Yes that’s why I suggested a alternative. Although wireguard is simpler to setup initially. Using proxy’s and exposing your service directly is simpler for the end user. Both are not difficult to do.

Its not hard to setup a proxy and use a full SSL cert. A little bit more complex but much simpler for the rest of the family.

Wireguard is also very simple to setup. This would allow you to share other services you host in the future in a secure way as well.

Installing jellyfin is as easy as setting up any self hosted thing though… Just use docker compose if you want simplicity.

Perhaps urbackup? She might not be the most pretty girl but works like s charm. It works on window, Linux and I do believe Mac as well.

I know you can run openwrt as a VM on a NAS. Might be a good solution for you. Theoreticaly you can use virtual interfaces and bridges on the NAS to use a single fysical network interface. But a second card will be the most easy option

Depends a little of how you set it up. But for the target system at least use some kind of raid/raidz. With ZFS you can do “zfs-send” perhaps? Or something like good old rsync would work to.

Be mindful to not set the H200 to passtrough mode. You need to flash the IT firmware to it for it to work properly.

For music. I use navidrome. It works a load better then jellyfin for this IMO. You can use the same file location for both jellyfin and navidrome if needed.

That is with any piece of software. their will always be some vulnerabilities that are very bad. so by your definition using any piece of software is a concern.

A load of those so called vulnerabilities are way overblown and in most cases require you to be logged in anyway.

Or a openwrt to make it L3

Can you elaborate why you think you need much more PCIe network cards? Technically you can do with 1 single LAN port with all your VLANs.

You configure the VLANs on the router then make a single trunk port to a switch. then have that switch divide the VLANs on the ports you desire. this can be a L2 switch.

What is holding you back in regards to VLANs?

Configure the firewall with a IP whitelist to only allow connections to ssh be made from your home IP.

Other then that, disable password logon for ssh and setup up key based authentication.

I don’t really agree with you here. If you take the time to set things up properly. And prepare for IF something would happen. Your fine. Been running a exposed jellyfin server for years now. Never hat a security issue. And even if I would, not much harm could be done anyway due to how it is setup.

How difficult can it be to just give someone a login? I don’t get the whole sharing jellyfin is difficult argument. It is just as easy as any online service 🤷‍♂️

Currently I run Talos on a VM on scale. I went with Truecharts. The plan for me is to run it on bare metal at some point.

If it gets the wife approval you know you are on to something

You can choose a slower train for scale. Go for the stable release or even the enterprise release. Update once in a few months or so.

I went with Talos OS for my apps after the mess from IX-systems and for the most part it has been set and forget.