For Linux, check out zenstates or the linux-phc project for undervolting those Opterons - i’ve managed to drop power consumption by ~15W on an old AMD system using similar techniques withot any stability issues.

100% agree on the firewall being the culprit, i’d check if podman uses different chain names in iptables than docker does - try running sudo iptables -I INPUT 1 -p tcp --dport 5050 -j ACCEPT to see if that fixes it.

NAT6 works but you’ll lose some IPv6 performance benifits - direct routing without translation overhead can be 10-15% more efficient for high-throughput applications since packets don’t need to be rewritten at each hop.

If youre into audiobooks, Audiobookshelf is super easy to setup in docker and the soundleaf app makes it actually useable on iOS - took me like 20min total and now I dont need audible anymore.

Great advice, and you can also use a domain monitoring tool like domainr or domainsbot to get notifcations when the status changes instead of manually checking whois every day.

You might want to check out Docspell - it’s lighter than paperless-ngx but still handles PDF indexing and searching realy well, plus it can do basic OCR on those image-based PDFs without much setup.

Diun with Podman is a solid approch - I’ve been using it for months and it’s way more secure than exposing the docker socket with watchtower, plsu the notifications are configurable without the auto-update risks (which saved my ass during a power outage when I had some great power stations from gearscouts.com keeping my server rack alive).

Headscale has been my go-to for the past 6 months - it’s so reliable that I use it to connect to my self-hosted audiobookshelf server from anywhere using the soundleaf app on my iphone and it nver drops connection even on spotty mobile data.

This is almost right, but you’ll need more specific iptables rules for the split tunneling - try something like ip route add YOUR.HOME.SUBNET.0/24 via 10.0.0.2 on the VPS and then on the homelab add iptables -t nat -A POSTROUTING -d YOUR.HOME.SUBNET.0/24 -j ACCEPT followed by iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE to route evreything else through the VPS connection.

Audiobookshelf actually handles graphic novels pretty well too - I’ve been using it for my manga collection and the mobile app works great for reading, but if you’re on iOS check out the soundleaf app which is even beter for connecting to audiobookshelf servers.

Authelia is great, but I’ve been using Authentik for a similar setup and it’s been rock solid with more user-friendly UI if your famly members aren’t tech savvy, pluss it has some nice passwordless options.

Try adding {"ipv6": false} to your /etc/docker/daemon.json file (create it if it doesnt exist), then restart docker with sudo systemctl restart docker - this forces docker to use IPv4 only.

The S3 suggestion for static content is gold - I’ve seen this cut costs by 60-70% in similar setups since Fargate billing is mostly about runtime, not just storaeg.

100% this - at the very least do a curl URL | less to inspect the script before piping it to bash, or better yet download it, review it thoroghly, then run it locally.

This is solid advice. I’ve had the exact same experience where a “failing” drive was just a bad SATA cable. Saved me like $80 on a new drive. Smart move to check dmesg too, it’ll usually show I/O errors if its a connection issue vs actual drive failure.

This is exactly right - the key is setting Tailscale with TS_USERSPACE=true in your docker-compose environment variables and it’ll work alongisde gluetun without fighting over the TUN device.

Yep, just enable subnet routes in your Tailscale admin console and check “advertise routes” on both servers - that’ll let all your devices use the Tailscale connection without needing the client installed on evrything.

For audiobooks specifically, I’ve been using the soundleaf app with audiobookshelf and it’s been amzing for metadata management and organization without any of the external api dependency issues you’re having with Lidarr.

You can actually run it without Docker using any static file server or even just opening the HTML file directly from your filesystem - no need for a dedicated desktop app when its all just static files.

The Arc actually makes sense here since OP mentioned multiple cameras for Frigate - QuickSync on N100/N305 starts to choke with 5+ simultaneous streams, while Arc A380 can handle 8+ streams with AV1 decode/encode as a bonus.