[jaster]

Aren't you worried about increasing the attack surface a lot for a machine directly accessible on the Internet?

I'm neither a network nor a security expert, but I would have thought that the router would be better running the minimum essential software only, and that the rest of that stuff would be better on other machine(s) on my local network. Especially since you have a VPN set up.

[mkup]

I run most of this software in LXC containers, which are exposed on the LAN side of the router only (and have separate IP address). If it's necessary to expose some service on the WAN side, then I must configure a WAN-to-LAN port forwarding. It's like running stuff on the Raspberry Pi, but CPU is faster, and there's no actual physical Raspberry Pi involved.