Polymaker polyterra. I especially love their army blue and black filament. They print nice and matte, and the colors print almost identical between their different colors. I always thought polymaker was a more expensive brand, but polyterra hits that 20usd/kg for pla price point that hatchbox and other budget filaments used to dominate
I run freeipa internally, which handles all internal https certs (as well as nice things like handling non sudo auth so I can just ssh to machines from an already authed machine without a PW prompt, and doing ldaps for internal things that support it)
For external web, I have a single box running nginx as a reverse proxy thats web exposed. That nginx box has letsencrypt certs for the public web stuff. The nginx rp has the internal CA on it and will validate the internal https certs (no mullet SSL here!)
I also do different domains for internal vs external, but thats not a requirement for a setup like this