First questio is: can you ask your home internet provider for ipv6?

Otherwise sign up to tailscale and connect your vps server (and your pc/devices) to it.

the question is: why do you want to move on from the Rpi4? Also, how do you plan to handle video decoding 0f x265/av1 streams? Do those miniPCs have a video card with hardware transcoding capabilities? If you plan to do it on software (i.e. CPU transcoding) the CPUs will run hot most of the time.

Absolutely this, nothing else is required. Well, maybe alertmanager if you want to receive alerts

Or with opnsense as well

That is true, I didn’t consider that as I don’t use them.

Headscale and zerotier as well

You can selfhost it on a vps with headscale

I know exactly what you mean. Just for general information, I’ve found another android client that I think it’s better than Conversations. It’s called Monocles chat (and it’s on f-droid). On matrix/xmpp I install the whatsapp bridge. I can convert a few close family members but no way everyone. For me it’s an acceptable compromise. I get the close members to use my servers/apps, everyone else through the bridge so I can at least have all the chat in one place

Why not host your own git repo (e.g. gitea) so you can do 2 or 4 without opening services outside?

The chat server (matrix and xmpp have different ones, but same functionality) that act like a whatsapp desktop client. Have you ever run whatsapp desktop client on your pc, where you have to pair it with your phone? Same thing, but you do it withing a special “bridge” (usually as a bot) in matrix or xmpp. So you get all the messages in one place. But it doesn’t work for calls, just for messages.

Frienda no, but I do use whatsapp bridges so I can have all conversations in one place.

Family with extreme nagging, and because I’m the IT guy of the house so they kinda trust me/can’t be bothered to try and out-talk me.

Gajim on pc (I use arch btw - well endeavourOS because I can’t be bothered) and don’t remember what on android (there is the full list or clients and capabilities on xmpp.org)

No.

Yeah ok. First of all, because I can 😁. I mean z what’s good being an IT nerd if I can’t change stuff when I want?

Jokes aside, I’ve been reading more recently on matrix and looks like there are some security issues in the design of the app/protocol. I’m on mobile now, I’ll look for sources when I’m on pc. Also I don’t like that it is a server centric system (so data is primarily on the server instead of the clients). Also it takes more resources than I was expecting. For less than 10 users I can’t have less than 4gb of ram (on a dedicated debian server, running docker) or it swaps so much it kills the system.

So basically I’m testing out if xmpp is a better system for those issues.

I’ve been using matrix for years to this purpose, but moving to xmpp/prosody now

Having multiple interfaces in each vm can lead to issues with routing if you screw something up.

Like you said I’d expose the services via reverse proxy in the public vlan, and enable ssh access on the firewall only from a jumpbox or the ip of your pc (or maybe the vlan you are in).

I’ve been told that zerotier is even better. Haven’t tried it myself (it looks more complicated to selfhost) but the guy suggesting it knows waaaaay more than me on these things. Just if you want to look into another option.

For what it’s worth (from a random guy on the internet) selt-hosting tailscale is quite easy! 🙂

I’m self hosting headscale (foss implementation of tailscale control server) for this scenario. Works great!

sorry for late reply. So far is great. I can feed it custom paths on my NAS and it doesn’t touch the pictures/import them/etc. (which was the main requirement for me). It just works with what you feed it. Face recognition is good. Search is good. The 3rd party app (uhuru photos) is not great, but still under development. But the mobile interface works anyway well enough.

I have been using opnsense on a very cheap celeron nuc for a few years, very happy with it

As everyone said, debian. I use it for my mail server, the docker server, podman server, matrix, headscale. On docker I also have nvidia drivers for hardware video decoding in jellyfin.