Do not go for server hardware, used consumer hardware is good enough for you use cases. Basically any machine from the last 5-10 yeare is powerfull enough to handle the load.

Most difficult decision is on the GPU or transcoding hardware for your jellyfin. Do you want to be power efficient? Then go with a modern but low end intel CPU there you got quicksync as transcoding engine. If not, i would go for a low end NVIDIA GPU like the 1050ti or a newer one, and for example an old AMD CPU like the 3600.

For storage, also depends on budged. Having a backup of your data is much more important then having redundancy. You do not need to backup your media, but everything that is important to you,lime the photos in immich etc.

I would go SSD since you do not need much storage, a seperate 500 GB drive for your OS and a 4 TB one for the data. This is much more compact and reduces power consumption, and especially for read heavy applications much more durable and faster inoperation, less noise etc.

Ofc, HDDs are good enough for your usecase and cheaper (factor 2.5-3x cheaper here) .

Probably 8-16 GB RAM would be more then enough.

For any local redundancy or RAID i would always go ZFS.

Thats the only (sane without tons of work) way how you can have a rolling release distro without the need to compile everything yourself, everytime. Dependency issues will occure when glibc gets updated (or any other library) and you only update some programms but not all, its possible that those programms work or not.

Yes but that is on Manjaro if they do not follow basic rules from their upstream and not on arch. If you ignore design desicions then thats on you.

So, when you activate simple versioning, and keep the last 20 Versions, then an error occurs (or malicious actor) and overrides the file 20 times. Then the simple versioning is gone.

Yes with the correct setup you could probably backup via syncthing BUT no one in the comments ellaboborated and mostly just says “i sync to multiple devices via syncthing”

I am shocked how many ppl think synchronization like syncthing act as a backup.

No synchronisation is not a backup. If you accidentally delete the database and it syncs across all devices then the database is gone. If something is broken and overrides multiple times then the history if it is enabled is also gone.

Pls use proper backup methods to backup your database.

Edit: I sync my database also with syncthing across devices. But to back it up i have on multiple clients system backups running that include the database.

Why should that be a flaw on Arch’s side, when it ooses no issue on Arch’s side? Partial updates are explicitly not supported. That would be fine for Manjaro if they would not encourage the use or for some cases even enable the use of AUR by default.

That for example dependa on how you want to do your backups. You could for example run the Windows Backup then feed it into a backup tool lime restic and your done.

You want to use the Windows Iso as a Reference? That is like 5 GB of data. Why do you want to have such an incomplete Backup to save just 5 GB?

So you want a system image without the system and just the user data.

Then why not just backup the userdata?

Yes, it is called multithreading. Just one example: https://github.com/BrandonBerne/masscan

Stupid me, missed the IP whitelisting part.

LUKS may not make your server meaningfully more secure. Anyone who can snapshot your server while it’s running or modify your unencrypted kernel or initrd files before you next unlock the server will be able to access your files.

This is a little oversimplified. Hardware vendors have done a lot of work in the last 10-20 years to make it hard to impossible to obtain data this way. AMD-SEV for example.

There are other more realistic attacks like simply etrackt the ssh server signature and MITM the ssh connection and extract the LUKS password.

The whole port range can be scanned in under a second. A real attack does not care if your ssh port is 22 or 69420. Changing Port is just snake oil.

use ddns or similar to keep track of tour IP?

Honestly, the time i had to manually intervene since ~2 years is less then 5-10 times, and that is way before the stable release. So I doubt that.

The Pin is not designed and used for such an authentication. Also can be changed at any time:

How do I manage or change my PIN?

On your phone, go to Signal Settings > Account > Change your PIN

Its not about being complicated, its about dumping the whole chat history with just a few seconds of physical acceas to the device.

LEA has used this method with messangers like Whatsapp for years to quicly exfiltrade the data from a victims phone to other software.

It is less intuitive to set up, but it is extremely lightweight and very fast. That is the one I recommend.

I highly question the decision process to only include the lightweight and speed. There are much more important criterias to consider, like for example stability, maintainability, support etc.

I do not need yet another service that gets abonded 1-2 years after launch or goes subscription only etc.

While lots of ppl will hate on Nextcloud, its pretty good. When you do the setup right, with cache and so on set up it’s fast and serves its purpose not only as cloud storage but as a collaboration platform where you can edit files with other ppl and much more.

If you only want a simple Web App to up and download files there are probably other solutions for that.

Looking at the research they are doing and actually looking critical and scientific on their own product, it is actually believable.

I am actually more worried about the USA honoring any contract or licensing agreementa on their end.