ZFS vdev expansion is a thing that will probably be added to the next ZFS release.

Ofc it is not released yet, so i would not recommend designing a system for it for the near future.

Then just go with debian+docker. As raid software i would recommend ZFS, its a filesystem that does both and also integrity on file level. (and lots more)

I personally would only buy new ones. No matter the brand just the best TB/€ you can get.

For MB basically every Chipset gives you 4 SATA ports. You could consider picking one that Supports unbuffered ECC memory but that is not a must. If you want to Hardware Transcode in Jellyfin, then Intel is probably your best since the dGPU with Quicksync is pretty good and well supported, otherwise i would go AMD.

For 4 drives you can use most ATX cases have no recommendations here.

• Truenas Scale - Comercial NAS OS. I bit of work to get started, but very stable once going.

• Unraid - Enthusiast focused NAS OS. Not as stable as Truenas, but easier to get started and a lot of community support.

Since OP wants to use Docker i would not recommend either. Trunas scale does not support it usefully and the implementation in Unraid is also weird. Also the main benefit of unraid is the mixing of drives, OP wants to raid.

Which instructions are you referring to? The instruction for OPTIONAL push notifications?

To not have to deploy software on the server. You can connect to any Linux Server you want and get that information.

Who the hell is pulling the docker-compise.yml automatically every release? I find myself already crazy by pulling the latest release but the compose file is just a disaster waiting to happen.

How do you even encrypt a server so that it doesn’t require human intervention every time it goes down/restarts?

The only time my Server goes down, is when i manually reboot it. So waiting a minute or two, to ssh into it and entering the passphrase is no inconvenience.

I use full disk encryption for every server (and other computers).

Encrypting your data drives is a must for everyone imho. Encrypting the OS is a must for me🤷‍♂️

Password protect your phone?

When a private key gets compromised just delete the public one from the allow list?

I am personally not a huge fan of unraid, but their new licenses seems based.

One time purchases are not a sustainable income source for long living and updated software products like unraid.

Since they (for now) keeping the ‘legacy licenses’, offer security patches for some time after the license ends and do not restrict access to the system after the license ends means they do not fully follow others like Plex to the enshitification.

If you choose not to extend your license, no problem. You still own the license and have full access to the OS.

If your license extension lapses (as in, you do not pay your annual fee), you can download patch releases within the same minor OS version that was available to you at the time of the lapse.

Someone knows what the official minor release cadences is?

Looks like they release a new minor release ~ every year. That means you in the most optimal case (ends on the day of the new minor release) your Unraid will be supported for 2 years after your license ends and in the worst case (ends day before minor release) 1 year after your license end.

Assuming they do keep their release timing.

Not too bad actually. Especially since you can purchase another year of support at any time, so you could basically get a 1 year license every 2 years and should be covert with security updates. (Assuming they do not change their release timing much)

I have a personal account. Backing up 3 computers and they’ve never said anything over years

Until you need to use the backup and the process is like shit. And takes weeks to months.

Would recommend dockge over portainer if you only need a web gui for docker-compose. Faster, snappier, compatible with cli, simple file structure etc.

You could just use syncthing to sync between devices. Works like a charm.

Disclaimer ⚠️ The project is under very active development. ⚠️ Expect bugs and breaking changes. ⚠️ Do not use the app as the only way to store your photos and videos. ⚠️ Always follow 3-2-1 backup plan for your precious photos and videos!

Yes project does not follow semantic versioning. But you can consider it it the 0.y.z state where it is even in the semantic versioning allowed to have breaking changes without major version increase.

Like it was already suggested, everything since intel 7th gen with quick sync should do the job for transcoding 4k hdr 10 bit releases, even the low tier i3 ones. You will also not need much ram for transcoding 8 should be fine, with a larger raid array go for 16 or above. When you watch stuff just once anyway, honestly you will not need much, a couple of TB should be more than enough. Not aware of any service that does automatic downloads based on a queue.

Tailscale would be the most “secure” as you have no ports open and only you can access it. Keep in mind your services will only be accessible by you along as all your devices connect to your tailscale instance. Sharing access is possible but will require some explanation.

Wireguard is another option, just as secure as the first option, it will need one port open but the port only responds if you are connecting with proper keys/authentication. Like tailscale you can only access your services if connected to your wireguard instance.

I disagree. Tailscale has a much higher attack surface since the network is controlled by a separate entity, tailscale. As on pure wireguard, you would need to first compromise one of your clients to get into the network.

Also tailscale is a much higher value target since you could compromise thousands of devices/networks/communication with ‘just’ compromising the vendors network.

When you use deduplication on the backup side you can do backups every minute without needing much storage. When the backup programm looks at the filesystem to determine which file has changed, the CPU only need to process the changed files.

For my personal devices i do daily backups. There is not enough change every day.

I started out with borg. Basically had no problems with it. Then i moved to Restic. For the past few years i am using it, i never experienced any issue with it. Can only recommend Restic.

I currently run a Netcup.eu VPS. Not doing heavy datatransfers with it but never had any problems in the past 3 years.

It boils all down to “centralized management”.

With that the DHCP server has control over anything. Reduces (or basically eliminates) the risk of IP collisions. Also it gives you a place where you get a overview over your network. You change the DNS Server? You do it onetime in the DHCP settings. Etc. Etc.

Would not recommend setting the static IP on the device. A much better solution is to set up a static lease in your DHCP Server.

In my experience the performance issue with NC is the default docker container. Bare metal + the aio or a slightly tuned stack for NC performs reliably and snappy enough for it to be usable.

The max Power consumption often does not matter on devices that run 24/7 more important is the idle powet consumption. Here are SBCs and ARM Chips in generell way better.

I had my Pi 3B+ down to under 5W on idle having various services running. I can not speek for newer Pi versions but i would estimate them still lower then 8W on idle. That is really hard to beat with an normal PC. Maybe the Mini PC with newer Mobile or integrated CPUs are getting in this region.

Not quite sure where you got the 37W for the HP Mini.

So is SSH

And yet it is more likely that tailscale get owned since the reward is much higher. I take my chances with my secured openssh server at port 22 vs a 3rd party company who controlls the access.