3-2-1 rule also applies with external providers

The main unauthenticated action is video streaming, but an attacker would need to guess the correct id by chance.

https://github.com/jellyfin/jellyfin/issues/5415#issuecomment-2825240290

Some of them can be fixed, though you don’t necessarily need to do all of them. Easiest thing is ignoring them as long as everything works.

No, it’s just something to be aware of

Just FYI, unless you absolutely need anonymity from ICANN/the country owning the TLD I wouldn’t choose Njalla. Legally any domain you purchase is owned by them, that’s how they can keep your name from law enforcement requests. However, that also means in any dispute between you and Njalla they can just refuse to service you and keep your domain without recourse.
Normal domain registrars are regulated and if you purchase a domain through them you are its legal owner, if they don’t want your service they must still allow you to transfer the domain somewhere else. Any good registrar provides domain WHOIS protection and will only give out your name to legal requests by law enforcement, so I wouldn’t worry too much about that.

I think that breaks most clients

I started using Quadlets recently and it’s great to have declarative configs for containers all managed with systemd. It only gets good with Podman version 5 though, 4.4 doesn’t support .pod files, which I use quite heavily.

Not sure what Plex debrid does, but anything managed by a good service manager (like systemd) is more reliable than starting a shell session and hoping it doesn’t die.

Nested VMs stay performant about three levels deep, so do that as well.

Most clients have it disables by default and you’ll still have to install the intro skipper plugin.

With version 10.10 they integrated chapter markers into Jellyfin. You still need a plugin to generate the intro timings, but any client I tried has support for skipping with a button.

I’d stick to using the host IP for communication between pods. It keeps the separation of different pods intact, makes it easier to add new services and if you ever get a second machine for containers you can continue doing it the same way just with a different IP.

I know Findroid allows easy downloading and offline watching. Fladder (another newer Android client) also has downloading, haven’t tried it myself yet.

The AIO container is so terrible, like, that’s not how you’re supposed to use Docker.
It’s unclear whether OP was using that or saner community containers, might just be the AIO one.

Minecraft loves single core performance, so it will likely behave differently to most general benchmarks.
But that also makes dedicating a few cores to it and everything else to other services.

Seconds are clearly defined by one specific caesium-133 transition

The second […] is defined by taking the fixed numerical value of the caesium frequency, ΔνCs, the unperturbed ground-state hyperfine transition frequency of the caesium 133 atom, to be 9192631770 when expressed in the unit Hz, which is equal to s−1

Can you ping server 1 from the subnet router?
Make sure to check if you have a firewall blocking ICMP packets on server 1 or somewhere between.
Maybe run traceroute from both serves and compare the route taken and where it stops.

Nextcloud News with the accompanying app on my phone. I was lazy that day

Can you ping the server through your tunnel? Maybe try a traceroute to see if it gets through your router correctly.

If this does work, check if the arrs have some “restrict to local network” setting.

If not, I’d check the firewall logs on your router to see if it is blocking the connection.

Did you set the correct block size for your disk? Especially modern SSDs like to pretend they have 512B sectors for some compatibility reason, while the hardware can only do 4k sectors. Make sure to set ashift=12.

Proxmox also uses a very small volblocksize by default. This mostly applies to RAIDz, but try using a higher value like 64k. (Default on Proxmox is 8k or 16k on newer versions)

https://discourse.practicalzfs.com/t/psa-raidz2-proxmox-efficiency-performance/1694