use cases are complicated it might abstract away too much though.

I did this and the fun thing about it is that your runner can access things inside your network that a regular GitLab runner can’t. I’ve used it to manage a k8s cluster that isn’t exposed to the Internet at all.

Ansible is nice but I’ll repeat (as I said in another thread) it’s kind of advanced and gives a much better return on investment if you manage several hosts, plan to switch hosts regularly, or plan to do regular rebuilds of the environment.

I don’t think I encrypt my drives and the main reason is it’s usually not a one-click process. I’m also not sure of the benefits from a personal perspective. If the government gets my drives I assume they’ll crack it in no time. If a hacker gets into my PC or a virus I’m assuming it will run while the drive is in an unencrypted state anyway. So I’m assuming it really only protects me from an unsophisticated attacker stealing my drive or machine.

Please educate me if I got this wrong.

Debian with XFCE works well on my old netbook (~15 yr old).