Findmysec

They do, but VRAM. Unfortunately, the cards that do have that much of memory are used by OEMs/corporations and are insanely pricey

I don't know why people are recommending apps like Navidrome and Jellyfin when it isn't a music server that you're looking for but a way to share the music collection.

With that said, I can think of 2 approaches, and (likely) the easier option will be to use the help of such a server. Both will require a VPN server in the cloud which will be redirected via NAT/reverse-proxy into your network.

1. Use something like Navidrome with LDAP/Auth solutions like Authelia. User has to authenticate themselves to access their account on the service like something in the cloud.

2. To offer more barebones access to the underlying storage directly: set up NFSv4 for Kerberos.

Yeah I guess installing a root CA cert (or an Intermediate, depending on how complex your setup is) and automatically rotating certs upon expiry isn't the most trivial thing. With that said, dekstop linux/windows isn't a problem. You could theoretically do it on iOS too. Android recently has completely broken this method, however, and there's a fair few hoops one must jump over to insert a root CA into the Android trust store on Android 13 and later. I'd like find a way to do it just for browsers on Android using adb if possible

Running a CA is cool however, just be aware of the risks involved with running your own CA.

All they say that if the private key is stolen then you're screwed. Think about it, if an attacker can:

1. Get into your network.
2. Presumably bypass key-based ssh/container runtime protections
3. Access pod/VM which is running the CA
4. Bypass default MAC settings (Apparmor on debian, SELinux on RHEL)
5. Steal private key without you knowing from your logs

You have a much bigger problem my friend

why is creating one's own CA the wrong way? I don't want to have to pay cloudflare or porkbun to run HTTPS at home

The easiest way is to pay for a public domain, use a subdomain of that which does not have an A record on the wide internet, and then use certbot to get Let's Encrypt certificates for them and auto-renew. Stuff these in your individual reverse-proxy instances (or propagate them, no idea how) and you're done

So, you want an LDAP server or a forum? That's either FreeIPA or hosting Discourse

Is there an SLA on the Hetzner storage boxes? What do you think about their reliability (will they recover if their underlying hardware fails?)

How much does OVH cost you for storage?

I admit that Storj is less expensive but it has egress costs which B2 + cloudflare doesn't (the latter with a free account)

That's personal pictures, ripped media, documents, some sensitive information etc. Netflix can go to hell

Any storage provider with client-side encryption