Bristlerock
DNS-O-Matic (recommended by CloudFlare, among others) combined with SWAG and Authelia will handle dynamic DNS, reverse proxying, SSL certificates, and MFA. SWAG (nginx, Let’s Encrypt and Certbot) and Authelia (MFA) run nicely in a 2 container Docker stack.
Mine have been running for ~18 months on my NAS, though I have a fixed IP so no longer use a DDNS provider.
It would be good, but I’m not sure if the expected Multireddit-style behaviour will ever appear on the threadiverse - at least not in the way I use them (I don’t subscribe to any sub in a multireddit) - for the same reason that Lists are limited in value on Mastodon: there appears to be a “safety and privacy” policy in place that prevents you from adding accounts to a List that you’re not subscribed to.
The only reason I use them is to remove their noise from my feed/timeline. Looking at you, Cory Doctorow… 👀
Maybe it will change, or maybe it will be different here (threadiverse) compared to Mastodon. I guess we’ll see.
This is what I did, too. Used Pi-Hole for a year or so, and it required regular tinkering and repairing. Planned to test AGH for a short time in Docker container on a Pi4B, and it’s been running that way for 2 years without any issues.
Easier to administer, more functionality and rock solid. I’ve never looked back.
TT-RSS is fantastic, providing you hold your nose and wear as asbestos suit if you ever dare ask a question or raise a valid issue. The dev is… well, I’m not a fan. I won’t use it out of principle.
FreshRSS is a good-looking and skinnable alternative with a good Docker image, but I had issues with the inability to flush old items. Has a decent web UI.
These days I’m using Sismics and the web UI.
I’ve had gitlab/gitlab-ce running on my NAS for 6+ months and it’s been reliable, mostly as a central repository and off-device backup. It has CI/CD and other capabilities (gitlab/gitlab-runner, etc), but I’ve not implemented them.
When my old NetGear ReadyNAS Duo (2 bays, SPARC, 100Mb NIC) was reaching its EOL I looked into a purpose built server, a mini of some kind (NUC, etc), or a standard QNAP or Synology NAS. Eventually settled on a Synology DS 920+ (4 bays, x86_64, 1Gb NIC).
It’s been rock solid and amazing value for the 2.5 years I’ve had it. It’s running the majority of my Docker containers, Plex Media Server, a Linux VM, and a few other things. It also has its own shell/CLI, which is useful. I don’t use Synology’s “phone home”/remote access stuff, but Synology Drive and Synology Photos are great - they provide the equivalents of Dropbox and Google Photos respectively, and it works across Windows, Linux, Mac, iOS, and Android (via VPN when outside the house). No regrets at all.
Exposed is the right term. Other than my Wireguard VPN port, everything I have exposed is HTTPS behind Authelia MFA and SWAG.
I’m tempted to switch Wireguard for Tailscale, as the level of logging with WG has always bothered me. Maybe one day.
FWIW, I have an LG LED smart TV (2xHDMI, 1xDVB-S2, WiFi, NIC, etc) and it’s only been connected to my network once, for a post-purchase firmware update through my AdGuard Home. WiFi and Ethernet is disabled, and I use it with my Nvidia ShieldTV (Plex*, Netflix, ChromeCast, etc).
I won’t let it go online as I expect it already phones home if you let it, and don’t imagine LG will be able to resist ad injection into content, like Samsung and others do. So it’s an excellent quality dumb TV, which meets my needs perfectly.
*Plex Media Server runs on my NAS. The Shield and my mobile devices are Plex clients.