I agree with the general idea of what you're saying, but it's a slippery slope.
Most people I know personally would never take the effort to learn anything past the point of "Ask ChatGPT" when they have a problem. What happens when the model is wrong, or simply cannot solve the problem? Or maybe they have no network connection and cannot run something suitable locally?
At that level of coddling, then they might not even have the ability to find and open a man page, or edit a config file without a GUI. And that's a problem. It's not even Linux-specific. I went to school with "smart" computer science students who don't even understand file extensions or what a shortcut conceptually is.
What I'm getting at, is there needs to be some kind of balance, or people will just gradually become more useless.
For something like that, you'd want a VPS with 2-4 cores, 4 GB RAM, 80 GB SSD. Any less and you'll start to run into problems when adding bridges and stuff.
So, it's really a matter of what deals you can find in that bracket, and if you care about the geographical region it's hosted in. Usually https://lowendtalk.com/ is a good place to start looking at options.
I think what you have is fine, and wouldn't worry about it too much.
That said, I run unbound with pi-hole, directing the dns queries through a wireguard tunnel. It's a bit slower, but I do like having my own recursive DNS, especially with news that more and more services are implementing DNS level blocking.
Not a solution to your problem, but just wanted to let you know you can run multiple instances of qB side-by-side. Make a new profile directory and use the option --profile=
The primary reason free VPNs/proxies are not recommended is due to the high amount of abuse that flows through them. As a sysop, it's just easier to blanket ban all those IPs.
I have ethical concerns with your use of RiseUp as well. They are trying to offer a useful service to people on a donation basis, and you are funnelling a large amount of traffic through them.
Overall, it's good, but you need to know what exactly you're signing up for. The reality is that you can run a decentralized or centralized E2EE chat server, along with voice/video calling, without much effort. There are hiccups with the key exchange that suck, and metadata isn't really protected. It really comes down to if it meets your particular requirements.
My basic check is: Are there investors / vc people involved? If so, then it will inevitably enshittify. If not, then requires further investigation. OSI-approved open source is a big plus
Even when choosing what seems like good software, I think it's important to consider switching costs. How easily can you move to another solution, say the second pick, if things go south?
I believe the auto-detect is based on a geo-ip database. If you are connecting from a VPN or datacenter IP then I imagine you might have unexpected results.
I've been using Arch off and on for a long time, since it was horrible to install and updates did often break stuff. This is not the case now 🖖, and the Arch wiki is your friend.
Consider using btrfs with automated snapshots using yabsnap. It includes a configurable pacman hook in case something goes awry. Also just nice to have snapshots in case you accidentally delete a file or something.
Use paru, an AUR helper. Good for random things which may not be officially packaged. Expect to run into failures, and learn to diagnose them. Sometimes it's just a new dependency the packager missed. For both paru and pacman, clean the cache once in a while or automatically, or things will get out of hand.
Do the "manual" setup, at least the first time, so you have an idea what's going on. Don't forget to install essential stuff like iwd (if needed) when you do pacstrap, or else you might have to boot from live again to fix it. Once you're done, take care to follow the important post install steps, like setting up a user with sudo, a firewall, sshd, etc.
As for general setup, I've recently embraced systemd-networkd and systemd-resolved. Might be worth giving it a shot, since there is no default network manager like application. You can even convert all your wireguard client configs into networkd interfaces.
Best practice: Keep a personal log of various tweaks and things you've configured, and set up automated backups (more of general guidance).
You can also just copy your thunderbird profile directory, if it's the same OS, to a different system and it seems to just work. I did this to copy the whole setup and synced mails from desktop to laptop. I also tried this from Windows -> Linux and it did not like that, so I used the import profile feature and re-entered all the passwords.
I've used Ansible to deploy docker compose and it worked pretty well. You will have to do some learning if you aren't familiar with it, but I'd say it's worth it.
Mullvad doesn't have port forwarding, so that's going to be a factor.