I’m currently running gnomes rdp server as a terminal server in a test VM. The rdp performance is so much better than x11 or wayland (with waypipe) forwarding for anything 3d.

Also you get gnomes login screen so you can do active directory/ldap login.

Changing servers is as simple as changing the server ip on the client.

Or if you want to move whole classes/users without user interaction, you can create a dns subdomain for that class/user which points to the correct server for that class/user, which you can change, of cause this only works if each class/user is only using one terminal server at a time.

I don’t think sr-iov even officially in the drivers yet, I would give it a few months to mature. The performance is probably enough for 8 VMs with google earth tho, but you would probably need multiple for 30 people.

The intel arc pro b50 can do sr-iov according to wendell and its sub 500$

I’ve never used network manager on a server and don’t understand your routing configuration, im assuming you have wg0 configured to have a default route (ip route list).

You should be able to connect a docker network to the vpn by using a macvlan insted of a bridge type network and set the parent interface of it to the wg0 interface.

docker network create -d macvlan \ --subnet=<internal vpn network>/24 \ --gateway=<gateway ip> \ -o parent=wg0 vpn-net

modified from the docker documentation

Probably also set an ip-range on the network to make the auto assigned ips not conflict with other wireguard nodes (see linked documentation).

Make sure the allowed ips in the wireguard configs are set correctly.

You can also do ipv6 like this, see the end of the linked documentation page.

It shouldn’t even be able to run it, because the x permission bit is missing. As far as I know binaries can’t include icons on linux, so it would look different too.