I’d say switch vps providers, one with proper DDoS protection.

blocking regions can help but once the pipe is full there’s nothing much you can do from your side.

It all just depends on how much you trust the app, and how you’ve set up things when it does go wrong. Not every container needs to be able to access other containers on the system, lan, have access to whatever folder, read/write permissions, etc

A good practice for things like vaultwarden would be to only whitelist the country/state you’re in to minimize your attack profile

fail2ban or crowdsec can also help with all the rats sniffing around

You dont have to allocate the GPU to the container, if you do, you cant use it anywhere else. I’m running Jellyfin on Truenas scale and i’m passing the following enviroment variables for nvidia gpu transcoding. RUNTIME = nvidia NVIDIA_DRIVER_CAPABILITIES = all NVIDIA_VISIBLE_DEVICES = all

should be the same for plex.

encrypted Rsync to a free Backblaze account. be sure to test your backups tho

how are you doing your backups now? are you using the 3-2-1 backup strategy?