TedZanzibar

Problem solved! If we ignore the world's ~300 million colorblind people.

To be fair the Synology lineup is confusing, but if you get the right model - one with a Ryzen processor and support for 32GB memory (officially; they can take more) - then you've got yourself a proper little workhorse with low power consumption, a stable, reliable OS, and super easy expansion thanks to the hot-swap drive bays and their Hybrid RAID option. My 8 bay model is running a couple of full-blown VMs and what must be two dozen or so docker containers while barely breaking a sweat. The DS723+ is the equivalent 2 bay model.

For things that need some acceleration like Plex and Immich I've added a little N100 box (a Beelink S12 Pro) with Ubuntu Server and another Docker instance, and mounted the NAS storage via SMB. This also sips power even when transcoding 4x Plex streams at once.

All of which is to say you don't need to do a complex, potentially power hungry and difficult to expand self build to do what you want.

Neither does the BBC's couch to 5k app, for who knows what reason.

You are a legend, thank you!

Any chance of a link to the clip?

Unless you're hosting VHDs and need maximum throughput (in which case use NFS), SMB is going to be the easiest to setup and maintain across those 4 platforms.

The Linux SMB implementation is decent and supports the latest version of the protocol (or close to, at least) whereas NFS in Windows ain't so great and is a bit of a pig to get working in my experience.

Thanks, I'll muse over this when I next get the chance!

Yes please, I might revisit it with a fresh pair of eyes.

Thanks for the suggestion. I spent a good hour or two trying to make Wireguard work for me last night but failed. If I set it to only apply to Immich, nothing else would have Internet access at all. Likewise if I set the peer IP range to just my LAN subnet.

After pulling my hair out for a while I gave up and uninstalled.

Hmm I must be doing something wrong then because it doesn't work for me.

If it was just me, or if Tailscale wasn't such an insatiable battery leech then I'd absolutely do that but the wife (and kids) acceptance factor plays a big role, and they're never going to accept having to toggle a separate service on and off to get to their photos.

Maybe I'm being overly paranoid but I work in IT and see the daily, near constant barrage of port scans and login attempts to our VPN service and it has an effect!

Very useful insights, thanks.

I do currently have external stuff running via a Cloudflare tunnel (which is why I need DNS based LE certs for the internal proxy) but I don't know if it's setup correctly (beyond doing basic reverse proxying) and the admin backend for it feels like massive overkill for a home setup. Plus with Immich I run into the issue of a) dire warnings about it being in active dev and potentially insecure and b) filesize limits making away-from-home backups difficult.

I could well be over thinking the whole thing.