It’s not just that. I’m a techie. I’ve been in the industry for decades. I know my way around computer very well.

I want to like Jellyfin and I want to ditch Plex (even though I have a lifetime license) because of what it has become and where it’s headed.

That said, the other day my Plex server had some issues that took me a while to figure out. Since when it failed I just wanted to watch an episode of a series and relax, I once again fired up the JF client. I couldn’t get seek to work, I had to manually find and download subtitles (that’s not always the case but when it is, it’s pretty annoying), and ultimately I couldn’t watch my series at all as playback would randomly stop, the player would close and I’d be back at the menu, without the position having been recorded and with no way to fast-forward as seek didn’t work at all.

I ended up spending 15min figuring out what was wrong and fixing Plex, then watched my series undisturbed.

Like I said, I want to drop Plex for JF, but in the 3 years or so that I’ve been running both, every time I fire up JF I end up running back to Plex as I just want to sit back and watch a bloody series or movie.

I don’t think I’ve ever come across a DNS provider that blocks wildcards.

I’ve been using wildcard DNS and certificates to accompany them both at home and professional in large scale services (think hundreds to thousands of applications) for many years without an issue.

The problem described in that forum is real (and in fact is pretty much how the recent attack on Fritz!Box users works) but in practice I’ve never seen it being an issue in a service VM or container. A very easy way to avoid it completely is to just not declare your host domain the same as the one in DNS.

If they’re all resolving to the same IP and using a reverse proxy for name-based routing, there’s no need for multiple A records. A single wildcard should suffice.

Not sure if this is helpful in any way, but it might give you some clue.

100./8 addresses are reserved for CG-NAT.

This is probably the IPv4 address your modem/router is receiving from the ISP.

https://en.wikipedia.org/wiki/Carrier-grade_NAT

I might pick it back up some day but at the moment I have other projects going on at the moment.

I’m still using Proxmox myself but unfortunately it’s all fairly manually configured.

I started writing a Terraform provider for Proxmox a while ago.

Unfortunately, the API is a massive mess and the documentation is not very helpful either. It was a nightmare and I eventually gave up.

https://github.com/c10l/terraform-provider-proxmoxve

K3s is k8s

lol at the downvote. K3s is k8s. The very first 2 words in its website are Lightweight Kubernetes. https://k3s-io.github.io/

On macOS I’ve been using Ollama. It’s very easy to setup, can run as a service and expose an API.

You can talk to it directly from the CLI (ollama run ) or via applications and plugins (like https://continue.dev ) that consume the API.

It can run on Linux but I haven’t personally tried it.

https://ollama.ai/

It’s pretty easy with Ollama. Install it, then ollama run mistral-7b (or another model, there’s a few available ootb). https://ollama.ai/

Another option is Llamafile. https://github.com/Mozilla-Ocho/llamafile

I run it on my router which has the CG-NAT IP address.

Whilst you’re right that it could clash, it’s very unlikely (a 1 in 4194302 chance), I imagine Tailscale would detect the clash and change IPs though I could be wrong as it never happened to me (and probably never will - though in all fairness it will eventually happen to someone).

Been using Tailscale behind CG-NAT for years. It works wonderfully and very rarely needs to route through the DERP infrastructure - it’s almost always a P2P connection.

You don’t have to use the registrar’s DNS system.

I use LuaDNS. They even offer a fully functional free tier that might be enough for your needs.

They have an API that can be used with certbot, and you can manage your zones with git.

£35 for symmetrical 1gbps. In practice, I get fairly stable ~850mbps either way but I reckon my router is the bottleneck rather than the actual line.

I’ve been using Posteo with my own domain for a few years.

You do need an email forwarder in addition to the hosting since, as you noticed, they don’t support that use-case natively.

My DNS provider, LuaDNS, does that for me. I pay for their Basic tier (US$29/year) but only because I’m using a lot more than what the free tier provides. I did get away with free for about a year though, so that could in fact be sufficient for you, if you decide to go that route.

IMAP is not proprietary. Gmail does support it though, as does pretty much every email provider under the sun. It has limitations though, and JMAP is one proposed alternative to solve some of those.

Note that I don’t have enough knowledge to emit an opinion on whether it’s good or not. I’m just pointing out a couple facts.