I have 4 6Tb HDDs which I got new from work: been running 24/7 for the last 6 years.

The 4Tb drives they replaced where running for the previous 10 years (bought new as well) and are still in a drawer, got replaced only for the opportunity to upgrade to 6tb.

If your refurbished last only 4 years, to be that is not a positive gain, you lost money. New drives should last 10 years in my personal (and debatable) experience. But I think those drives you bought will last more than 4 years.

Restic or Borg. For restic I use the great Backrest web GUI.

I mounted an USB drive to one of my OpenWRT access points and backup on that one.

Rclone or fuse can mount/access Google Drive and can be used as back end for your backup choice.

Simplest backup ever: restic/Borg on a folder on the same PC. Not very recommendable, but indeed a good starting point.

Zfs/brtfs seems a complex solution for a simple problem. True is that once you start eating you get hungrier so maybe worthwhile.

Their box is not going to play those videos, so AV1 is game.

Anyway software playback of AV1 is a thing, and works, you know.

I do it on daylight when my FV pumps out Wh…

A little bit day by day.

I have been hosting my mail server for over 10 years. You need to study dkim, dmark and all the other stuff, but it can be done indeed and its not scary at all.

If the price is right for you, go for it. You will run containers and or VMs, so doesn’t really matter what your bare metal is.

I would choose something where I can install Linux easily and nice and I am sure at the Mac mini price point you can build yourself an assembled mini-pc with beefer specs, but indeed it’s more work and hassle.

YMMV

Recode to AV1, free and open codec with a better compression and quality than 265.

Its future proof and more and more supported out of the box everywhere.

Either go tdarr, or check https://github.com/gardiol/media_fixer for a neat bash script capable of find and convert your videos automatically

I do. I find it very useful.

Is it safe? No idea, but its read only, so seems that they cannot operate on your bank account in any case. That feels safe enough for me.

LineageOS stock

Not a bad take per-se, but a bit condescending. While I agree and like the KISS paradigm, remember that no solution works at a lower complexity level of the problem itself.

So, define your problem clearly, find the simplest possible solution. Don’t overcomplicate, I agree, but don’t be fooled by false hopes.

Is it really simpler? Yes. Will it scale if I need it to? Maybe not, but will I really need for it to scale?

And so on.

I installed from fdroid, I expect it to be still available as far as it will work…

And I guess somebody will build and keep publishing it just not on google play, which is anyway a cesspool nowadays, so no big deal.

Nope!

Just wasted 3 days debugging an IP assigned to two devices… Not fun, don’t do it…

I think that proposing immich for every use case out there is not the correct answer.

As much as I like immich, this is not a good use case… iMHO.

All that? Well, I understand your point, but honestly I have more fun learning something new, and was really little work.

Anyway… Its an option too

No you don’t need two: in fact I have only unbound setup to do everything with one piece of software.

Better or worse? No idea, but it works and its one less piece that might fail.

I have a quite rich selfhosted stack, and DNS is indeed part of it.

For such a critical piece of infrastructure I didn’t needed a container, just installed Unbound and did some setup for ad blocking and internal DNS rules.

Here my setup: https://wiki.gardiol.org/doku.php?id=router:dhcp-dns

You could go with an independent pihole maybe, but that would double the chances of a hardware failure…

Using one device for everything might seem risky, but actually has less chances of failure ;)

Yes you need both 80 and 443 for certbot to work. Anyway having 80 to redirect to 443 is common and not a security risk.

Fellow Gentoo user! Kudos.

Well, here is the relevant part then, sorry if it was not clear:

• Jellyfin will not play well with reverse proxy auth. While the web interface can be put behind it, the API endpoints will need to be excluded from the authentication (IIRC there are some examples on the web) but the web part will stil force you to double login and canot identify the proxy auth passed down to it.
• Jellyfin do support OIDC providers such Authelia and it’s perfectly possible to link the two, in this case as i was pointing out, Jellyfin will still use it’s own authentication login window and user management, so the proxy does not need to be modified.

TLDR: proxy auth doesnt work with Jellyfin, OIDC yes and it bypassess proxy, so in both cases proxy will not be involved.

This is my jellyfin nginx setup: https://wiki.gardiol.org/doku.php?id=services:jellyfin#reverse-proxy_configuration

currently i don’t use any proxy related authentication because i need to find the time to work with the plugins in Jellyfin. I don’t have any chromecast, but i do regularly use the Android Jellyfin app just fine.

I expect, using the OIDC plugin in jellyfin, that Jellyfin will still manage the login via Authelia itself, so i do not expect much changes in NGINX config (except, maybe, adding the endpoints).