Has someone experience running these as firewall preferably with package inspection and incoming Wireguard connections?

Sophos XG115 or XG105 seem to be quiet cheap on eBay

I'm looking for a cheap but futureproof way to run OPNsense at my place.

So I'm looking for a DSL modem capable of running at 300 Mbits and being able to run im bridge mode, it's fine if I buy it used I just couldn't find any good recommendations as FritzBox seems to not like running in bridge mode. Being able to flash something like OpenWRT on it is a bonus.

And on the other hand I'm looking for good recommendations for the OPNsense box. Should have enough power for Wireguard and package inspection. Used ist probably preferred

Thanks in advance :)

I'm looking for a vacuum robot preferably under 500€ and with a cleaning station. My main concern is that most robot vacuum providers seem to need to be connected to the internet. Are there any providers that either don't need that, where I can block the internet connection or any other way not getting a spy in my home? I'm fine with it if some work is needed

I followed this Guide to setup headscale with caddy. And tried to add Keycloak with this guide from the same guy.

Sadly my docker containers do not seem to be able to connect to the keycloak server. What happens is that if i try to download the openid configuration from the host (via wget) or from my local PC it just works. But the headscale server gets a timeout when trying to connect to the endpoint. When i use the internal docker name to connect to the keycloak container the connection works fine but then i get an error because its not the external url.

I experimented a bit and managed to reproduce the issue with a different container (running an ubuntu container and also getting a timeout when trying to download the config from keycloak). If i run the container with the host network i works just fine.

Does anyone know how to fix this?

PS: i also tried the example from the guide with gitea an its also the same problem

Update: I tried most suggestions and for some reason it just didn't work. My solution that is working now is that I bind the container ports to localhost only (by using p.e.: ports: -"127.0.0.1:4567:8080") and using the caddy server in host network mode. Now all containers can connect like expected and are working flawlessly. Thanks for all your suggestions :)

I've read a lot of recommendations for tailscale and am on my way to try it out myself. Do you use Tailscale in the "normal" way or do you host your own Headscale server (as I'm planning to do)? Any pros and cons?