Security compromise as code.

Fully agree.

I am the only true warhammer fan. The rest of them are posers and/or tourists.

Oh I’m fully aware I’m just to lazy to set up jellyfin and navidrome quite yet.

I’d strongly recommend reverse proxy, some sort of security like crowd sec or fail2ban and sperate auth (authelia, aithentik) in front of anything you’re opening to the internet. Just opening services directly up to the internet is choice I’d politely describe as brave.

Sure but this won’t work if you’re accessing services outside your network like OP is doing. You’re going to need publicly available DNS records somewhere to do that.

I don’t believe pihole functions as an authorative DNS server though. Something like technetium does and they could be used as the nameservers for a domain while still offering all the same adblocking functionality that pihole does.

Though pihole could work of you were relying on a VPN to access your stuff remotely.

Got a crappy job working at a shop to fund my then excessive partying regime of lots of drink and drugs with my mates. Was good times.

What’s you use case here? If you just need more ports for data drives and have a free pcie slot a used SAS HBA cards and use breakout cables to give you a bunch more data ports. These are very durable cards.

The same nerve also exists in giraffes and does the same thing so it is consequently fucking massive.

Love seeing this second rate Tony Blair playing the hits. Do the one where we invade a country for no reason next!

Ah gotcha. See if if your raid controller can be flashed/switched to IT mode(HP might call it something else) as then you won’t have to deal with the raid controller’s raid settings and doing anything weird. Then you can just rely on snapraid to manage the drives.

When you say raid 0 on the data disks do you mean just having the disks present as single disks and not putting them into arrays? As seeing raid 0 and data storage makes me very nervous.

And yeah I’d take a disk out of your boot array and then that into a raid 1 so you can use the extra for storage/ redundancy elsewhere.

You know what? I’ll take it. At least there’s some positive there.

Alongside proton dB https://areweanticheatyet.com/ is also a good resource.

Caddy + crowd sec + some kind of auth solution is what I’m aiming for though I haven’t got authentik working with it yet so I haven’t opened it up yet. I wouldn’t want to do jellyfish without the auth solution though as there local stuff isn’t so robust.

VPN in and a few local users would be the most secure if you haven’t got too many folks connecting.

I’d avoid super short USB drives if you can as they tend just to be SD cards in disguise.

If possible for dB stuff I would recommend using actual drives as lots of reads and writes will very quickly wear out most removable storage devices.