Architecture Question
i recently bought the Minisforum MS-02 Ultra Intel 9 285HX barebone, so no RAM/SSD yet.
before i get that stuff, i have a few questions maybe y’all could help me out with. i know i want to run a headed desktop OS likely tumbleweed/leap/fedora kde, and on top of that i want a segmented lab for a small-form-factor corp architecture with 3 hosts i.e. ad dc, sql server, windows server running iis and kestrel etc. github for ci, azdo for cd (or ansible pull for a gitops feel if kubernetes is a bad choice for this env) to replicate a common corporate dev/prod environment.
i daily drive a separate macbook and should be able to use it as the control plane with ansible both within/outside of the local network with something like tailscale +windows app for rdp.
i want to secure this better. i dont want to expose my ssh, i want to go agentless as far as possible. i see yubikey as an option but what about when im outside of the network? maybe im super confused/missing something, but this isn’t going to work with the macbook control plane even if tailscale is setup correctly, right? i don’t want to require another appliance just for jumping hosts, i want to keep the HW minimal to just the MB and new Minisforum. so i thought some kind of azure bastion could be a relevant option but that just seems wrong too.
i’m obviously spinning my gears and need some guidance from you seasoned pros.