smiletolerantly

This does not encrypt during transit, and my network is not a trusted party.

Then honestly, you have other problems than setting up Jellyfin.

For real though, if you think someone is (or might be) listening in on your local network, i.e. have physical access or compromised one of your machines, then the Jellyfin traffic is the least of your problems. Pick your battles. What's the worst that could happen here - someone gets to know your favorite show?

They do, because if ProtonVPN blocks LAN connections then the only other option is exposing the server to the WAN

Ah, I see. On your PC you should just be able to set a static route over the physical interface for 192.168.0.0/24 (or whatever your local network is) which takes precedence over the VPN. For android.... Oof, no idea. Probably need root.

What are you talking about. Please clarify if this is actually true:

I don’t plan to access it anywhere but home.

This would mean that you only want to access Jellyfin when you, and the device you are watching your show/movie on, are at home, where the Pi/server also is.

Is this correct?

If so, then questions about VPN, Certificates, DNS,.... do not matter.

1. host Jellyfin on the Pi, e.g. with IP 192.168.10.20 on your local network
2. open the Jellyfin app on your TV/Phone/PC, connect to http://192.168.10.20:8096/
3. done

Now you can access it at home, and only at home. I honestly fail to see where a VPN would even come into the equation here (again, if you wish to ONLY watch when you are at home, as you've said).

Huh, didn't know. Thanks. I guess Hetzner is the right answer in both cases then 😄

Do you want all of that to be managed (DB, mailboxes, web-hosting,...) or just reliable hardware in "the cloud"?

For the latter, Hetzner.

Alright, thank you!

Hey, we're also thinking about setting up authentik. Could you answer the following, where I haven't found answers to yet: does introducing SSO impede logging into Jellyfin on a TV / phone app at all?

At this point, package management is the main differentiating factor between distro (families). Personally, I'm vehemently opposed to erasing those differences.

The "just use flatpak!" crowd is kind of correct when we're talking solely about Linux newcomers, but if you are at all comfortable with light troubleshooting if/when something breaks, each package manager has something unique und useful to offer. Pacman and the AUR a a good example, but personally, you can wring nixpkgs Fron my cold dead hands.

And so you will never get people to agree on one "standard" way of packaging, because doing your own thing is kind of the spirit of open source software.

But even more importantly, this should not matter to developers. It's not really their job to package the software, for reasons including that it's just not reasonable to expect them to cater to all package managers. Let distro maintainers take care of that.

I have been listening to SO many audiobooks since getting Audiobookshelve ❤️

Also getting rid of my T1 Diabetes and re-doing my transition, but yeah! Hedonism as well!

They blamed it on the communist party, yes. There were 8 parties represented in the Reichstag at the time though.

I am a bit confused tbh 😅

The link you send links to docker projects, the link I sent is the second one of those. Seems pretty straightforward?

But to be fair, I have never used docker for any of this. In my nix config, it's literally just:

    services.prowlarr.enable = true;
    services.prowlarr.openFirewall = true;

There's not really anything you need to configure host-side. Prowlarr needs to be able to communicate with sonarr and radarr (same as jackett), but otherwise it's basically stateless.

Spend the rest of my life on a Culture orbital or GSV? FUCK YEAH