Why post this anti-Semitic shit

You don’t need a protectli, even an old optiplex should be able to handle opnsense and/or a pi hole. You would just want to have 2+ NICS.

Or if it needs to be low powered there are definitely other options.

Look, I never said you were wrong man. Clearly you probably have a lot more experience than i do. Which is why I said what I said. Because I personally believe Proxmox is way easier for someone who is a casual like me. That’s all.

Edit: Also, though it doesn’t really matter, I don’t use LXC.

I’m going to disagree with this. I’ve setup everything in one Debian server before and it became unwieldy to keep in check when you’re trying new things, because you can end up with all kinds of dependencies and leftover files from shit that you didn’t like.

I’m sure this can be avoided with forethought and more so if you’re experienced with Debian, but I’m going to assume that OP is not some guru and is also interested in trying new things, and that’s why he’s asked this question.

Proxmox is perfectly fine. For many years I had an OMV VM for my file server and another server for my containers. If you don’t like what you’ve done it is much easier to just remove one VM doing one thing and switch to some other solution.

It seems cool but it’s just going to be a big headache man. I would just spin up a domain controller and maybe some workstations to play around with.

I would check out serverpartdeals as they’re pretty reputable. But for any used drive, I would make sure that you have a limited warranty or at least some sort of return policy. Once you get the drive, run badblocks on it, which will check for… bad blocks.

Looks like jellyfin has an api. I’m sure that could be leveraged. Just would need to have a way to send over api requests. You mentioned JavaScript, but I could see this being done in maybe DJango instead if you’re familiar with python. Though the learning curve for Django is a beast in itself imo

Seems like you could just make a simple web page for this.

.local is definitely local but it’s common for it to be used with mDNS primarily. To the second part of your question, yes that’s correct, since it will be reserved it will not be any public DNS server, even if it did look outside it wouldn’t find anything.

Sure. Though I’m not an expert on mDNS or anything. It stands for multi cast DNS. In a normal scenario, when your PC tries to connect to a local resource at its hostname it will use a local DNS server (or its own cache). It’s like a phone book. I know who I’m looking for, I just need to look in the phone book and see what their IP is. With mDNS there is no server. You’ll have a service that will plan to respond at a particular .local hostname, so like jellyfin.local (this is just an example, I don’t know if it has mDNS) but that isn’t registered on a server. Instead when your PC wants to reach jellyfin it will send a multi-cast to the other local devices and say “ok, I’m looking for some guy named jellyfin.local, which one of y’all is that?” And the jellyfin server will respond and say “yo what up, this is my ip address”

So anyway, that only works with .local addresses. You could use .local with a regular dns server, but then you may run into a conflict. So that would be the benefit of reserving .internal

If you want more confidence, run badblocks on the drives right after you get them. It will test the drive for any… bad blocks. Will take a while depending on your drive size.

.local is for mDNS addresses.

It’s for internal resources. You can really use whatever subdomain you want internally, but this decision would be to basically say to registrars, this TLD is reserved, we will never sell this TLD to anyone to use. That way you know that if you use it internally, there’s no way a whoopsie would happen where your DNS server finds a public record for this TLD.

I do the same. I just have it do a transcode job every Sunday.

I will provide a word of advice since you mentioned messiness. My original server was just one phyiscla host which I would install new stuff to. And then I started realizing that I would forget about stuff or that if I removed something later there may still be lingering related files or dependencies. Now I run all my apps in docker containers and use docker-compose for every single one. No more messiness or extra dependencies. If I try out an app and don’t like it, boom container deleted, end of story.

Extra benefit is that I have less to backup. I only need to backup the docker compose files themselves and whatever persistent volumes are mounted to each container.

I don’t have any answers to your questions, I would just like to mention that you can get complete images that do both of these things together. I use this one, but there apparently to be a bunch of different ones.

https://github.com/MarkusMcNugen/docker-qBittorrentvpn

Was very easy to setup.

I have been running OMV for years and it is super stable. I rarely have to go in there. It has a lot of functionality thought the UI. My biggest gripe is that all of permissions options/ACLs combined with normal Linux permissions can be kind of confusing.

Unraid is also super simple, but maybe a bit too simple for some people. I don’t use anything but the core functionality in either one of these products. If you’re on the fence, you can do an unraid trial for 30* days (30 days, but technically you can stay on the trial as long as your disk array does not have to be restarted)