I recommend libvirt + virt-manager as an alternative to hyper v.

The cool thing about virt manager is you can do it over ssh.

Would you use the cli?

One of the cool things I liked about calibre is that extensions worked via the cli interface as well, which made it easy to do batch workflows of operations on ebooks.

I just installed Ciliium (another Kubernets CNI), and it also comes with a host based firewall, and an observability tool.

I didn’t have Hubble (observability tool enabled), but I previously didn’t have a firewall, and I finally decided to enable it, which caused my ceph deployment to fail. This will help me figure out where it is failing and what rules are needed to remediate it.

Share your lsblk output. It’s likely that your system still leaves the bootloader unencrypted on the disk, even if the kernels and bootloader config are being encrypted (they aren’t encrypted by default on most installs).

It is theoretically possible to have only one partition that is luks encrypted, but this requires you to store the bootloader in the UEFI, and not all motherboards support this, so distros usually just install it to an unencrypted partition. The UEFI needs to be able to read an unencrypted bootloader from somewhere. That’s why it’s somewhat absurd to claim that the ESP can be encrypted, because it simply can’t.

From your link:

One difference is that the kernel and the initrd will be placed in the unencrypted ESP,