BTW distro is the cure for this kind of anxiety.

Host system doesn’t matter. Unless you are familiar with zypper and prefer how things work in SUSE, you are not going to be getting any benefits using MicroOS.

Last time I checked this, out of all the options available Serge was the simplest to host and use. Though you need a beefy computer to get fast and/or good responses.

After you’ve gone through all the container hardening guides, cap off the exercise with OWASP’s docker recommendations.

You asked for a solution for removing unneeded media files while keeping the linked torrents. I gave you one.

(I can’t have jellyfin prune media I have watched cause seeding )

You actually can. Thanks to this TRaSH guide.

HEVC releases. You can also setup Jellyfin to selectively prune media you’ve already watched.

I would advise you to remove the rule on your router and expose your services with cloudflared instead. It should get you started with securely hosting your websites. Then you can build up on this self-hosting knowledge and later decide if you want to manage this yourself.

You should learn how to use ssh. Running Firefox on top of Xorg is a disaster waiting to happen.

Looks like you are running rootless.

You are reading too much into the comment.

1. Am not promoting Linux, I don’t know where you got that idea from.
2. How is it hostility when am letting OP know that’s exactly what’s included in the package when he chose Linux? And that unlike Windows where you install downloaded files as programs, things work differently over here?
3. You can install malware by blindly copypasting commands on any terminal, the OS doesn’t matter.

I’ve had my Nextcloud exposed for a long while now without any incidents (that I know of). I know automatic updates are not generally recommended but if you want a lighter load, you could use LSIO’s docker container (I use the standard db in the sample config). I run mine that way with watchtower and can’t recall ever in recent times when an update broke Nextcloud. Other than that, nextcloud has a brute-force plugin and you could consider overall hardening the entry points of the machine hosting Nextcloud (e.g ssh).

Yes and with good reason. To prevent people like yourself from downloading and running malware.

None. I don’t make a habit of keeping “misbehaving” apps around. If I can’t get to the bottom of a specific issue that app is getting the boot from my stable.

Not exactly. OP mentions he’s interested in using cloudflare/github pages where the security is managed by those platforms not the user.

If you concerned about your exposed services being hacked, why not learn how to protect them properly from bad actors? There exists a wide range of solutions that attempt to specifically solve this problem.

Most modern devices should support x265 playback which has the compression sizes you are looking for.

In addition to setting the cap to file sizes for media, you can also blacklist tags like REMUX etc.

This is an example of a custom format for hevc/x265 files that are no larger than 6Gigs. You just need to create a new custom quality profile and give below custom format a positive/higher score.

{
  "name": "Minima",
  "includeCustomFormatWhenRenaming": false,
  "specifications": [
    {
      "name": "No mo than 6 Gigs",
      "implementation": "SizeSpecification",
      "negate": false,
      "required": true,
      "fields": {
        "min": 0,
        "max": 6
      }
    },
    {
      "name": "1080p",
      "implementation": "ResolutionSpecification",
      "negate": false,
      "required": true,
      "fields": {
        "value": 1080
      }
    },
    {
      "name": "eng",
      "implementation": "LanguageSpecification",
      "negate": false,
      "required": false,
      "fields": {
        "value": 1
      }
    },
    {
      "name": "Preferred x265",
      "implementation": "ReleaseTitleSpecification",
      "negate": false,
      "required": false,
      "fields": {
        "value": "[xh][ ._-]?265|\\\\bHEVC(\\\\b|\\\\d)"
      }
    }
  ]
}

OP couldn’t be more wrong. When you pay for a product you pay to get support on the platforms the vendor supports. He should be switching platforms to those supported by the vendor or switch to a competing product that has support for the platform he wants to use.

Docker is not optimized for desktop and Flatpaks aren’t optimized for running services. You’ll spend more time & effort making both of them work and still end up with sub-optimal experiences.