Host system doesn’t matter. Unless you are familiar with zypper and prefer how things work in SUSE, you are not going to be getting any benefits using MicroOS.

Last time I checked this, out of all the options available Serge was the simplest to host and use. Though you need a beefy computer to get fast and/or good responses.

You asked for a solution for removing unneeded media files while keeping the linked torrents. I gave you one.

(I can’t have jellyfin prune media I have watched cause seeding )

You actually can. Thanks to this TRaSH guide.

HEVC releases. You can also setup Jellyfin to selectively prune media you’ve already watched.

I would advise you to remove the rule on your router and expose your services with cloudflared instead. It should get you started with securely hosting your websites. Then you can build up on this self-hosting knowledge and later decide if you want to manage this yourself.

Looks like you are running rootless.

I’ve had my Nextcloud exposed for a long while now without any incidents (that I know of). I know automatic updates are not generally recommended but if you want a lighter load, you could use LSIO’s docker container (I use the standard db in the sample config). I run mine that way with watchtower and can’t recall ever in recent times when an update broke Nextcloud. Other than that, nextcloud has a brute-force plugin and you could consider overall hardening the entry points of the machine hosting Nextcloud (e.g ssh).

None. I don’t make a habit of keeping “misbehaving” apps around. If I can’t get to the bottom of a specific issue that app is getting the boot from my stable.

Not exactly. OP mentions he’s interested in using cloudflare/github pages where the security is managed by those platforms not the user.

If you concerned about your exposed services being hacked, why not learn how to protect them properly from bad actors? There exists a wide range of solutions that attempt to specifically solve this problem.

Most modern devices should support x265 playback which has the compression sizes you are looking for.

In addition to setting the cap to file sizes for media, you can also blacklist tags like REMUX etc.

This is an example of a custom format for hevc/x265 files that are no larger than 6Gigs. You just need to create a new custom quality profile and give below custom format a positive/higher score.

{
  "name": "Minima",
  "includeCustomFormatWhenRenaming": false,
  "specifications": [
    {
      "name": "No mo than 6 Gigs",
      "implementation": "SizeSpecification",
      "negate": false,
      "required": true,
      "fields": {
        "min": 0,
        "max": 6
      }
    },
    {
      "name": "1080p",
      "implementation": "ResolutionSpecification",
      "negate": false,
      "required": true,
      "fields": {
        "value": 1080
      }
    },
    {
      "name": "eng",
      "implementation": "LanguageSpecification",
      "negate": false,
      "required": false,
      "fields": {
        "value": 1
      }
    },
    {
      "name": "Preferred x265",
      "implementation": "ReleaseTitleSpecification",
      "negate": false,
      "required": false,
      "fields": {
        "value": "[xh][ ._-]?265|\\\\bHEVC(\\\\b|\\\\d)"
      }
    }
  ]
}

This is what I use as well.

I don’t like Tailscale. Use a reverse proxy (nginx proxy manager makes this simple) and secure your services with fail2ban and/or crowdsec. This way you do not have to rely on Tailscale relay or their clients to connect to your services from anywhere.

I can help you with anything you want to self-host apart from email. Send me an inbox with a list of the softwares and how your setup looks like.

Glances should be right up your alley.

I am running all my software services with docker. It’s stupid simple to manage and I have all of my running services in one paradigm.

Don’t think this is accurate. E.g how is LinkedIn bigger than Twitter?

Whatever you do, make sure you setup firewall properly and enable automatic updates for your software. People say this last part is bad advice, but I’d rather have software break from an update than get ransomware’d.

Any reputable VPS will have clean IPs as they usually have strict TOS for customers abusing their network. Choose whichever fits your needs.