@raph Thanks for your feedback.
To clarify some of the questions you've raised here:
I will test this and create a bug report to see what can be done there. I, myself, am not certain what restrictions we can place in the Ubuntu installer regarding valid usernames, but if there is a way to prevent that from happening, we'll see what we can do.
SSH is only listening on the host interface. This interface should be on a trusted private network. Of course it is best practice to change the default password immediately, but there are very few reasons that this interface should be exposed to the internet at any time, let alone on first install and boot up. Of course, it is always an option to use a VM console, VGA, or serial connection to access the system prior to connecting it to the local network in order to change the password.
The Home+Lab evaluation ISO can be downloaded by placing a $0 order in the Netgate shop here: https://shop.netgate.com/products/tnsr-software-subscription
The upgrade documentation accounts for several scenarios that may be applicable to different TNSR users. For example, in-place upgrades of TNSR related packages are not applicable to Home+Lab users because a paid subscription is required, but the base operating system can be upgraded. Alternatively, some users may manage a single TNSR instance via the TNSR CLI, while others appreciate scripts to be executed via the REST API. Given the wide range of TNSR use-cases, various upgrade scenarios must be accounted for. While we always strive to keep the documentation as clear as possible, we appreciate your feedback and will look into whether there are any ways to improve. Please feel free to continue to provide any suggestions/feedback.
Thanks again for your input and for being a TNSR user. We are committed to making the TNSR experience as smooth as possible, and feedback like yours goes a long way towards that goal.