The Cinnamon desktop is pretty awesome, though, but you can just install it on another Debian district.

Checkout Remote Desktop Manager from Devolutions. It let’s you do pretty much any type of remote connection you need to do, and can even do things like start your VPN for you before accessing a remote resource.

Huh? Libre is available on Windows.

With a static route and firewall rule you should be able to keep HA on your personal subnet, then.

Basically tell the IoT subnet how to get to the personal subnet, then have the firewall drop all traffic from the IoT subnet that isn’t going to the HA server (assuming you’re wanting to prevent the IoT devices from calling home). You might need to put in exceptions for devices that require a cloud account to work, though.

But don’t take my word for gospel, because it’s been a hit minute since I got my CCNP, and I don’t configure network hardware in my career (although I’m learning again since I’m switching to MikroTik network hardware).

I’m not super familiar with PF sense, but there should be guides out there.

If you’re not isolating the subnets, then you don’t really need separate subnets.

All I did was put my home on a /16 subnet and gave each room in the house 256 IPs (my old router turned AP wouldn’t allow me to have a non-standard subnet).

If you are isolating the subnets, then you need to set up your firewall to only allow your HA instance to access your private subnet. You might need to program in a static route as well, but your router might do that out of the box.