Connect it to your PC or laptop and do a netinstall. Configure SSHD and a static ip. Plugin the disk to your server and then connect via ssh to admin it.

You could also set your laptop or PC to boot from the attached disk in the bios to test the services you want to start are starting

Happy to help 😉

Syncthing can do direct sync if you give the ip address to each node and you can disable relay servers .

Yeah this is a much better approach

You could just poll it every few minutes via a cronjob and only send a notification if the numbers have increased.

Personally I use miniflux too in docker but I dont have a need for notifications.

Could you just poll the miniflux db directly ?

On laptops yes, on my server no. Most of the data is photo backups and linux ISOs form over the years.

Htop and logwatch

My block list is very small actually due to the non standard ssh port. Everything else goes through wireguard.

If it was open to the public then yes I’d have to reconsider the ban length.

You could not connect the TV and printer to the network but instead attach them to raspberry Pi or similar devices. This allows you full control and stops them calling home and spying.

Hackerman

Please see my reply below with links.

Onion repositories are package repositories hosted on tor hidden services. The connection goes through six hops and is end to end encrypted. In addition to further legitimizing the tor network with normal everyday usage it has the benefit of hiding what packages have been installed on a system.

Here are some notes about them if you want to read more.

https://blog.torproject.org/debian-and-tor-services-available-onion-services/

https://www.whonix.org/wiki/Onionizing_Repositories

Well I dont trust closed source software and do what I can to avoid it when I can. At least foss can be audited. Also all the linux devices on the main network are devices I admin.

Only remote access by wireguard and ssh on non standard port with key based access.

Fail2ban bans after 1 attempt for a year. Tweaked the logs to ban on more strict patterns

Logs are encrypted and mailed off site daily

System updates over tor connecting to onion repos.

Nginx only has one exposed port 443 that is accessible by wireguard or lan. Certs are signed by letsencrypt. Paths are ip white listed to various lan or wireguard ips.

Only allow one program with sudo access requiring a password. Every other privelaged action requires switching to root user.

I dont allow devices I dont admin on the network so they go on their own subnet. This is guests phones and their windows laptops.

Linux only on the main network.

I also make sure to backup often.

Debian

I use wireguard and nginx but I set my WG DNS as the server ip. I have adguardhome running on the server and have added the external domains to map to their LAN address so theyre resolved locally when using the vpn or the LAN. A similar setup should work for you.

No

Personally I just use a web directory for my roms Company/Console/Game and search with ctrl and F. I can download it from a browser or wget in the terminal.

For artwork I have the steam ROM manager on deck or the emulator on desktop usually does it eg ppsspp

I suggest to file a bug report. I too would expect a playlist to play in the order of the playlist. If nothing else a bug report will bring clarity and it might add an extra test case to look out for or clarify some existing documentation.