Inject Nextcloud secrets via environment variables
Few know that you can also configure Nextcloud via environment variables. With this possibility you can save the storage of passwords in the Nextcloud config.php.
Add two factor authentifcation (2FA) to paperless-ngx
Paperless-ngx does not support a second factor by default. However, with Authelia and a NGINX reverse proxy, this can be retrofitted.
Add 2FA in OPNsense NGINX reverse proxy
OPNsense version of NGINX supports "auth_request" only very limited. 2FA apps like Authelia as authentication provider are not possible behind OPNsense's NGINX version. Nevertheless, you do not have to do without 2FA completely.
Sandbox Systemd Units
What many do not know is that SystemD offers the possibility to restrict services and very easily displays the exposure level.