The Honeynet Project, related to the SANS Institute when I last checked, has a lot of resources on honeypots that are worth a look, if you haven’t already.

Yeah, the container I used requires your Steam ID as an environment variable.

That’s a really open-ended question. Depends purely upon your interests and appetite for risk, etc.

Might be worth looking at, from a Docker perspective:

• AdGuard Home (I think it’s better than Pi-Hole)
• Wireguard or similar. Great for reaching your services when away from home.
• Audiobookshelf. Audiobooks. There are good apps.
• Calibre-Web. Ebooks.
• RSS feed reader, for non-social media websites you visit. Plenty to choose from: FreshRSS, TT-RSS, Sismics, etc.
• Gitlab CE. If you’re a developer or can otherwise make use of version control.
• Gotify. Alerting on your containers. Has a good mobile app.
• Heimdall. A dashboard for everything you’re running.
• Komga. If you’re into manga. The best iOS app is meh, but the best Android app is awesome.
• Mealie. Recipe database.
• Paperless-ngx. Excellent for storing your PDFs and other digital life.
• PhotoPrism. Basically Google Photos.
• Portainer. Great for managing Docker containers/stacks.
• qBitTorrent. Guess what that’s for.
• SWAG with Authelia. SWAG does reverse proxying with a Let’s Encrypt certificate, and automatically renews it for you. Authelia provides MFA (Authy, Google Authenticator, etc) on top of it.
• Vikunja. Todoist or Toodledoo without having to pay for features.
• Wallabag. Basically Pocket.
• Watchtower. Automatically updates containers for you. Can exclude the ones you don’t want to update, etc.
• Webtrees. Family tree research, if that’s your thing.
• YouTransfer. Useful for sharing files without having to use Dropbox, etc.

I have in the past run a Valheim server and a VRising server, too. FWIW.

FWIW, I have an LG LED smart TV (2xHDMI, 1xDVB-S2, WiFi, NIC, etc) and it’s only been connected to my network once, for a post-purchase firmware update through my AdGuard Home. WiFi and Ethernet is disabled, and I use it with my Nvidia ShieldTV (Plex*, Netflix, ChromeCast, etc).

I won’t let it go online as I expect it already phones home if you let it, and don’t imagine LG will be able to resist ad injection into content, like Samsung and others do. So it’s an excellent quality dumb TV, which meets my needs perfectly.

*Plex Media Server runs on my NAS. The Shield and my mobile devices are Plex clients.

Exposed is the right term. Other than my Wireguard VPN port, everything I have exposed is HTTPS behind Authelia MFA and SWAG.

I’m tempted to switch Wireguard for Tailscale, as the level of logging with WG has always bothered me. Maybe one day.

I’ve had gitlab/gitlab-ce running on my NAS for 6+ months and it’s been reliable, mostly as a central repository and off-device backup. It has CI/CD and other capabilities (gitlab/gitlab-runner, etc), but I’ve not implemented them.

DNS-O-Matic (recommended by CloudFlare, among others) combined with SWAG and Authelia will handle dynamic DNS, reverse proxying, SSL certificates, and MFA. SWAG (nginx, Let’s Encrypt and Certbot) and Authelia (MFA) run nicely in a 2 container Docker stack.

Mine have been running for ~18 months on my NAS, though I have a fixed IP so no longer use a DDNS provider.