That is with any piece of software. their will always be some vulnerabilities that are very bad. so by your definition using any piece of software is a concern.

A load of those so called vulnerabilities are way overblown and in most cases require you to be logged in anyway.

Or a openwrt to make it L3

Can you elaborate why you think you need much more PCIe network cards? Technically you can do with 1 single LAN port with all your VLANs.

You configure the VLANs on the router then make a single trunk port to a switch. then have that switch divide the VLANs on the ports you desire. this can be a L2 switch.

What is holding you back in regards to VLANs?

Configure the firewall with a IP whitelist to only allow connections to ssh be made from your home IP.

Other then that, disable password logon for ssh and setup up key based authentication.

I don’t really agree with you here. If you take the time to set things up properly. And prepare for IF something would happen. Your fine. Been running a exposed jellyfin server for years now. Never hat a security issue. And even if I would, not much harm could be done anyway due to how it is setup.

How difficult can it be to just give someone a login? I don’t get the whole sharing jellyfin is difficult argument. It is just as easy as any online service 🤷‍♂️

Currently I run Talos on a VM on scale. I went with Truecharts. The plan for me is to run it on bare metal at some point.

If it gets the wife approval you know you are on to something

You can choose a slower train for scale. Go for the stable release or even the enterprise release. Update once in a few months or so.

I went with Talos OS for my apps after the mess from IX-systems and for the most part it has been set and forget.

You can robably get about any server and make a NAS out of that.

Yes but be aware it is not simple to manage properly and probably requires a team to manage it well.

I personally use Borg to do automatic backups.

To simply running Kubernetes at least at home. Take a look at Talos OS. It is build for Kubernetes. But I totally agree it still isn’t for the faint of hard.

Kubernetes comes to mind for that

For devices like laptops and PCs. I use Urbackup to make backups.

For all the apps I host on Kubernetes I setup S3 backups to self hosted Minio.

In such a way that it checks the integrity of the files. Which a normal copy paste does not do. Rsync does this as well bdw.

I actually installed the app on top of a Eversolo DMP-A6 Works fairly well. although the UI is a bit small on it.

Yeah which frankly gets annoying fast when dealing with multiple users. As you need to remember the UIDs of all the users and match them potentially on all systems.

A solution to this problem is using active directory or if it is only for Linux devices FreeIPA. Which isn’t as bad as it sounds. It even simplifies it if you ask me. More centralized management. It is a onetime effort to setup correctly then just keeping it in check.