brewery

I think the car driving test now is actually quite good and can be difficult to pass but once you pass (potentially at 17) then that's it. There's no requirement to keep those skills up, learn about law changes, no further tests, just nothing. Accountants, doctors, lawyers, social workers etc are all required to keep up professional development annually and usually have to submit an annual declaration with a certain number audited. Driving a literal killing machine centimetres away from children needs nothing extra.

My suggestion would be the government and insurance companies develop an optional extra certificate like the pass plus but something you do regularly, needs you to pass tests under new laws, and to prove safe driving somehow. You pay for but it gives a discount on insurance to make up for it. I would go for this. I am hesitant about having a tracker on the car even though I drive very safely.

That's a huge part. A lot of people just can't put themselves in others shoes unfortunately

They have been given out tickets to speeding cyclists for a while now, at least according to a friend who cycles a lot, so I think it applies equally but is just exceptionally harder to enforce. You need multiple police officers physically stopping and giving tickets.

Before you go too far into it and spend lots of time, I think most VPS services let you installed a new OS on their admin site so you can start again from scratch. If you're not sure that is the right linux flavour, go for something else more mainstream so you can find lots of support online. Looking at the OS, I'm sure it might be good but I'm also sure you can install all the features very easily yourself, especially if it's just using docker mainly.

I second UFW. I found this guide useful: https://www.digitalocean.com/community/tutorials/ufw-essentials-common-firewall-rules-and-commands. You might want to try tailscale as others use it for easily setting up vpn access but not used it myself. Also go for fail2ban or, for more assurance but harder work, try crowdsec too.

You could also use cloudflare dns and add IP and/or country restrictions to block all traffic before it gets to your VPS. I have a country filter and it's crazy how many bots get blocked from all over!

I don't use the docker labels feature so it doesn't really matter to me but can see why you would want this to be implemented if you did. Hopefully they can figure it out.

I have a "local" version with every prod service on. It's only accessible on my home network with a pihole dns resolver. I just add the services manually to the services.yaml file, which doesn't take long at all. I then have a "remote" version which is a much smaller with only services accessible outside my home network and is behind nginx/authentication software/cloudflare. Again, it doesn't take long to add services really. Two different docker compose files, volumes with the settings, and ports makes it work fine for me. I guess depends how often you're adding services.

I have two homepages, one for local and the other for remote (behind nginx and my authentication software). I also have one on a vm i use for testing before deployment. They are different docker containers but don't see why you couldn't have separate ones given they are just websites.