I use Proxmox PBS for all my backups. Datastore is on my file server at home. I sync the datastore daily to a little NAS at a family members house and to a super cheap storage VPS on the other side of the country. I also do a manual sync to an external drive that keep offline at home.

Any super important documents such as tax records, health related files, backup of the data volume from vaultwarden, or anything related to wills & estates get backed up as well to 2 USB thumb drives that are LUKS encrypted. I keep 1 in my go bag and another is hidden somewhere… Thumb drives get updated once a month, or sooner if anything major changes.

I’ve been thinking about going this route. What size subnet are you banning? /24?

Only thing stopping me is I selfhost email and don’t want to ban say a whole subnet from Microsoft/Azure and end up blocking the outgoing servers for O365. I’m sure I can dig around and look at the prefixes to see which are used for which of their services just haven’t had the time yet.

Crowdsec with a central LAPI server. You should install it on the servers themselves to monitor the application logs directly. Then every bouncer(firewall, router, edge device) connected to the LAPI will all block the same IPs. I got sick of repeat offenders and upped the ban time to 1 year in hours.

No worries. Better than reading that someone got hacked because they left Jellyfin wide open

You could even run a travel router, mini PC or Raspberry Pi, run the VPN on it, connect the Roku to it over the onboard WiFi adapter. On the PC/Pi you’d force all the traffic from the Roku towards Jellyfin over the tunnel. You could even define the Jellyfin in DNS (/etc/hosts) so the internet will never even know you’re running Jellyfin. Something like https://raspap.com/ or even a openwrt travel router from the likes of GL.iNet would work.

Do not. I repeat do not expose Jellyfin to the internet. It has too many security issues to be directly accessible from the internet.

I use Jellyfin and only access it over WireGuard. I have a mesh setup between the routers at a few family members houses.

If you have absolutely no other way then to expose it to the internet you need to make sure that you whitelist only the approved IPs in your VPS firewall and block everything else.

Nope. I’ll stick with OPNsense which is open source.