Ultimately up to you, but I’d go with no GUI and just use ssh (and sftp if you need to do file transfers).
When I was using Docker, it was headless because the GUI just ate up space and resources I didn’t need. All your interaction will be in the shell anyway, launching your compose.yml files.
But, if dealing with a headless machine sounds like more trouble than you want to try, install the DE if your choice and breathe easy because it’ll still work perfectly fine.
I think you’ve put more thought into how to get started than many others would! You have a pretty good plan from what it seems. My thoughts from each section below.
Hardware: I’m partial to Crucial and Kingston for storage that is affordable and dependable
OS: I’d probably spin up a Debian install if I were in your shoes and run my services using docker-compose files. It’s a quick and easy to get up and running, and despite the ease, there is still the option to do a lot of customization when you want to, and that will make it easy to learn more at your own pace and leisure.
Services: For the CalDav portion, I’m really liking Radicale.
Security: PiVPN is what I’m running on my actual RPi along with PiHole, and it was a super simple setup. I connect via Wireguard from any of my other devices.
Another idea: dokuwiki, to document your process setting up various service for future reference
PiHole, PiVPN, maybe a reverse proxy like nginx proxy manager to make connecting to your various web management portals you have an easy way to map it to a human readable url
I just don’t want my NAS doing anything other than being a NAS, so I intentionally don’t run extra services there, but its a matter of finding what works for you. As long as you get to the destination you’re looking for, its mission accomplished
Got an old raspberry pi laying around? PiHole+PiVPN is something I run on an old 3B+ I think, so I have something dedicated running both. But otherwise, I’d probably just spin up a container on a server or cluster and I’d probably go with debian and just run the exact same PiVPN setup script I did for the pi because it was super easy.
Let it grow, let it grow
Yeah, I’m not about to defend Samsung or their app distribution by any means, I just know they had the Plex app when I needed it.
Thanks for the heads up on Roku though, I appreciate it!
Is that on an Onn TV? I might have to go check it out again. Thanks!
Samsung TVs have a Plex app, but not a Jellyfin one. Lots of people have Samsung TVs. I mean lots. Other modern TVs are likely the same, like Onn (at least the Roku TVs) last time I checked, and again they are all over. The ease-of-use factor really is a huge win for Plex.
Edit: Yes, Samsung Tizen models can try and sideload an app, but that’s not something the vast majority of people are ever going to even think about, let alone figure out how to accomplish.
Edit 2: Well shiver me timbers, Jellyfin’s on those Onn TV’s. TIL.
I like radicale: https://radicale.org/
Can confirm, mine is touch-enabled. Forgot to mention that in my post. Model 20UD-003KUS
I just got a Lenovo T14 Gen 1 with a Ryzen 7 4750U (I think that’s around 11th gen on Intel?), 16GB soldered RAM as well as an open slot to add more, 14" screen (on the larger side of your wishlist, I know), and it was $300US on eBay. It’s been fine with Linux Mint running Cinnamon as my daily driver right now, and also fine with other related OSs like vanilla Debian and Ubuntu. Have not tried with Arch, btw, but these T-series machines have a pretty good reputation as far as I know in terms of Linux ease-of-use.
This is the way I’d go if it were me. Debian minimal, add in unattended-upgrades + rkhunter + fail2ban + ufw to keep it locked down, and then set it up as a kiosk for whatever I needed (something like here: https://github.com/PhilGoud/xfce-kiosk )
Nice, I was unaware, thanks!
Been moving over to LibreWolf and I’m pretty happy with it so far. I added NoScript and CanvasBlocker extensions, along with my password manager, and I’m getting settled in with it now.
I’ve been mostly using Nginx Proxy Manager, but I recently set up Bunkerweb as a WAF for a couple of public services I’m hosting and I kind of like it. It does reverse proxy along with a bunch of other things (bad behavior blocking, geographic blocking, SSL cert handling, it does a lot).
Mentioning it because I didn’t see any other mention of it yet.
NPM is easy to use. Caddy sounds like something I’d like to try too now.
It’s buttons you click on, arranged in a grid. You can color and arrange them based on groupings. I know you can have some marked “bookmarked” and some that aren’t, and then you’ll only see the bookmarked tabs on your Dashboard’s main listing. I’m actually not sure if there are further ways to delve into grouping. I certainly never bothered. Basic, like I said, lol
I’m super basic when it comes to dashboard. Spinning up a Heimdall docker container is so insanely easy and it lets me make nice looking links to all my services. Of all the things I’ve spent energy to try and learn to be better at, my dashboard has never been one and maybe it’s time to revisit… But man, it’s just a really quick compose file and one command and it’s there.
Proxmox on a Lenovo micro form factor is probably a good cost effective option. Get a business class ThinkCentre, like an M720 or something similar that’s 3-5 years old that a corpo has just upgraded away from, i5 or Ryzen 5 with however much storage and RAM you want. Spin up a container specifically and only for PiHole+Unbound (and consider adding a pi or some other dedicated hardware for DNS later on for redundancy in case your main goes down), and then the rest is however you want to build your environment.
For me, I’ve got a Pi dedicated to 3 key tasks: PiHole, Unbound, and PiVPN (edit: and Nginx Proxy Manager. It’s dedicated to 4 key tasks…). It’s basically my filtering interface between the home network the rest of the internet immediately after my router handles the frontline defenses, and then I’ve got a Proxmox cluster to run most of the rest of my internal services.