Btop and logwatch with logrotate. I use healthchecks to check if the server is unreachable and it notifies me.

My block list is very small actually due to the non standard ssh port. Everything else goes through wireguard.

If it was open to the public then yes I’d have to reconsider the ban length.

You could not connect the TV and printer to the network but instead attach them to raspberry Pi or similar devices. This allows you full control and stops them calling home and spying.

Hackerman

Please see my reply below with links.

Onion repositories are package repositories hosted on tor hidden services. The connection goes through six hops and is end to end encrypted. In addition to further legitimizing the tor network with normal everyday usage it has the benefit of hiding what packages have been installed on a system.

Here are some notes about them if you want to read more.

https://blog.torproject.org/debian-and-tor-services-available-onion-services/

https://www.whonix.org/wiki/Onionizing_Repositories

Well I dont trust closed source software and do what I can to avoid it when I can. At least foss can be audited. Also all the linux devices on the main network are devices I admin.

Only remote access by wireguard and ssh on non standard port with key based access.

Fail2ban bans after 1 attempt for a year. Tweaked the logs to ban on more strict patterns

Logs are encrypted and mailed off site daily

System updates over tor connecting to onion repos.

Nginx only has one exposed port 443 that is accessible by wireguard or lan. Certs are signed by letsencrypt. Paths are ip white listed to various lan or wireguard ips.

Only allow one program with sudo access requiring a password. Every other privelaged action requires switching to root user.

I dont allow devices I dont admin on the network so they go on their own subnet. This is guests phones and their windows laptops.

Linux only on the main network.

I also make sure to backup often.

Debian

I use wireguard and nginx but I set my WG DNS as the server ip. I have adguardhome running on the server and have added the external domains to map to their LAN address so theyre resolved locally when using the vpn or the LAN. A similar setup should work for you.

No

Personally I just use a web directory for my roms Company/Console/Game and search with ctrl and F. I can download it from a browser or wget in the terminal.

For artwork I have the steam ROM manager on deck or the emulator on desktop usually does it eg ppsspp

I suggest to file a bug report. I too would expect a playlist to play in the order of the playlist. If nothing else a bug report will bring clarity and it might add an extra test case to look out for or clarify some existing documentation.

I have a microserver and various pis ( zero w, 2x 3b+ and a pi b)

With the exception of the zero w they are all still in action.

The pi b connects to the pi touchscreen and displays photos from a directory every 5 minutes.

The 2x3bs are running kodi to stream from my server.

The zero w was a camera recording and streaming 24/7 but I stopped it as I wanted to do other stuff with it.

I use raneto. Built using js. Flat file and uses markdown.

No if I have to keep fixing it , it is not worth my time.

I installed owncloud years ago and came to the same conclusion and just got rid of it. I use syncthing nowadays though its not the same thing.

Duckdns will give you a free domain name. Run wireguard on the machine to connect remotely. Only allow WG port for remote access. Optional limit app access in your webserver to your VPN and lan ips. You can also run something like adguard home to get ad blocking. In that case set your wg server ip as the dns server ip eg 10.0.0.1 and add your ddg domain name in adguard so it will resolve without having to do an external lookup when on the lan or vpn.

I group them by network.

You could try self host some services to reduce subscriptions such as jellyfin or navidrome. You could run a tor relay and accept donations. Host and maintain sites or services for someone. As others have said selling them is probably going to net you the most

Did you try Netflix in the browser to rule out an issue with the app.

I have adguard home on my server and have the server wireguard IP as the DNS ip too so I can see all the DNS requests my devices make and block stuff. I disable ipv6 myself to keep things simpler.

It should work for you though.

Another option they can’t detect is use a router with a wireguard connection, then Netflix can go suck a lemon 🍋😉

Edit: Perhaps they are doing some timing on your connections and there is a difference between your primary connection and the VPN one .