Ultimately up to you, but I’d go with no GUI and just use ssh (and sftp if you need to do file transfers).

When I was using Docker, it was headless because the GUI just ate up space and resources I didn’t need. All your interaction will be in the shell anyway, launching your compose.yml files.

But, if dealing with a headless machine sounds like more trouble than you want to try, install the DE if your choice and breathe easy because it’ll still work perfectly fine.

I think you’ve put more thought into how to get started than many others would! You have a pretty good plan from what it seems. My thoughts from each section below.

Hardware: I’m partial to Crucial and Kingston for storage that is affordable and dependable

OS: I’d probably spin up a Debian install if I were in your shoes and run my services using docker-compose files. It’s a quick and easy to get up and running, and despite the ease, there is still the option to do a lot of customization when you want to, and that will make it easy to learn more at your own pace and leisure.

Services: For the CalDav portion, I’m really liking Radicale.

Security: PiVPN is what I’m running on my actual RPi along with PiHole, and it was a super simple setup. I connect via Wireguard from any of my other devices.

Another idea: dokuwiki, to document your process setting up various service for future reference

PiHole, PiVPN, maybe a reverse proxy like nginx proxy manager to make connecting to your various web management portals you have an easy way to map it to a human readable url

I just don’t want my NAS doing anything other than being a NAS, so I intentionally don’t run extra services there, but its a matter of finding what works for you. As long as you get to the destination you’re looking for, its mission accomplished

Got an old raspberry pi laying around? PiHole+PiVPN is something I run on an old 3B+ I think, so I have something dedicated running both. But otherwise, I’d probably just spin up a container on a server or cluster and I’d probably go with debian and just run the exact same PiVPN setup script I did for the pi because it was super easy.

Let it grow, let it grow

Yeah, I’m not about to defend Samsung or their app distribution by any means, I just know they had the Plex app when I needed it.

Thanks for the heads up on Roku though, I appreciate it!

Is that on an Onn TV? I might have to go check it out again. Thanks!

Samsung TVs have a Plex app, but not a Jellyfin one. Lots of people have Samsung TVs. I mean lots. Other modern TVs are likely the same, like Onn (at least the Roku TVs) last time I checked, and again they are all over. The ease-of-use factor really is a huge win for Plex.

Edit: Yes, Samsung Tizen models can try and sideload an app, but that’s not something the vast majority of people are ever going to even think about, let alone figure out how to accomplish.

Edit 2: Well shiver me timbers, Jellyfin’s on those Onn TV’s. TIL.

I like radicale: https://radicale.org/

Can confirm, mine is touch-enabled. Forgot to mention that in my post. Model 20UD-003KUS

I just got a Lenovo T14 Gen 1 with a Ryzen 7 4750U (I think that’s around 11th gen on Intel?), 16GB soldered RAM as well as an open slot to add more, 14" screen (on the larger side of your wishlist, I know), and it was $300US on eBay. It’s been fine with Linux Mint running Cinnamon as my daily driver right now, and also fine with other related OSs like vanilla Debian and Ubuntu. Have not tried with Arch, btw, but these T-series machines have a pretty good reputation as far as I know in terms of Linux ease-of-use.

This is the way I’d go if it were me. Debian minimal, add in unattended-upgrades + rkhunter + fail2ban + ufw to keep it locked down, and then set it up as a kiosk for whatever I needed (something like here: https://github.com/PhilGoud/xfce-kiosk )

Nice, I was unaware, thanks!

Been moving over to LibreWolf and I’m pretty happy with it so far. I added NoScript and CanvasBlocker extensions, along with my password manager, and I’m getting settled in with it now.

I’ve been mostly using Nginx Proxy Manager, but I recently set up Bunkerweb as a WAF for a couple of public services I’m hosting and I kind of like it. It does reverse proxy along with a bunch of other things (bad behavior blocking, geographic blocking, SSL cert handling, it does a lot).

Mentioning it because I didn’t see any other mention of it yet.

NPM is easy to use. Caddy sounds like something I’d like to try too now.

It’s buttons you click on, arranged in a grid. You can color and arrange them based on groupings. I know you can have some marked “bookmarked” and some that aren’t, and then you’ll only see the bookmarked tabs on your Dashboard’s main listing. I’m actually not sure if there are further ways to delve into grouping. I certainly never bothered. Basic, like I said, lol

I’m super basic when it comes to dashboard. Spinning up a Heimdall docker container is so insanely easy and it lets me make nice looking links to all my services. Of all the things I’ve spent energy to try and learn to be better at, my dashboard has never been one and maybe it’s time to revisit… But man, it’s just a really quick compose file and one command and it’s there.

https://docs.linuxserver.io/images/docker-heimdall/#usage

I just ordered the bits for my future storage appliance, so I can share what I decided to roll with. I stumbled across the Fractal Design Node 804 case, which has room for 8 x 3.5" drives, and then I got 4 x 8TB WD Red Plus drives to start with, RAIDZ1, and then I can add another 4-disk pool later on down the road. The Red Plus drives run at 5400rpm instead of 7200, that’s fine for what I need and saved a few bucks while still keeping me in CMR-drive-land. I also grabbed 2 x 1TB NVMe drives to run as a mirrored pair for the OS. 64GB of RAM so I have some headroom for services I want to run. And I’m going to put TrueNAS Scale on it, which makes it really convenient to run those aforementioned services that I am wanting to run directly on the NAS, like NextCloud and my Linux ISO downloading tool.

Also now that my family has pretty much moved entirely away from using the big clouds as much as possible, I’m now reading some of the other comments here and looking into Backblaze to store my encrypted backups offsite. Not everything, mind you, there is a large percentage of my data footprint that is either easily recoverable or just simply would be non-catastrophic to lose. But the important stuff, that’s getting encrypted and put in someone else’s internet locker for safe keeping.