I came here to say this! And the creator made winamp too!

I run freeipa internally, which handles all internal https certs (as well as nice things like handling non sudo auth so I can just ssh to machines from an already authed machine without a PW prompt, and doing ldaps for internal things that support it)

For external web, I have a single box running nginx as a reverse proxy thats web exposed. That nginx box has letsencrypt certs for the public web stuff. The nginx rp has the internal CA on it and will validate the internal https certs (no mullet SSL here!)

I also do different domains for internal vs external, but thats not a requirement for a setup like this

Rhasspy. Idk if rhasspy3 is out fully, but I would wait for that and then set it up. (I have began to see the home assistant side being released - its supposed to tie in a lot better than rhasspy2, and even brought the dev on to the HA project)

Doesn’t help for this (or the next) oil change… But look into a fujimoto drain plug. Its a mini ball valve that is spring loaded (so you have to press the leaver up before you can turn it… Also has a 2nd safety in the form of a plastic clip that prevents it from being pressed up). Makes oil changes so easy. For your bike, it might still be too recessed, but the valve has a hose barb on it too so you can direct the oil into the drain pan