You’ll first need a functional legal system.

No flames, just fuel.

If they light it that’s their problem. /s

If only it was that simple. Stay safe folks; I hope you make it through the year.

Improvise.

freezing water gasoline.

I pray he puts his own fucking gun in his mouth.

Bit old, but pretty much everything Source Engine is self-hostable isn’t it? Most of them even come with a pre-configured SRCDS (SouRCe Dedicated Server) you can download and run right from the steam launcher.

I know I ran a GarrysMod server for quite a while; piling a shit ton of mods on it. Plus any source game you’ve got installed, Garrys Mod can and will use the resources/assets from.

:/ shit.

I’m pretty sure I saw this a few months ago and moved to the beatkind/watchtower fork, but it’s not been updated in 6mo either. (Devs only been active in private repos; so they’re still around, just not actively working on watchtower)

Guess I’ll find another solution. Hell, I might just put my own script on crontab. Looping through folders running docker compose down/pull/up isn’t too hard really.

My wife got very upset. Apparently she likes the ads.

Set static IPs for her devices, then whitelist that device IP past the block lists by adding it to a group, then regex allow domain: ‘*’ for that group.

A bit of redundancy is key.

I have my primary DNS, pihole, running on an RPI that’s dedicated to it; as well as a second backup version running in a docker container on my main server machine.

Nebula-Sync keeps the two synchronized with eachother, so if a change is made on one, it automatically syncs to the other. (things like local dns records or changes to blocklists).

If either one goes down (dead sd cards, me playing with things, power surges, whatever); the other picks up the slack until I fix the broken one, which is usually little more than re-install, then manually sync them using piholes ‘teleporter’ settings. Worse case, restore a backup (That you’re definitely taking. Regularly. Right?)

Both piholes use Cloudflared (here’s their guide *edit: I see I’ll have to find a new method for this… Just going to pin the containers to tag ‘2025.11.1’ for now) to translate ALL dns traffic into DOH traffic, encrypting it and using the provider of my choice, instead of my ISP or any other plain DNS. The router hands out both local DNS IPs with DHCP because Port 53 outbound (regular dns) is blocked at the router, so all LAN devices MUST use the local DNS or their own DOH config. Plain DNS won’t make it out.

DNS adblocking isn’t perfect, but it’s a really nice tool to have. Then having an internal DNS to resolve names for local-only services is super handy. Most of my subdomains are only used internally, so pihole handles those DNS records, while external DNS only has the records for publicly accessible things.

I have the same issue with Immich on android. It pretty much never uploads files until I manually open the app; then the app refuses to acknowledge it has uploaded those new files until it’s closed and re-opened :( (power saving is set to un-restricted in android, and background data usage is allowed. I’ve been through troubleshooting very thoroughly, it just doesn’t work)

FolderSync has been the only reliable (non-root) backup solution I’ve used. It’s set to monitor my image folders for changes and upload any new files as soon as they’re created; this works ~85% of the time. Then, It’s also set with a few schedules to check for changes every 3hrs, backing up everything on the phone the app can access; this catches anything the on-change/on-creation file detection misses, while also backing up more data than just my images. I have yet to see that fail after ~3 years.

Plex, Emby, and Jellyfin are all legal, and each have ways to serve liveTV alongside your own locally stored content, and DVR that liveTV if you want. You’d just have to purchase a liveTV subscription from your local provider (or go the Pirate route ofc).

Emby has what they call ‘Emby Connect’ which is entirely optional and is basically a glorified DNS service.

It doesn’t proxy connections, it just passes on the hostname to the client. The server is still required to setup port forwarding or other routing like tailscale or a proxy on a vps.

Emby Connect will let you sign into your local server using your emby.media credentials, but unlike Plex it’s completely optional and only works once explicitly linked to the local user of an Emby server.

I only bring it up because you explicitly said you have no idea why it doesn’t work.

Take things at a comfortable pace; there’s no sense overwhelming yourself. Then you just forget what you’ve done and end up lost in your own maze.

I started with Plex myself, almost 10 years ago. Moved to Emby, where I learned about buying a domain, setting up ssl through a reverse proxy, and just continued to explore from there. Today I run ~26 containers/projects across three systems and I’m always keeping my eye out for interesting new things.

Best of luck with your journey m8.

Sounds like you’re behind cgNAT, which essentially means there’s another router owned by your ISP that’s between yours and the open internet, which also requires port forwarding, but your ISP will never do that for you.

It complicates things, but the solution(s) are tools like tailscale, cloudflare Tunnels, or to rent a VPS just to host a proxy/vpn.

Plex solves this by using their own public servers as a proxy for you, but this is part of how they have control over your users/server/data, such as blocking remote streaming… That makes more than a few people uncomfortable.

Plex centralizes authentication at plex.tv

When a user wants to connect to a ‘private’ plex server, they must first sign into their plex.tv account, which then provides the auth token needed to login to the users server (even if both the client and server are on the same lan)

With this system, Plex can monitor and control every single connection to every plex server; limiting access to whatever they want. Even your own local content.

Plex has an automatic proxy service hosted by their public servers. If you haven’t or can’t configure port forwarding correctly, plex will route the connection through their own servers.

The problem is, that also means Plex co has total control over your server and the data sent between it and clients if they so choose. Anything from quietly logging the data sent back and fourth, to controlling who can connect and what they can do while they are.

Jellyfin has to be correctly exposed to the internet via port forwarding or tools like tailscale/a vpn; but it’s entirely your server under your control. You have ultimate control over how your server can be accessed, but that also means you’re responsible for actually setting that up.

That will solve part of the problem, preventing downloads before an item has even released; but there’s still lots of potential to grab unwanted torrents and leave the arrs asking for intervention when they can’t import it.

Ideally the indexers would be filtering out this junk before users can even grab them, but failing that I think we’ve got a decent solution. Check out the edited OP

Check out the edited OP.

I’m taking a look at this. It looks like it’s the malware blocker portion that I’m interested in, but if I enable it and ‘delete known malware’, it just complains every minute that there are no blocklists enabled. (though the documents say it’s supposed to fetch one from a pages.dev url that has almost no content)

Do you have a specific malware blocklist configured? Enabling the specific service blocklists demands a url for one.

I can host/build a list over time for these to use if that’s what I’ve gotta do; just wondering if there’s a public collaboration on one already on the go.

/edit: found it

https://raw.githubusercontent.com/Cleanuparr/Cleanuparr/refs/heads/main/blacklist

That’s what I’d already done as per the OP, but it leaves Sonarr/Radarr wanting manual intervention for the ‘complete’ download that doesn’t have any files to import.

I just did some digging and found I do have some good quality content from them, but they were all grabbed via NZBGeek.

Every torrent I’ve gotten with that label has been garbage/malware.