Talk to a financial advisor. The moment I was making more money than i knew how to confidently manage myself, i talked to a financial advisor and it was one of the better decisions i’ve made. Now i know exactly what i can spend on what and still be saving what i need to.

Ansible or other IaC is a great choice. If your needs are real simple, like mine, i put Gitolite on one of my mini servers and i can push/pull from there over ssh.

I had almost the reverse with coffee. I always liked the smell of coffee but not really the taste. Then my family bought a Nespresso machine when i was in high school, and i started adding espresso shots to hot chocolate. Then i started occasionally making espresso shots and drinking them straight. Then several years later i found myself in a hotel for work, at 6am before a shift, and they automatically brought me black coffee. I took one sip and was like “oh i guess i like coffee now” and never looked back. Yep, regular old hotel breakfast coffee got me hooked.

Malware in the traditional sense, as in a malicious program that sneaks its way onto your machine and runs a dangerous payload, is far far more common on Linux machines with open ports acting as servers on the internet. And even then, I’d wager that’s less than 1% of the malware out there that specifically targets Windows simply due to market share. With that in mind, plain old Fedora will do just fine, especially if you leave SELinux enabled; many tutorials have you disable it if it interferes with apps/services you want to run, but they’re simply being lazy, working around SELinux can be obscure at times, but it’s still worth doing, and keeping it running rather than disabling it.

Malicious webpages and phishing attempts are more likely to cause you trouble on Linux, and the OS can only do so much to protect you there. Securing against those is more about vigilance and wisdom, which it sounds like you’ve got covered honestly!

I’m not sure I’m qualified to answer, you seem to know your security needs but i’ll ask anyway: what are you securing against and why? You listed your security goals, but not exactly why you need them and what you are defending against. Fair enough, but without knowing more details, I’d suggest looking at QubesOS, which specifically isolates apps into different virtual machines. You could also go with security-by-minimality, and roll your own environment with Arch or Alpine (even Gentoo if you really wanna go down the rabbit hole)

Security wasn’t the main concern in this particular case, the headache came from the fact that they were working in IP classes, and we were working in CIDRs (EC2 security groups, for example)

One of the startups I worked for did business with Ford. We needed info about their networks to get them connected to our service in AWS, and in the process we learned that they still use public IPs for everything. Every workstation, server, router, etc. connected to the internet from a public IP, no NAT and only protected by extremely complicated firewall rules. Their IT team must be in constant distress, or super defensive about their architecture haha

I have a lifetime subscription to Filen that I got a year or so ago and have been very happy with, much nicer than Proton Drive in my experience.