I really dislike the idea of “needs ring 0 = nothingburger”.
There’s plenty if ways to gain ring 0 access like a user to approving a UAC prompt… Or for an attacker to utilize any number of existing ring 0 escalation vulnerabilities on an unpatched system, or for a UAC bypass to be utilized, or for the attacker to establish a RAT on the system using a tech support scam or similar.
Difficult? Yes!
Only viable via a supply chain attack as some like to suggest? Absolutely not.
I often think that to myself as well to be honest. Originally, it was mostly because it’s the only “secure” system that I’m currently hosting and I wanted the ability to airgap it without taking the rest of my homelab offline.
I mostly use my homelab for tinkering/applying what I’m learning without breaking a production system at work so needless to say I’ve learned a lot since I originally deployed bitwarden… Now it’s just because I’m too lazy to spin a new vm and migrate everything.
Prefacing by saying my lab is severely breaking some a lot of best practices due to hardware availability limitations
Proxmox box (24GB DDR3, E3-1230)
Raspberry Pi 2B+
OptiPlex 7020 sff (8GB DDR3, i5-4590)
People that complain about forced diversity are complaining about diversity. No one is forcing excessive diversity on you.