Been using Jellyfin to host my music and Finamp to play it, Lyrics are pulled from https://lrclib.net/ using a Jellyfin plugin, certain lyrics are timestamped allowing for synchronization other are just static.

ProtonVPN works fine for Debian based systems, wish I could say the same for ProtonDrive.

“Technically” my jellyfin is exposed to the internet however, I have Fail2Ban setup blocking every public IP and only whitelisting IP’s that I’ve verified.

I use GeoBlock for the services I want exposed to the internet however, I should also setup Authelia or something along those lines for further verification.

Reverse proxy is Traefik.

If you aren’t already familiarized with the Docker Engine - you can use Play With Docker to fiddle around, spin up a container or two using the docker run command, once you get comfortable with the command structure you can move into Docker Compose which makes handling multiple containers easy using .yml files.

Once you’re comfortable with compose I suggest working into Reverse Proxying with something like SWAG or Traefik which let you put an domain behind the IP, ssl certificates and offer plugins that give you more control on how requests are handled.

There really is no “guide for dummies” here, you’ve got to rely on the documentation provided by these services.

The Docker Engine makes hosting applications over your network easy, if you have spare hardware I highly recommend setting up your own server.

So glad my router supports WireGuard/OVPN server hosting, doing it this way also relieves resources off your homelab and for whatever reason your homelab shuts off or loses network access you can at least rely on your router to re-establish the VPN server without further intervention.

Smallest of crack in the glass? Flex-Seal

A space-ship that’s 60% glass, 20% stiffener bars and 20% normal space-ship stuff,

Unpopular opinion, if you’re going to use a Debian based distro you should just use Debian.

Yes, it is command-line/BASH heavy however, once you learn it it’ll make all the other Debian based distro’s even easier to manage. Only real difference is system directories are in different locations distro-to-distro.

Why not spin up a pihole instance? Once you setup your blocklists you barely have to maintain it besides the occasional update.

Hell, if you don’t have a spare machine to run it on you can likely run it locally and then change your PC’s network to use it as your DNS resolver.

This right here, if I can do the same to my work desktop I would be in my glory.

I dunno, I started with Debian and then many months later learned that it was one of the harder distributions given the outdated packages.

Glad I chose Debian because Ubuntu, Linux Mint, Kali Linux, PureOS, etc are all derivatives of it.

deleted by creator

You’ll end up with better quality images this way compared to transferring them to Canon servers where they’ll likely be compressed or altered.

Don’t worry, once Canada enacts its firearm confiscation Ukraine will have a plethora of used .22 Lr rifles in the finest hot-pink camo and magazines pinned to 10-15 rounds.

Reverse proxying was tricky for me, I started with Nginx Proxy Manager and it started out fine, was able to reverse proxy my services in the staging phase however, once I tried to get production SSL/TLS certificates it kept running into errors (this was a while ago I can’t remember exactly) so that pushed me to SWAG and swag worked great! Reverse proxying was straight forward, SSL/TLS certificates worked well however, overall it felt slow, so now I’m using Traefik and so far have no complaints.

It’s honestly whatever works for you and what you prefer having.

I honestly never tried Ventoy myself so I can’t really give you a proper answer to this however, after reading into it I see no reason why it wouldn’t work? So long as GParted can access the systems disks there shouldn’t be an issue.

Put a GParted ISO on a thumb drive using Rufus or BalenaEtcher, in your BIOs change the boot order so that GParted boots first, boot into GParted an then readjust/delete your partition as you need be.

Pretty straightforward for the most part.

I agree, hence why I left the note at the bottom of that comment, yes it does encourage bad practices but, if all OP cares about is that it works then it should be fine.

In my other comment I instructed OP to move the volume to their users home directory so they don’t run into permission issues like this again.

Taking a look at your docker-compose.yml I see this volume mount:

volumes: 
- /volume1/SN/Docker/searxng-stack/searxng:/etc/searxng:rw

Whereas /volume1/SN/Docker/searxng-stack/searxng is the directory on your system docker is attempting to use to store the files inside the container from /etc/searxng.

Example of a volume mount that’ll likely work better for you;

volumes:
- /home/YourUser/docker/config/searxng:/etc/searxng:rw

The tilde (~) acts as your current users home directory (aka: /home/YourUser) not owned by root and where docker persistent volumes should be stored.

Edit: I feel like I was wrong here, given that your run sudo in docker compose up -d the tilde will likely not work here and instead point to the /root directory instead. I’ve updated the above to reflect the appropriate directory for your volume mount.

After making the change over to that directory and configuring SearXNG how you like re-create your docker container with sudo docker compose up -d —force-recreate

Apologies for the poor formatting, typing this on mobile.

Edit:

Note: if you want to expose the port do not add the 127.0.0.1 like how I have in my docker-compose.yml.

Edit 2: Corrected some things…